How You Handle Dos & DDoS Attack?

c_vps

How You provider handle Dos & DDoS attack on shared hosting servers.

If server facing dos & ddos attack and the provider didn’t offer DDoS protection so how you handle these things

Is CSF Completely protect from attacks?
How to configure CSF to handle these attacks?

JustHost

Depends on the type and size of attack

sillycat

@RoyaleHosting is my bff.

c_vps

@JustHost said:
Depends on the type and size of attack

How to identify the type & size of attack

AndrewL64

Cloudflare free-tier handles that for me lol

fluffernutter

@c_vps said:
How You provider handle Dos & DDoS attack on shared hosting servers.

If server facing dos & ddos attack and the provider didn’t offer DDoS protection so how you handle these things

Is CSF Completely protect from attacks?
How to configure CSF to handle these attacks?

You can't force your customers to use cloudflare, you need a server with ddos mitigation built in. Something from @RoyaleHosting is probably my recommendation

JustHost

@c_vps said:

@JustHost said:
Depends on the type and size of attack

How to identify the type & size of attack

When your under attack capture some packets using a tool such as tcpdump

if your server is under such attack your SSH is not working, use VNC to capture it and then review the data

This may help

https://www.techtarget.com/searchnetworking/tutorial/How-to-capture-and-analyze-traffic-with-tcpdump

sillycat

@AndrewL64 said:
Cloudflare free-tier handles that for me lol

Until some fucker sends 10 million requests from 250 IP addresses, and Cloudflare doesn't stop it because there were only 250 IPs.

c_vps

@sillycat said:

@AndrewL64 said:
Cloudflare free-tier handles that for me lol

Until some fucker sends 10 million requests from 250 IP addresses, and Cloudflare doesn't stop it because there were only 250 IPs.

Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

vinhais

If it's a website, just enable Cloudflare proxy

If it's against the direct infrastructure, I would think about buying a slice at BuyVM and some protected IPs
or, as a last resort, a contract with Voxility

Hotmarer

@JustHost said:

@c_vps said:

@JustHost said:
Depends on the type and size of attack

How to identify the type & size of attack

When your under attack capture some packets using a tool such as tcpdump

if your server is under such attack your SSH is not working, use VNC to capture it and then review the data

This may help

https://www.techtarget.com/searchnetworking/tutorial/How-to-capture-and-analyze-traffic-with-tcpdump

He can also use automatic script to capture pcaps.

Example, just run in screen:

interface=ens1
dumpdir=/home/user/automatic-tcp-dump/
while /bin/true; do
  pkt_old=`grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }'`
  sleep 1
  pkt_new=`grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }'`
  pkt=$(( $pkt_new - $pkt_old ))
  echo -ne "\r$pkt packets/s\033[0K"
  if [ $pkt -gt 30000 ]; then
    echo -e "\n`date` Under Attack. Capturing Packets..."
    sudo  tcpdump -n -i ens1 -s0 -c 20000 -w $dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.pcap
    echo "`date` Packets Captured."
    sleep 300  && pkill -HUP -f /usr/sbin/tcpdump
  else
    sleep 1
  fi
done

optisoft

Here is some handle technic from some suppliers

raindog308

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

fluffernutter

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Yeah I think it's not responsible to offer shared hosting while using a provider that doesn't have even basic ddos mitigation. There's a reason there's so many shared hosts using OVH, etc.

JosephF

CloudFlare.

JosephF

@vinhais said:
If it's a website, just enable Cloudflare proxy

If it's against the direct infrastructure, I would think about buying a slice at BuyVM and some protected IPs
or, as a last resort, a contract with Voxility

How does BuyVM protect against DDoS?

JosephF

@c_vps said:

@sillycat said:

@AndrewL64 said:
Cloudflare free-tier handles that for me lol

Until some fucker sends 10 million requests from 250 IP addresses, and Cloudflare doesn't stop it because there were only 250 IPs.

Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

What's the relevance of 250 IPs?

JosephF

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?

Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?

JosephF

.

PineappleM

@c_vps said:
How You provider handle Dos & DDoS attack on shared hosting servers.

Find a seller who uses OVH or Path as their backend.

As for how to mitigate an attack on an existing service w/o DDOS protection: you can't/don't. Attacks need to be mitigated upstream before it even hits the ethernet port of the physical server your service is on.

Also for people who mention Cloudflare: The free tier doesn't protect against L7 HTTP attacks.

@JosephF said:

@vinhais said:
If it's a website, just enable Cloudflare proxy

If it's against the direct infrastructure, I would think about buying a slice at BuyVM and some protected IPs
or, as a last resort, a contract with Voxility

How does BuyVM protect against DDoS?

Their protected IPs use Path.

FatGrizzly

@JosephF said:

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?

Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?

Yeah. None is capable of.

Customer X uses Cloudflare on Server 1
Customer Y doesn't use Cloudflare on Server 1

Customer Y gets ddos'd, server goes down.

Customer X's site is now also down(Cf might serve webcache, but it's now down since Server 1 is down)

.

As for the topic, Using OLS/LSWS reCaptcha might help with attacks, the page is completely static and doesn't utilise that much resources.

Try github.com/istiak101/lscaptcha/ .

Prefer hcaptcha, or whatever captcha that is expensive to solve on automation sites.

Use CSF's conn tracking and limit simultaneous connection per ips.

Everything is a trial and error, none is solid. Everything should be tested accordingly to your environment.

JosephF

@FatGrizzly said:

@JosephF said:

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?

Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?

Yeah. None is capable of.

Customer X uses Cloudflare on Server 1
Customer Y doesn't use Cloudflare on Server 1

Customer Y gets ddos'd, server goes down.

Customer X's site is now also down(Cf might serve webcache, but it's now down since Server 1 is down)

Based on your outline, both shared hosting and VPS cannot be protected from DDoS, as both can have other customers who aren't using any protection. Therefore, only a dedicated server can be protected?

sillycat

@JosephF said:

@c_vps said:

@sillycat said:

@AndrewL64 said:
Cloudflare free-tier handles that for me lol

Until some fucker sends 10 million requests from 250 IP addresses, and Cloudflare doesn't stop it because there were only 250 IPs.

Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

What's the relevance of 250 IPs?

Cloudflare only looks at the IP count. If some script kiddie creates a curl loop, they won't stop it.

tra10000

@FatGrizzly said:

@JosephF said:

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?

Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?

Yeah. None is capable of.

Customer X uses Cloudflare on Server 1
Customer Y doesn't use Cloudflare on Server 1

Customer Y gets ddos'd, server goes down.

Customer X's site is now also down(Cf might serve webcache, but it's now down since Server 1 is down)

.

As for the topic, Using OLS/LSWS reCaptcha might help with attacks, the page is completely static and doesn't utilise that much resources.

Try github.com/istiak101/lscaptcha/ .

Prefer hcaptcha, or whatever captcha that is expensive to solve on automation sites.

Use CSF's conn tracking and limit simultaneous connection per ips.

Everything is a trial and error, none is solid. Everything should be tested accordingly to your environment.

Most shared hosting providers don't care about L7. In an unprotected network, L3 and L4 may be more dangerous. The result is as you say.

In L7, the target website is determined. It is suspended. Things like custom solution, custom configuration, custom servers, site configuration are recommended. Or is told to go to a specialist provider.

So you should not expect special solutions with shared hosting.

JosephF

@tra10000 said:

@FatGrizzly said:

@JosephF said:

@raindog308 said:

@c_vps said: Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.

So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.

Using shared hosting means trusting many strangers.

Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?

Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?

Yeah. None is capable of.

Customer X uses Cloudflare on Server 1
Customer Y doesn't use Cloudflare on Server 1

Customer Y gets ddos'd, server goes down.

Customer X's site is now also down(Cf might serve webcache, but it's now down since Server 1 is down)

.

As for the topic, Using OLS/LSWS reCaptcha might help with attacks, the page is completely static and doesn't utilise that much resources.

Try github.com/istiak101/lscaptcha/ .

Prefer hcaptcha, or whatever captcha that is expensive to solve on automation sites.

Use CSF's conn tracking and limit simultaneous connection per ips.

Everything is a trial and error, none is solid. Everything should be tested accordingly to your environment.

Most shared hosting providers don't care about L7. In an unprotected network, L3 and L4 may be more dangerous. The result is as you say.

In L7, the target website is determined. It is suspended. Things like custom solution, custom configuration, custom servers, site configuration are recommended. Or is told to go to a specialist provider.

So you should not expect special solutions with shared hosting.

In short, you seem to be saying that any site under an L7 attack will need to get a dedicated server.

gwnd1989

I used to just list the IPs with the most number of connections and ban them in the firewall.
Wont work for shared hosting though.

Shared hosting is not good for business needs I think. If you run a business you should be able to afford a server? Either a vps or dedicated.

JosephF

@gwnd1989 said:
Shared hosting is not good for business needs I think. If you run a business you should be able to afford a server? Either a vps or dedicated.

I believe shared hosting is sufficient for a majority of web hosting customer's needs.

c_vps

@gwnd1989 said:
I used to just list the IPs with the most number of connections and ban them in the firewall.
Wont work for shared hosting though.

Shared hosting is not good for business needs I think. If you run a business you should be able to afford a server? Either a vps or dedicated.

Already running multiple Dedi servers. Looking for a best solution for Dos & DDoS.

c_vps

No way to handle it. Did not get a good answer yet

FatGrizzly

@c_vps said:
No way to handle it. Did not get a good answer yet

I already gave you a solution that works for most people, try it out!

c_vps

@FatGrizzly said:

@c_vps said:
No way to handle it. Did not get a good answer yet

I already gave you a solution that works for most people, try it out!

Mostly recommending Cloudflare. but it not a solution. We can't restrict client to use only cloudflare