New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
What's the plan?
Well it's not all down like someone said as mine is back up, unless i been moved to ovh, as it seems faster to me in the mediterranean now.
My services are reachable but extremely slow
That's how mine was yesterday evening, very very slow crawling but ddos does that, i know from years ago when someone took out my server at ovh, before ovh got proper protection lol.
Yeah, I broke out of it when I realized I cared more about trying to get his subnets online than he did. And was around 2 hours away, at ~10pm via car.
When I had a hosting company, at 17 and still in high school, even if it was a single shared cPanel server, I'd be on the way to a NAC.net Parsippany or Cedar Knolls with spares and off-site backups in 20 mins.
This dude just walked out on his DC getting taken down by some shitbird, and apparently a single IP being targeted.
Has anyone seen that? A single bloody IP took today out?
Get fastnetmon and configure it to work with RTBH for nulls. Orange will thank you (and maybe even keep you as a client)
https://lowendtalk.com/discussion/189137/hazi-s-bachelor-thesis-stop-layer-7-attacks-now/p1
wait. he's still Googling.
If you want miserable service and network, certainly an idea to stick with Path
@yoursunny 's Romanian brother works on reverse psychology. can you advise what he "should not do" to resolve this situation?
Stick with a provider who knows what DDoS protection is, maybe some IPv9 will also help.
if this is the death of hazi will you commit to giving people access to their data so they can move some where else?
If you have some alternative at the same price please dm me
this will not happen. he has already taken 15K EUR loan to expand hazi. at most your data will all be shifted to OVH and wherever the German server is because he has local incremental backups! but wait how is he gonna do that when his backup is on the same network and he has stopped sleeping in his data center?
I find some of you rather negative.
I have a lot of admiration for people who get into this business without having a lot of start-up capital to invest.
Frankly, as I read on, I realise just how difficult this business is.
There are already a lot of big players out there who have so much volume and their own infrastructure that they're hard to compete with. There are a staggering number of small players, so it's ultra-competitive.
Hard to find the right market position
The technical complexity is still there, even with the many open source/ paid-for solutions for automating with very little resources.
Then there are the DDos attacks, which have become inexpensive and more than commonplace. Not to mention the other risks of security breaches.
Then there are the customers, who are inevitably demanding because there are so many competitors. Not to mention fraud and abuse.
Hell, I'd never get into that.
Bro is actually an expert on Layer 3 attacks:
https://lowendtalk.com/discussion/189137/hazi-s-bachelor-thesis-stop-layer-7-attacks-now/p1
So here comes Layer 4 attacks.
If the attacks are IPv4 only, quickest solution is to withdraw IPv4 BGP routes and ask clients to use IPv6.
Well, some people obviously just dislike @FlorinMarian but others very much have a point though. Bandwidth being the weak point of the whole operation having to deal with DDoS sooner or later was something that could have been foreseen. Besides that some people have been giving good advice just to seemingly be ignored while from the looks of it he is googling how to stop spoofing which not being possible outside of handshaked protocols should be very much networking basics.
Honestly, a lot of us have been trying to give advice on how to deal with such an outage. Hazi.ro could've been pointed to a Statuspage.io instance, or anywhere DDoS protected as another member pointed out, but he left his house DC, and was roughly 2 hours away via vehicle - so naturally went to sleep for the night.
Personally was ready to help him get a GRE tunnel setup and try to match him with a provider, but he apparently didn't find their low pricing attractive, and seems to have misunderstood clean traffic vs. attacks.
It's a very saturated field. HAZI put himself above Calin many times, and I recall him putting down Calin's Orange due to them not being the real company, not having enough bandwidth, just being an old telephone company, etc. It seems this brilliant real Orange didn't have a network admin to figure out a real time black hole to a single IP (if he wrote that properly)
FWIW both of my $5/yr other VMs are up at another provider in the area. Few extra euros per month doesn't a good provider make it seems.
Yeah, it's not like he'll get out of the situation without throwing money at it anyways. A couple of gbit is something literally even to most retarded of all skids will be able to come up with (hell, they could pretty much just order a box at Ecatel - if that's still a thing these days - and flood him with 10gbit of spoofed UDP) and seeing how it's not only working well but also provoking a public response chances are that the eject button is going to be pressed again, again and again. He certainly can't tank any semi-serious attack and with Orange not (realistically) able to filter it for him he'll have to get some external solution.
iirc he miscalculated the correct power needed and the interest rate of his loan. Numbers don't lie and numbers don't care.
Had thought the 45 day lead for DDoS mitigation was the issue.
I had no idea it was literally the tiny 500/mo to make the DDoS not fall over like a house in three little pigs.
Could do just fine with 1Gbps inbound filtered and outbound filtered via whatever provider will still have him.
Mostly disappointed because I want him to do well in every thread but it's stuff like this that occurs, the forum rallies to try to give some advice and he peaces out quicker than a cPanel reseller mid-2000's.
I'm just sad because I wanted another box to idle, but he believes Paypal users are the issue. That a tiny VPS with him is worth 3+ euros per month, and well... I'm not 100% convinced.
I kept coming to old threads looking for something $1-$2/month as a looking glass and monitoring probe, but nothing.
Also apparently he thinks people that use Paypal are more of an issue than the good natured customers who sign up with invalid email addresses.
Come to think of it, he might not be the genius I thought he was. I personally wanted to see this (and little tiny DC projects) go far. @Calin and @c1vhosting know this.
Of course I saw that a lot of people were trying to help him.
I just wanted to point out the difficulty of running this kind of business on your own without investing a bit more.
Even with the right skills, it's not easy. Endless hours of work. Shit all the time.
And I wonder how much money it's worth in the end.
I don't have the history and I don't know all the liabilities.
I just find that sometimes I read a lot of rather harsh comments on his threads.
Sometimes it's a bit toxic imo.
So I felt the need of trying to balance the forces ! 😅
@remy , he had the money which is good. however it may not have been put into best use. might not be bad use, but definitely not best. I guess that's what LET has been trying to highlight to no avail.
At least it should be...
Well, a monthly expense of 500 certainly is a chunk of money when there isn't a ton of clients but what would be the alternative? I don't see any right now.
Besides, i'm not sure how contracts for these kind of services look like but as long as those are somewhat flexible there is nothing stopping him from changing to a cheaper solution should he manage to locate some.
Yeah, i mean i'm all for people figuring stuff out themselves but when your network is down and clients are likely about to dust off their pitchforks it's really not the time for some educational try and error experience.
Anyways we are just talking among ourselves, i guess.
Well, i personally very much like what he's doing and i even think best use of money is somewhat relative but sometimes it's kind of hard to follow his line of thought. Like walking out of your datacenter right during an attack knowing your network is down and you'll not be able to (easily) get there later. I very much agree that in parts people's comments are needlessly hateful though.
In the long run, even a MRC of 500 would mean roughly 6k euro over the year. Would give him DDoS protection of 12Tbps or so, while still paying local providers that ~1Gbps, who apparently don't have the ability to null-route one IP.
At this point it's OVH, Hetzner, or BGP mitigation if your ISP is the equivalent of 2/3 houses of three little pigs.
Feel bad for customers at the end of the day who actually believed this was worth more than the $5/year I gave a host in a similar region.
Good morning!
After 24 hours in which the attack method was through UDP, the attacker changed his pattern for about 12 hours, ending up killing our network not by bandwidth but by the number of invalid packets.
It is quite difficult to filter these packets because many legitimate packets arrive late or get lost and if I tackled the problem as I did yesterday by blocking the abusive IP address for an hour, I would end up blocking the entire internet.
Since yesterday I kept thinking about the approach with GRE but I can't think of how I could make these tunnels considering that my L2/3 switch does not have VPN capability and making the tunnel at the server level would be difficult to I route unordered IPs distributed across servers.
Today I will do everything I can to get the HAZI.ro website and the mail server back on its feet, but leaving aside the excess of zeal of some, it is not a typical situation an attack that is unidentified and that lasts so long.
I will not take protection from path.net or something similar to protect my location in Romania.
It's cheaper to move everything to OVH and reduce my costs at home until things calm down, even if I paid for the internet subscriptions with the guaranteed band for nothing.
Also, after solving the situation, it's cheaper to lose all my clients who don't understand that this type of situation cannot be prevented with the budgets that both they and we have, than to charge my monthly bill with another 700$.
The big looming problem here - if he will not do anything and just quit, it will be treated as exit scam.
Looks like he wanted a way out from this downward spiral of basement DC and shut down or go back to Ovh so hired some skid for help.