Seeking Advice for Hosting Provider Upgrade

RicoZ

Heya LET community,

I am currently in the process of upgrading my hosting provider for a PHP (Laravel Framework) website + its DB of mine that is experiencing increased activity. Unfortunately, my current hosting service is facing downtime issues (in general) and my site seems to go down (502) after relatively small DoS attacks.

Here are my requirements for the hosting provider:

Location: Preferably in the southern region of America, such as LA or Tampa.

Performance: Able to handle around 30 concurrent users and a decent amount of hourly API requests.

Security: Capable of withstanding relatively small-scale DoS attacks.

Backups: Ability to schedule full backups; I am open to pay for this option.

My budget for this hosting upgrade is approximately $25 per month.

I would greatly appreciate any recommendations or insights from the community regarding hosting providers that align with my requirements. Your expertise and experiences are invaluable to me, and I look forward to learning from your suggestions.

Thank you in advance for your help LET

fazar

@aqua
https://easyvm.net/vps
Afaik, they offer Path protection on Tampa

MikeA

You're looking for a VPS? I have both Miami, Dallas, and Los Angeles, all NVMe, Ryzen, and DDoS protected. Full server backups can be scheduled automatically but there's a lengthy interval limit, but I can lower it on request.
If you need L7 HTTPS protection your best option is using a WAF/mitigation service for websites like CloudFlare.

RicoZ

@fazar said:
@aqua
https://easyvm.net/vps
Afaik, they offer Path protection on Tampa

Which of their packages would you recommend for my usecase?

@MikeA said:
You're looking for a VPS? I have both Miami, Dallas, and Los Angeles, all NVMe, Ryzen, and DDoS protected. Full server backups can be scheduled automatically but there's a lengthy interval limit, but I can lower it on request.
If you need L7 HTTPS protection your best option is using a WAF/mitigation service for websites like CloudFlare.

What is the regular backup interval limit?

MikeA

@RicoZ said:
What is the regular backup interval limit?

I think it's 48-72 hours right now for US locations, since they're included. I'll reduce it to 24 hours at request.

RicoZ

@MikeA said:

@RicoZ said:
What is the regular backup interval limit?

I think it's 48-72 hours right now for US locations, since they're included. I'll reduce it to 24 hours at request.

That's fine.
I'll check some other providers/wait for some more advice before making the call, though.

hyena56

What attack are you experiencing though? Is it a L7 attack? Also please check the volume of attacks, better log it using a Cloudflare WAF. It's better and we can see if its really a small attack and can be mitigated through some rules

PineappleM

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

MikeA

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

RicoZ

@hyena56 said:
What attack are you experiencing though? Is it a L7 attack? Also please check the volume of attacks, better log it using a Cloudflare WAF. It's better and we can see if its really a small attack and can be mitigated through some rules

Thanks for offering some advice.
I am relatively new to attacks and such, from what I can tell it's an L7 attack.
It were mostly a bunch of short bursts of GET requests to random query/parameters (?) like /?post=[randomnum], /?page=[randomnum], and some random ones like /?kjdsfwefe=[randomnum].

They don't seem to go on for a while, big bursts of requests for a short amount of time.

RicoZ

@MikeA said:

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

Miami looks like a great option for me, my only worry would be that the attacks I received seem to be L7, not L4. Again, I am pretty new to things like DoS Attacks so if there is anything I could do I'm happy to hear anyone out to learn

MikeA

@RicoZ said:

@MikeA said:

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

Miami looks like a great option for me, my only worry would be that the attacks I received seem to be L7, not L4. Again, I am pretty new to things like DoS Attacks so if there is anything I could do I'm happy to hear anyone out to learn

If it's web based HTTPS floods, you need to use a CDN/WAF service to block those really. It'll be cheaper or free compared to using a DDoS mitigation provider who specifically filters those and you can use any host you want. Anyway, if you want to try something let me know, no risk/cost to you.

RicoZ

@MikeA said:

@RicoZ said:

@MikeA said:

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

Miami looks like a great option for me, my only worry would be that the attacks I received seem to be L7, not L4. Again, I am pretty new to things like DoS Attacks so if there is anything I could do I'm happy to hear anyone out to learn

If it's web based HTTPS floods, you need to use a CDN/WAF service to block those really. It'll be cheaper or free compared to using a DDoS mitigation provider who specifically filters those and you can use any host you want. Anyway, if you want to try something let me know, no risk/cost to you.

If you could point me to any resources regarding setting up a CDN/WAF for an Nginx server, that'd be appreciated immensely, so I can try it out with one of your plans.

MikeA

@RicoZ said:

@MikeA said:

@RicoZ said:

@MikeA said:

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

Miami looks like a great option for me, my only worry would be that the attacks I received seem to be L7, not L4. Again, I am pretty new to things like DoS Attacks so if there is anything I could do I'm happy to hear anyone out to learn

If it's web based HTTPS floods, you need to use a CDN/WAF service to block those really. It'll be cheaper or free compared to using a DDoS mitigation provider who specifically filters those and you can use any host you want. Anyway, if you want to try something let me know, no risk/cost to you.

If you could point me to any resources regarding setting up a CDN/WAF for an Nginx server, that'd be appreciated immensely, so I can try it out with one of your plans.

I just mean a service like CloudFlare. Not everyone likes it for certain reasons, there are some other options, but it's why many companies (including myself) use it. If you use the WAF with their automatic mitigation, HTTPS attacks generally are never a concern.

dzungpham0703

@MikeA said:

@RicoZ said:

@MikeA said:

@RicoZ said:

@MikeA said:

@PineappleM said:

@RicoZ said:
I'll check some other providers/wait for some more advice before making the call, though.

You can't really go wrong with @MikeA 's services. You may even be hard-pressed to find something better that meets your specific needs. Certainly, wait for more offers to see what's out there, but don't hesitate to go with him if that's what you choose.

Disclaimer: I don't have any services with him (for now at least) but I've never heard anything negative from those who do.

Thanks. It's always best to shop around, after all, tons of companies and tons of options. I'm also super picky with networks, providers, SaaS I use. Definitely cheaper options, but I'm always open to working with peoples budget if regional cost permits.

Miami looks like a great option for me, my only worry would be that the attacks I received seem to be L7, not L4. Again, I am pretty new to things like DoS Attacks so if there is anything I could do I'm happy to hear anyone out to learn

If it's web based HTTPS floods, you need to use a CDN/WAF service to block those really. It'll be cheaper or free compared to using a DDoS mitigation provider who specifically filters those and you can use any host you want. Anyway, if you want to try something let me know, no risk/cost to you.

If you could point me to any resources regarding setting up a CDN/WAF for an Nginx server, that'd be appreciated immensely, so I can try it out with one of your plans.

I just mean a service like CloudFlare. Not everyone likes it for certain reasons, there are some other options, but it's why many companies (including myself) use it. If you use the WAF with their automatic mitigation, HTTPS attacks generally are never a concern.

Do you offer big SSDs, I want vps like 500GB,