New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
vebble/WebHorizon Singapore node down [DDoS attack]
Khoi_CodeTot
Member
It gets down and also a client area down.
https://status.vebble.com/report/uptime/6d52bcd3d530fd3b63e7471150b704a9/
Comments
Oh no, losing millions of $
there goes my billions.
Also maybe WebHorizon be the same.
https://status.webhorizon.net/
https://prnt.sc/kuVD7KceXzCU
hello veblle why vps can't access today ?
Direct access to IP in browser seems ok, but can't access any ports.
https://prnt.sc/DzbZPcs8QUco
Response from WebHorizon's staff:
We have detected an unusual flow of traffic that might be a DDoS attack on our nodes.
Your patience is really appreciated while we investigate and resolve the issue.
Same issue
It seems back.
My uptimerobot said. https://prnt.sc/QCu9cA6yaEp8
Total downtimes:
1 hour and 11 minutes
Hey everyone,
Just a quick update: The network is stable and fully up and running now.
It looks like we were hit with a low volume TCP SYN flood attack. Basically, this type of attack floods the network with connection requests that are hard to spot because they’re so low in volume. DDoS traffic was being flooded to all servers as the ARP for target IP had not expired on the switch side however the MAC had expired in the mac table. It took us a bit longer to figure out what was going on and get everything sorted out.
Our upstream transit, Datapacket, was actively mitigating the attack, but due to the nature of this attack, it’s a bit tricky to fully protect against it.
We're also looking into additional measures to prevent this kind of issue in the future and exploring other ddos mitigation solutions.
If you’re still having trouble or have any concerns, please create a ticket. We’re here to help.
I had an interesting discussion with someone from Hetzner Cloud about this a while back. They mentioned that their DDoS protection is designed to handle large-scale DDoS attacks rather than smaller-scale attacks like DoS. Through some testing I conducted, I found that small-scale SYN Flood attacks (in form of DoS) might not trigger their protection, but they can still overwhelm a VPS. For example, I used hping3 to simulate SYN Flood attacks on a couple of test setups – both a local machine and a Hetzner server. In both cases, the servers became unresponsive, and I got kicked out with 'host down' errors.
After experimenting with different configurations, I managed to block these attacks effectively by combining UFW firewall rules with Fail2ban. This setup helped stop the SYN Flood before it could reach the services running on the server. I limited the number of SYN packets per second on a specific port from an IP, which proved to be quite effective.
I don't know if server providers could implement a similar solution at the cloud level since it seems basic from their perspective, but it worked well on single servers.