Knowledgebase

Rack911 - Down

Posted by Steven, 11-27-2007, 06:13 AM
Rack911 is down due to a ddos. Management clients know how to contact us.
Posted by xlbox, 12-03-2007, 06:14 PM
I found your post while searching for feedback on Rack911. It concerns me greatly that a company that specialises in security and scaling should be taken offline itself by a ddos. Could you explain more on why this happened and how you can prevent your potential clients (such as ourselves) from being affected by similar attacks? Cheers.
Posted by Harzem, 12-03-2007, 06:20 PM
ddos is a type of attack that can't easily be prevented via scripts or server security. Everyone can get one, even if the server is managed by professionals. Easiest way is to spend a few bucks at $$$ level for hardware protection and a type of shield/failover.
Posted by Steven, 12-03-2007, 06:38 PM
There is only so much that CAN be done to protect a server from a ddos on the server level, ddos protection in most cases needs to be done on the network level, it also depends on the type of ddos that is happening as there are many different methods. This ddos attack needed to be prevented at the network level as it was filling up our switch port.. Which again is something we cannot control at a datacenter we cannot control. The server was placed here to be off our normal network so if our network went down, clients could access us. To confirm, our clients did not go down, just our main webserver hosting our website. If you were a client who needed ddos protection from us, we would ask that you either went to a provider that could block it, or you went direct though us, and paid for prevention which we would be able to provide at our own location. This server was located in a data center on the east coast. Every attack is different and requires different measures to prevent attacks. If you feel you may be a victim of an attack you need to look at a host that has the network infrastructure to mitigate attacks on the network level such as awknet, gigenet, staminus. To put it into another perspective: Webhostingtalk is hosted by Rackspace which is a top dollar managed server provider which has ddos protection hardware they can use. They were UNABLE to block WHT's recent ddos attack. They had to bring in another company Gigenet to block it using their proxysheild service. In regards to ddos attacks, if it fills up your switch port your probably not going to be able to block it at the server level and be able to continue operating unless its coming from distinctive ips which in our case it was not. There was several hundred thousand incoming packets from over 100k different spoofed ips. Thank you Last edited by Steven; 12-03-2007 at 06:43 PM.
Posted by xlbox, 12-03-2007, 07:03 PM
Cheers for the reply Steven, I appreciate you taking the time out to explain in such detail and it's scary to think that we're all fairly open to this kind of attack. If I can pester you for another question: you mentioned in another forum post that you are now referring your work to other server management companies. Is this just for clients of a certain size or is Rack911 still open for new customers?
Posted by Steven, 12-03-2007, 07:35 PM
We were referring a lot of our clients out. But that is not happening much anymore. It depends on your needs really, we are working on moving away from supporting shared hosting companies and primarily dealing with larger websites. Feel free to pm me or email us with your requirements.
Posted by jon-f, 12-03-2007, 09:21 PM
yeah Steven is right, there is no 100% solution and anyone can be affected by this whether they provide protection or not. I do think something is going on though with server management providers being ddosed. Earlier today someone was ddosing another well known server management company spoofing the ip of my hosting domain. The owner of the attacked company and I have had words on this forum before so I dont know if they was taking advantage of that situation trying to kill 2 birds with one stone or not. But in their logs was showing the ip of secureservertech.com and they was getting nearly 100 mbit. I had checked everything and the network techs monitored my server and seen no abnormal outgoing so it was definitely my ip being spoofed. Here is my bw graph HERE , and HERE is their inbound So it definitely looked suspect towards me but I have discussed with owner of other company and showed him I was not the one attacking him. So either completely different situation, totally random, OR someone is trying to ddos server management companies. Steven did you have any info on the attacking ips?


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Help with iis7 and hotlinking (Views: 643)
looking for a reseller (Views: 580)
Dedicated server apache2 - hold down F5 crashes server (Views: 608)
How to create a .htaccess rewrite rule (or modsec) to stop a vulnerable script? (Views: 621)
Machine "keeps" getting compromised? (Views: 588)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.