New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Depends on the type and size of attack
@RoyaleHosting is my bff.
How to identify the type & size of attack
Cloudflare free-tier handles that for me lol
You can't force your customers to use cloudflare, you need a server with ddos mitigation built in. Something from @RoyaleHosting is probably my recommendation
When your under attack capture some packets using a tool such as tcpdump
if your server is under such attack your SSH is not working, use VNC to capture it and then review the data
This may help
https://www.techtarget.com/searchnetworking/tutorial/How-to-capture-and-analyze-traffic-with-tcpdump
Until some fucker sends 10 million requests from 250 IP addresses, and Cloudflare doesn't stop it because there were only 250 IPs.
Right, As @fluffernutter told, We can't force your customers to use cloudflare, Mostly clients did not use cloudflare.
If it's a website, just enable Cloudflare proxy
If it's against the direct infrastructure, I would think about buying a slice at BuyVM and some protected IPs
or, as a last resort, a contract with Voxility
He can also use automatic script to capture pcaps.
Example, just run in screen:
Here is some handle technic from some suppliers
So if there's a node with 100 customers and one of them doesn't use CF and gets DDOS'd, that can effectively take the other 99 offline. Yes, CF will protect the other 99 if all their stuff is static but that's not realistic in 2024. As soon as CF goes back to read from the server, the server won't be responding.
Using shared hosting means trusting many strangers.
Yeah I think it's not responsible to offer shared hosting while using a provider that doesn't have even basic ddos mitigation. There's a reason there's so many shared hosts using OVH, etc.
CloudFlare.
How does BuyVM protect against DDoS?
What's the relevance of 250 IPs?
Are you claiming that CloudFlare is ineffective in protecting shared hosting against DDoS?
Do you think any CloudFlare competitor is better than CloudFlare in capably protecting shared hosting accounts against DDoS?
.
Find a seller who uses OVH or Path as their backend.
As for how to mitigate an attack on an existing service w/o DDOS protection: you can't/don't. Attacks need to be mitigated upstream before it even hits the ethernet port of the physical server your service is on.
Also for people who mention Cloudflare: The free tier doesn't protect against L7 HTTP attacks.
Their protected IPs use Path.
Yeah. None is capable of.
Customer X uses Cloudflare on Server 1
Customer Y doesn't use Cloudflare on Server 1
Customer Y gets ddos'd, server goes down.
Customer X's site is now also down(Cf might serve webcache, but it's now down since Server 1 is down)
.
As for the topic, Using OLS/LSWS reCaptcha might help with attacks, the page is completely static and doesn't utilise that much resources.
Try github.com/istiak101/lscaptcha/ .
Prefer hcaptcha, or whatever captcha that is expensive to solve on automation sites.
Use CSF's conn tracking and limit simultaneous connection per ips.
Everything is a trial and error, none is solid. Everything should be tested accordingly to your environment.
Based on your outline, both shared hosting and VPS cannot be protected from DDoS, as both can have other customers who aren't using any protection. Therefore, only a dedicated server can be protected?
Cloudflare only looks at the IP count. If some script kiddie creates a curl loop, they won't stop it.
Most shared hosting providers don't care about L7. In an unprotected network, L3 and L4 may be more dangerous. The result is as you say.
In L7, the target website is determined. It is suspended. Things like custom solution, custom configuration, custom servers, site configuration are recommended. Or is told to go to a specialist provider.
So you should not expect special solutions with shared hosting.
In short, you seem to be saying that any site under an L7 attack will need to get a dedicated server.
I used to just list the IPs with the most number of connections and ban them in the firewall.
Wont work for shared hosting though.
Shared hosting is not good for business needs I think. If you run a business you should be able to afford a server? Either a vps or dedicated.
I believe shared hosting is sufficient for a majority of web hosting customer's needs.
Already running multiple Dedi servers. Looking for a best solution for Dos & DDoS.
No way to handle it. Did not get a good answer yet
I already gave you a solution that works for most people, try it out!
Mostly recommending Cloudflare. but it not a solution. We can't restrict client to use only cloudflare