New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Redstation use english support staff right?
You don't need much money to launch these attacks. I wouldn't be surprised if sz1 is sending out attacks, he's no good when it comes down to dealing with criticism. Just follow his threads and see the patterns.
I'm not working for Centarra anymore since May, but they are now testing the on-premise anti-DDoS solution I plan to commercialize, so they still have support for it.
How well is OVH's DDOS protection?
Not nice on all layers, but they got massive capacity. As long as you don't get complex or L7 attacks, they will eat whatever it's thrown at them.
Just for reference the emails from SVZ1
"Hello, we would like to inform you that we are currently under some very heavy ddos attacks on the uk servers, we will be back up and running in the next few hours, please back up your data when we are back online and submit a ticket to be moved to france ovh ddos protected servers, we are shutting the UK servers down next month, and this is exactly why we are doing it as any attacks to the server cause it to be null routed for up to 48 hours if we do not reply.
Please note we had some new sign ups to uk today 2 of the users have been sending attacks to other servers which had caused this to happen the users will be removed.
Thanks sz1Hosting"
"Hello, we are now back online but we will be cancelling UK on the 21-09-2014 please make backups and submit a ticket for a choice of France or Czech vps servers, we may would prefer you do a backup and then we provide you a new server ensuring no errors or data loss etc due to migrations.
Thanks "
Seems they got a pretty brutal nullroute though
indeed!
Two in one day.. what a coincidence!
Pretty lazy of @sz1Hosting although I have heard that he has to beg others to fix his problems for him.
Are you just trying to protect your website or are you protecting customer VPS's?
For the former, then just use Cloudflare. If Cloudflare really leaked IP's like that then it'd be useless for DDOS protection. Obviously their serveice works, so I'm not sure what the problem is. They provide guidelines to ensure your IP doesn't leak:
https://support.cloudflare.com/hc/en-us/articles/200170166-General-website-security-guidelines
http://blog.cloudflare.com/ddos-prevention-protecting-the-origin
Yeah, the CloudFlare real IP databases just archive old DNS records from before CF was activated (or if you let CF set up the direct subdomain)... if you do things right and set up CloudFlare on a fresh IP it never has a chance to get exposed.
so why did the ticket I saw have 2 english mistakes in it? seems strange, missing words and formatting.
I think GoodHosting is speaking about Crimeflare.
It has a list of domains using Cloudflare and if they had a normal IP before it usually has it stored.
Example: http://www.crimeflare.com/domains/gii-grz.html
If you however use Cloudflare from the very beginning with your domain or change servers and IPs it is impossible to get the real IPs leaked through Crimeflare, it would only show the use NS like in this example: graffitihaus.com tom lucy
Well, even though our site is not listed in CrimeFlare and similar IP lookups yet;
people continue to send massive NTP traffic to our servers on Centarra.
and centarra is holding up?
Might've just been that individual but the last time I contacted them (albeit about 10months ago) there was definitely someone English, or fluent in English on the other end.
Centarra is holding up fine, although their firewall rules don't do shit (The OS is dealing with about 100kpps of NTPv1 UDP, even though I've told the Centerra firewall to drop all UDP from ALL to ALL (as well as ALL UDP FROM ALL TO LOCAL).
Ticket them about it?
They still haven't replied to a single ticket we have created, such as when we started using the system; we created a ticket asking for the CentOS 7 ISO or template media (and supplied link to an example KS template for their convenience.) We have other tickets open as well regarding the few downtimes on node side we have experienced, and some other questions regarding the CFS scheduler sharing they have implemented.
None of the tickets have responses yet.
However, I cannot complain; as for what I have paid, the service is working.
@ChrisK how about answering Goodhosting's tickets pal?
Oh, I really wonder why: 198.52.20x.x
We've gone and allowed passthrough of CloudFlare records now, as the mail relay and few other services were unavailable to some customers. Since Centurra's protection can handle most of the issue, it's no longer bothersome.
Prior to an hour ago however, there were no records through CloudFlare allowing the original IP to be shown, we even took down services like the mail server; as they show the originating IP address in the header of mail messages.
Maybe you should consider using amazon SES for E-Mails then, they remove origin IP headers in E-Mails and it costs 0.1$ for 1000 E-Mails.
I can't think of another reason for leaking IP-Addresses with WHMCS, but if there's any remote upload involved somewhere, it's also easy to get the IP.