Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


vebble/WebHorizon Singapore node down [DDoS attack]
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

vebble/WebHorizon Singapore node down [DDoS attack]

Comments

  • Oh no, losing millions of $ :D

  • there goes my billions.

  • kesurupankesurupan Member
    edited August 23

    hello veblle why vps can't access today ?

  • Direct access to IP in browser seems ok, but can't access any ports.

    https://prnt.sc/DzbZPcs8QUco

  • Response from WebHorizon's staff:

    We have detected an unusual flow of traffic that might be a DDoS attack on our nodes.
    Your patience is really appreciated while we investigate and resolve the issue.

  • Same issue

  • It seems back.

    My uptimerobot said. https://prnt.sc/QCu9cA6yaEp8

  • Total downtimes:

    1 hour and 11 minutes

  • AbdAbd Member, Patron Provider
    edited August 23

    Hey everyone,

    Just a quick update: The network is stable and fully up and running now.
    It looks like we were hit with a low volume TCP SYN flood attack. Basically, this type of attack floods the network with connection requests that are hard to spot because they’re so low in volume. DDoS traffic was being flooded to all servers as the ARP for target IP had not expired on the switch side however the MAC had expired in the mac table. It took us a bit longer to figure out what was going on and get everything sorted out.

    Our upstream transit, Datapacket, was actively mitigating the attack, but due to the nature of this attack, it’s a bit tricky to fully protect against it.

    We're also looking into additional measures to prevent this kind of issue in the future and exploring other ddos mitigation solutions.


    If you’re still having trouble or have any concerns, please create a ticket. We’re here to help.

  • ivansalloumivansalloum Member
    edited November 23

    I had an interesting discussion with someone from Hetzner Cloud about this a while back. They mentioned that their DDoS protection is designed to handle large-scale DDoS attacks rather than smaller-scale attacks like DoS. Through some testing I conducted, I found that small-scale SYN Flood attacks (in form of DoS) might not trigger their protection, but they can still overwhelm a VPS. For example, I used hping3 to simulate SYN Flood attacks on a couple of test setups – both a local machine and a Hetzner server. In both cases, the servers became unresponsive, and I got kicked out with 'host down' errors.

    After experimenting with different configurations, I managed to block these attacks effectively by combining UFW firewall rules with Fail2ban. This setup helped stop the SYN Flood before it could reach the services running on the server. I limited the number of SYN packets per second on a specific port from an IP, which proved to be quite effective.

    I don't know if server providers could implement a similar solution at the cloud level since it seems basic from their perspective, but it worked well on single servers.

Sign In or Register to comment.