SoYouStart "Anti-DDoS"

Discussion in 'Hosting Advice' started by DenyCC, Jul 2, 2015.

Thread Status:
Not open for further replies.
  1. My server today was hit offline from a 41 million bps attack which is around 0.041 gbps. This attack which is relatively weak when compared to OVH's DDoS mitigation system and yet it was able to take my server offline. I had quite a similar sized attack when over at Kimsufi and yet their DDoS mitigation handled it fine. I am confused about this :p

    Has anyone else had a problem with this? By that I mean being hit offline by relatively weak attacks on such a network. This seems odd to me and almost like their system had failed.
     
  2. joehot200

    Supporter

    Yes. Their DDoS protection is terrible. Many people have this issue and I've said this exact thing on almost all similar threads.
     
    • Agree Agree x 4
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  3. 0.041 gbps is nothing. Anyone with $5 that knows where to look will be able to take you down with ease. I have no experience with any of the hosts you've mentioned aside from OVH, but from all the hosts that I have used, even going back a few years, such weak attacks were never an issue. If that continues to be an issue and you go down to that weak of attacks I'd move hosts if it's financially do-able.
     
  4. Due to Kimsufi and SoYouStart being sub-companies of OVH, I would of thought they would of had the same "amazing DDoS protection" but obviously not. This is certainly very bad as I had wanted to upgrade to OVH themselves with their new i7 4790k server. I'll look elsewhere.

    Exactly as I had thought, attack is very weak and yet it took it down. I will be looking into moving hosts very soon.
     
  5. OVH is complete trash. That's what you get for using a budget provider.
     
    • Agree Agree x 4
    • Funny Funny x 1
  6. joehot200

    Supporter

    I'd recommend ReliableSite - Their DDoS protection is not the best, but it does generally keep you online.

    Best protection I've seen so far is Intreppid, because of zero false positives and 99% of traffic being filtered.

    DDoSDeflect were also quite good in terms of keeping me online without false positives, but the extra latency and loss of IPs is a bit of a bummer.
     
    • Agree Agree x 2
  7. joehot200

    Supporter

    OVH also has terrible protection. :p
     
    • Agree Agree x 1
    • Funny Funny x 1
  8. I can vouch that ReliableSite has good DDoS protection. It generally will keep you online but every now and again you may have someone that is able to hit past 10gbps, which is what they protect up to. At this point your server will go down.

    I don't have any experience with Intreppid or DDoSDeflect. Intreppid seems to be pretty expensive but I guess you get what you pay for.

    I wouldn't say it is terrible but it's pretty easy to take down if you have access to the correct methods :confused:
     
  9. joehot200

    Supporter

    Fair enough. The problem is, OVH is such a popular host that nowadays, everyone knows the "correct methods". :/

    They seem to have a few false positives. I had a DDoS attack, and a few people kept getting disconnected a few minutes after they joined. Much better than not having protection at all, but not as good as Intreppid, where I've had an attack of 15Gbps on my 10Gbps protection and never even noticed it until I looked at the logs a month later.
     
  10. Sadly almost every booter on the web has OVH specific methods these days.

    Also, what do you mean by false positives?
     
  11. ...

    First 0.041 gbps traffic WAS NOT the reason why your server went offline ....

    And you really should read up what DDoS and DoS is... https://en.wikipedia.org/wiki/Denial-of-service_attack

    KS, SYS and OVH all have DDoS protection (and very good too) but they can only offer you DoS protection on "network" level (bandwidth - unless you bought managed server, which you prob. can't afford if you're asking this) and those attack (if well planned) aren't limited to BW only... it's usually much easier taking down your box by overloading CPU/RAM/HDD IO/... (mysql is great for this for example) if you take time and look for flaw.

    But I guess you don't even know why and how you went offline :rolleyes:
     
  12. kill_da_trolls

    Supporter

    SYS and Kimsufi, which are child companies of OVH, both have automatic triggered mitigation, as described in tons of other threads on this forum. In my own experience, I often found that it was not a good idea to use any of these hosts as a frontend. For most small to medium sized servers, using machines purchased directly from OVH should work fine as a frontend and should protect against most moderate attacks. However, after that point you want to start looking into better, private attack protection services.

    Advice: If you have any further questions about OVH or any of its subsidiaries, I suggest using the search function as there are literally hundreds of threads covering this issue.
     
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  13. joehot200

    Supporter

    Yep, and that's the problem. :(
    OVH even shut down my server because they thought some traffic to another OVH server was a DoS attack. They seem to be really paranoid about it. Which is why I moved to ReliableSite in the first place.

    I mean blocking packets of legitimate players.
     
  14. Ah ok. I was going to use an OVH VPS with a GRE tunnel as a small layer of DDoS protection in the past, but the default kernel on their servers is so awful you cannot set one up without uninstalling it and reinstalling the default kernel. Even after that you won't get great protection, so I decided to not even bother.

    And yeah, I can attest that ReliableSite does give some false positives. There are times when we've received small attacks and had a few players disconnect after they login. I also don't like that you cannot see attacks as they happen, you have to wait until awhile after they have ended to see them in the DDoS History panel. Unless of course I'm missing something and there is a way to see them live.
     
  15. I had received 2 emails, one of which stated an attack was detected and another told me when it had stopped. Over the 3 hour duration the server was down. I think that most people would assume that an attack is what did it.

    I also don't have any mysql services installed on the machine.
     
  16. RSNET-Radic

    Supporter

    Thank you both for the recommendations.
     
    • Friendly Friendly x 1
  17. joehot200

    Supporter

    I recommend you ignore @r0v3r6. I'm not sure if he's a troll, but his statement really doesn't make much sense, nor is his proposition of how you were taken down at all likely.

    (sorry @r0v3r6)
     
    • Agree Agree x 1
    • Informative Informative x 1
  18. That's funny, because I've heard nothing good about ReliableSite's DDoS protection, and even their own customer service says you should be getting a filtering tcp proxy. it's not that OVH has shitty DDoS protection, it's just that a lot of attacks are coming from their own data centers, vus the attack is on an even playing field.
     
    • Agree Agree x 2
    • Optimistic Optimistic x 1
  19. So why your server got attacked?
     
  20. Yeah I was wondering the same ^
     
Thread Status:
Not open for further replies.