New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Vox works well for our internal needs.
We use Psychz and works very good. DDoS protection kicks in almost immediatly and support team is always ready to help me. CNServers also worked fine when I used it in the past.
If you are dealing with just HTTP (on port 80), why not just use cloudflare. If you are getting attacks large enough for them to balk at (which is really rare), you can get the pro plan for a month, and then go back again to free
If your email is self hosted, you need to outsource that as well. Again zoho mail is free. You also need to ensure outgoing email is sent though an external provider (sendgrid/zoho), and your domain and subdomains do not resolve to your real IPs.
Subscribing to this thread.. very informative, thanks to all that have been sharing their views
I love CNServers TCP protection. Seen some breath taking attacks come our way (both against us and our clients) and I'm still impressed with how well it works. It looks like their reporting hasn't been working for a while but I still sleep good at night.
Cloudflare's protection is a silly javascript challange if the botnet solved it the attack will continue and it will keep you down as long as these botnets bypassing the cloudflare challange.
+1 For BuyVM.
Who are the other current providers using CNservers (noticed securedragon above) ?
I recall BuyVm moving off it. Ramnode too?
You think? But it is not just a javascript. It is javascript once, and if it notices abusive requests, it becomes a captcha, and then a block. Reddit uses it for DDoS protection. Many large sites use it for protection without any problems.
How about prolexic?
Yea sure what if the botnet didn't even reach that captcha because it is behavior is like a normal user or even it did use tor or wtf any proxy...
@MacPac
But it does, cloudflare is known to work well. Many booters (which are more likely to be targets of other booters), host on cloudflare. Anytime you visit a booter, check their IP. It is not hard to believe that they do pattern matching. Why do you think cant do what "Psychz Networks/limestone networks/ reliablesite.net" does?
Their paid customers money helps them find and block most botnets. The free users just get to ride on their already blocked and handled protection, and are potential paying customers.
On tor, I always get a captcha on my first attempt. On some exit nodes, I simply get blocked. Most proxies, I get the same.
There are good reasons to not use cloudflare, like you use udp, or use not standard http ports, or if you provide https, they are a man in the middle with access to your decrypted traffic. Some would prefer their data not pass through american companies (NSA fear). Their protection is good. For http and port 80, absolutely no reason not to use their free service.
cloudflare will not protect you like self hosted protection which uses high tech devices such this one http://www.fortinet.com/products/fortiddos/index.html
CloudFlare uses their own custom ASICs (which is what fortinet provides).
I have seen many websites that uses cloudflare's protection down so i will stick with self hosted protection that is capable to keep me online from the moment the attack begins to it is end like nothing happened at all...
Sure, websites shut or go down and you blame cloudflare for it. How many 5xxs 4xxs have you seen and you have attributed to the other ddos mitigation providers? Let me guess, you never attribute it to the ddos mitigation provider. Cloudflare just makes it more visible.
And suit yourself
Edit: I have to add that keeping your IP secret is not done easily. Many users do not firewall off everything other than cloudflare on port 80. Some still send email on their regular IP, which booters make use of or have a subdomain point to the real IP. Follow the steps on cloudflare to the letter or your protection is useless. If you are not ready to follow all those steps in cloudflare, opt for other providers that provide mitigation for your IP, and not just a reverse proxy with mitigation for you.
it would be cool if there was an open source ddos mitigation appliance that ran on x86 with a good network card that could be updated for new floods and not cost £20k new
I recall BuyVm moving off it. Ramnode too?
RamNode uses CNServers in Seattle, and Black Lotus at the rest of their locations. BuyVM uses Voxility these days in all their locations.
If you found any pls tag me in
@linuxthefish @MacPac : I think this is what the FastNetMon project is aimed at. Targeted at hosting providers, I think. Copy/Pasting from their website
For hosting providers, the CloudRouter and Apache CloudStack projects seems worth keeping tabs on.
Advanced Policy Firewall also looks interesting for individual hosts. I was looking for an alternative to Fail2Ban.
Hey guys any recommendation for Botnet solution? Our website was hit by thousands of IPs in the last hours, blocking them did not help because it changed IP very often.
so ramnode seattle is cnservers ? when attack coming udp block automatic/nullrouter udp right ? correct me if wrong
I want to add one more vote in favor of cloudflare. LowEndTalk is hosted through cloudflare, it does alright.
That didn't help anyway...
We also use Cnservers for all services in our Seattle location.
Actual advice depends on various factors, e.g. what service (app, website, game server etc) you are running, what part of the world most of your clients come from, what type of attack you suffer from and how big is it in terms of gbps or mpps. You should also clarify whether you are ready to move to a DDoS protected server (either bare metal or virtual) or you are really keen on staying with your current provider and want to go for a remote proxy protection.
That said there's no universal solution and you should go further and elaborate on your actual needs to get an efficient piece of advice.
Since most gameservers use UDP. Here are my experiences with providers (only hosting TS3 server).Also looking for suggestions below.
I've used both staminus and blacklotus.Both 20Gbps limit. Told both providers that I'm only using vps for TS3 server. Both providers said they applied some kind of profile. From what I saw, they leaked considerable amount of traffic. When attack was ongoing, and i saw 0,5-1gbit inbound. Also got timed out multible times. After getting nulled (attack was over limit 20Gbps limit), I searched for new host.
Used BuyVm briefly, but at the time they had connection issues on their LU location. Only saw one attack, and it resulted in 0 legit traffic to protected ip. I was using permanent mitigation at that moment. Cause of connection issues I went to next host after 3 days.
Currently using INIZ on their NL location. When I got the offer, they told me that the limit was 40gbit if the attacks don't last long(1h+) . They use inhouse filtering. I'd say that they can create custom profiles for you is a huge plus. It took 4-6 weeks to get profile to where it's at right now. After that it has been pretty rocksolid. Only had one attack that resulted in 20s timout. After that server was online and attackers gave up fast.
Like I mentioned before, hosteam seems to filter udp pretty good(most big ts3 servers use them with very little downtime), but I can't find anything about their limits- max attack size etc. Want to try them out since my server is growing fast and it attracts alot off ddosers. OVH says their GAME protection is made for udp. But they don't apply that protection to VPS(not 100% sure).
They do.
It does.
Thread jacking: is ddos protection the same as ddos mitigation?