New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
KMS looks interesting but their node processors are not good enough for single core performance.
What kind of chat room are you hosting?
We're offering the KMS-Protection under the name "Combahton DDoS Protection".
Can you say which exact requirements a node would have to fulfill ?
you won't find something better as kms-hostings protection under 1000$
Budget ?
Quite a few do, if you have a few K.
You know what the issue with L7 is? If you use SSL your provider needs your private key, which is a security risk. If you don't use SSL you are dumb.
SSL processing costs power - even with AES-NI or hardware crypto cards - which costs money.
Cheapest solution? Rebuild your site so that it can use Cloudflare.
Single core performance of 3.4-4ghz (i7) or E3 with 3.2+ghz and 2/3GB ram will do fine with 30-40gb ssd or ssd-cached.
@Tinku
So basically a KVM vps with SSD Storage like this one ?
https://deinserverhost.de/cart.php?gid=24
KMS recently launched automatic uploading of your SSL certs to use their layer 7 so i guess it's pretty cool but their processors are quite old. I have been using cloudflare and in case of layer 7 attack the only thing that work is under attack mode of cloudflare that makes every new browser request wait for 5 seconds. Another problem is i am hosting my chat app on HTTPS (letsnecrypt) and it works fine but it doesn't work if i use cloudflare https. can't figure out why because website work fine on both
Hyperfilter.com, if you have the budget.
Might be a better route to identify(Profile) the traffic that is causing the L7 load and rate limit it at the proxy.
If you run a gameserver then HyperFilter is a solid choice. I used them a few years ago but paid like $500/month.
If you run a web app just use OVH and hide behind Sucuri. They are cheap and protect against L7.
Already limiting requests based on per ip through nginx but still there are just too many different IP requests so it created load issue.
Seems like a botnet rotating IPs & user agents. +1 to what @Wicked said; try Sucuri WAF, it can handle these types of L7 attacks.
Pavin.
Our protection is all in-house using Corero and we can customize it however you require - happy to provide you with a trial - DM me.
Depends on the Node, we have machines running with L5640 and E5-2660 / E5-2670. Can you clarify the problem with these CPUs, especially for your use case in terms of the age not the clock speed?
If you have load around 5-9 then you can try to upgrade from VPS to a dedicated server. This might solve the issue ?
Which software you use?
Software for?
Budget is tight although i already got kimsufi dedicated server but ovh basic ddos protection can't handle advance attacks.
I thought Zare is no more offering vps/clouds?
Software used for chat. Each software have own payload standard. Know this is very usefull
Your best bet on this budget is to do L7 locally on the server and hope that volumetric mitigation will handle it well enough that pure L7 won't kill your server.
Otherwise, contact Arbor for a quote but it will be expensive. Mainly as @William said already, terminating L7 on the appliance consumes lots of resources.
123 Flash Chat it runs on java and gui is in flash and html. Website is in WordPress heavily cached and uses nginx so a couple of hundred visitors a second don't create much load the problems onky occur when massive l layer 7 comes into play with other ddos attacks like udp tcp etc and those guys keep trying every attack method available in market.
I was able to handle WordPress layer 7 attacks they were easy yo detect because of the user agents and same. Ip address but these botnet attacks come from thousands of different ip addresses and user agents. I guess i can't find a low end solution for this issue
How many PPS do you get hit with ?
Is this something visible ? 200k ? 500k? 50k? What's the average during the attack, what's the average normally ?
That is some of the least efficient, most resource-hungry and outdated stack you could choose for a highly concurrent application like chat. And that flash must be working amazingly well on mobile also.
I will pray for you.
Try to check some of the IP location of the attack. If they come from one country and it is not your apps target, you can block totally with iptables. I have website that will have high load and become not responsive if I don't block IP from rusia. It is fine to block russia IP because my website visitor target is south east asia. But I am not sure if it can stop your attack.
https://www.lowendtalk.com/discussion/74798/review-of-ddos-mitigation-solutions-providers
Not sure about the numbers but it is big because 100mb are added to my http log file within a few minutes.