| Posted by bfcorp, 06-13-2011, 09:35 PM | | Our EU hosted VPS is under SYN Flood for 3 days now, most of the ddos is directed on our SSL port 443.
Our parallels admin panel logged in traffic statistics that we got about 22-25 GB traffic per day, but I am not sure what was the real traffic generated by the SYN flood, as we blocked a good part of the bad connections using iptables rules.
In the last few days we tried some tricks found on WHT: running CSF, mod_security, mod_evasive, ddos deflate, iptable filters, SYN cookies, etc. With all this we manage to reduce the ip_conntrack_count from 65k to 5k but there is still to much flood and most of the legit users get timeout.
Although we pay a managed VPS plan our DC didn't do anything to help. They only said will monitor the situation, but that's another story.
Getting back to the real issue, in this 3 days of being ddosed we look all over for a reliable and affordable DDoS proxy protection service based in EU.
We find some good US ddos mitigation providers like Staminus, Gige, BlackLotus but with NO real EU based ddos proxy servers, or at least to have servers based outside US.
So bottom of line, if anybody know some reliable and also not so expensive(below 500$) ddos mitigation providers with ddos proxy servers based outside US, please share, will be much appreciated.
|
| Posted by ddosguru, 06-14-2011, 03:35 AM | | You could try Zen Protection or Dragonara.
|
| Posted by relichost, 06-14-2011, 05:19 AM | | Hi
What about getting another server and setting up your own reverse proxy. Choose a server with lots of bandwidth. (100TB deal)
Is it directed at your website or just your IP ?
You could ask your Provider to give you a new ip as a last resort.
Thanks
|
| Posted by bfcorp, 06-14-2011, 06:19 AM | | Zen offers proxy in US, and Dragonara is, let's just say, to "good" to work with.
It will not work, because its botnet attack that is getting more and more complex. They started with a small GET ddos, we filtered it out with just software firewall (CSF + mod_security) and they changed in SYN flood with tons of botnet IPs.
No normal server will keep up with a serious botnet attack no matter how much bandwidth it has. Filtering such attacks require hardware firewall and good configuration skills, and that's why we look for a serious provider, specialized in such services.
Its directed on the website, on SSL port.
We done that, got a few minutes of peace and then attack started out on the new IP.
Anyway, thanks for your suggestion guys. I think over all we will go with a US company, because it seems no real ddos mitigation specialists outside US.
|
| Posted by bfcorp, 06-16-2011, 05:34 AM | | Actually we didn't sign the agreement yet with the provider, as we are still pending between serverorigin and staminus.
We've managed to mitigate the attack(a small one) by ourselves and now the server is OK, so we are not desperate to go with the first provider we find.
But after we review quite a lot of offers, I think we will go with staminus, because it seems that SO takes ages(ticked submitted 4 days ago) to reply to their sales tickets.
This is a problem I've noticed at the majority of ddos protection/mitigation services: their lack of pre-customer support. Most of the companies I've contacted replied to pre-sales questions only after 12-24 hours and not to mention that during the weekend almost everybody is off.
And in this way I think such providers lose a lot of sales leads, because the client decision to buy a ddos protection product over a similar one is 90% - a feeling of security and only 10% - the actual product features. And what feeling of security can a ddos protection company provide when they reply to your email after a day or two? Not to mention some of them don't even reply to pre-sales emails.
|
| Posted by ddosguru, 06-16-2011, 01:53 PM | | ServerOrigin is a major partner of ours, I can put you directly in touch with their President at any time, weekend or otherwise, if needed.
|
| Posted by PeakVPN-KH, 06-16-2011, 02:54 PM | | Hello,
I apologize you appeared to have delays. We had received 4 different tickets from you. Each stating you needed protection, we had merged the tickets and replied back to you. However, we have not heard back since our last reply 2 days ago.
You are more than welcome to respond to that ticket and cc myself at: khatfield-at-socllc.net
We will be more than happy to assist you. My only recommendation would be to ensure you follow the same ticket if you open tickets or make replies as it can confuse the request if there are 3-4 different tickets being opened for the same issue.
Thanks so much and best of luck!
-Kevin
|
| Posted by bfcorp, 06-16-2011, 04:16 PM | | Sorry for the misunderstanding with the double posted tickets. I've check them and it seems the first ticket was sent to sales and because of the weekend we didn't get any reply.
Then, as the attack on our server increased, we used the emergency email for the immediate assistance and so the second and third ticket was created.
Anyway, thank you Kevin and Jason for sorting this out. Please close all our tickets now, as we've got the answer we've expected from SO.
PS: In order to keep things right and not leave any misunderstanding regarding SO pre-customer support, I must add that SO replied to our second ticket(the one sent to the emergency email) within 2 hours of sending the email to them, and they keep replying to our second question on that ticket within 10 minutes, so they was very active on the emergency email. That's why it was strange to see that they didn't reply to our third question even after 48 hours. But it turned out that it was not their fault, as there was 3 tickets submitted by us and they didn't saw our last question.
Last edited by bfcorp; 06-16-2011 at 04:28 PM.
|
| Posted by rustelekom, 06-18-2011, 03:28 PM | | I know guys who are specialized in ddos protection within at least two last year. They are part of solid security team here in Russia. Could not say can they confirm you as client (they mostly concerning on Russia sites and Russian clients) but who know: http://stop-ddos.ru/
I believe they has some agreements with EU peering points so it is possible for them mitigate DDOS over 10 Gbps and of course any of httpd flood too at upstream level. Sorry, but their site currently on Russian only. But i believe they are knew English and could response you on English.
|
| Posted by PeakVPN-KH, 06-20-2011, 03:47 PM | | Thank you for the kind words.
If you have any issues or anything we can assist you with in the future, please don't hesitate to email me directly or open a ticket. We thank you for your patience as sometimes the support systems just don't function as we would like!
Thanks again!
|
| Posted by Crashus, 06-21-2011, 02:22 PM | | try reverse-proxy with some scripts which are adding botnet ips to the blacklist
I've done this before so I can help you with technical details
|
| Posted by bfcorp, 06-29-2011, 05:14 AM | | Kevin, please take a look at this ticket: #927102 . thanks
thank you, but this is a good solution only for small attacks.
What we need is a hardware solution, like the ddos proxy server ServerOrigin or Staminus offers.
thank you. I've checked them, but their plans are above our budget.
Last edited by bfcorp; 06-29-2011 at 05:19 AM.
|
|
 Add to Favourites
 Print this Article
|
