I didn't see a 'hosting' forum, so I hope this is the right forum for the topic. Even though I will be talking about 1and1.com please don't flood me with '1and1 sucks' responses. I've been with them for years, and as long as you don't expect great customer service(aka you can google issues yourself) then they are a great hosting company. . .at least from what I can tell. I used 1and1's shared hosting account for like a year and a half. I hit the front page of Digg multiple times(even 2 days back to back). . .yet I rarely ever went down(maybe twice for no longer than an hour both times). I have been more and more wordpress plugins, which ended up using more RAM so I decided to go with a dedicated server. . .and here are it's specs. . . _______________ Single Core AMD Athlon 64 3500+ 2.2 GHz 1 GB DDR2 RAM 2 x 160 GB HDD 1TB Monthly Traffic _______________ For the past 2 days, my websites have been down. I contact 1and1 and they tell me this is because of a DDoS attack. Now I don't piss anyone off, so I thought how can this happen. I now the 'Digg Effect' can make it seem like a server is getting hit with a DDoS attack, so I asked if this could be due to an influx of referrals. They said yes it could, but with thousands of connections attempted to be made, they somehow doubted it. The websites have been online for 3 hours total in the past 2 days. When I check Woopra, they aren't getting anymore than 200-250 people at a time(one gets ~75 and the other gets ~150). This is probably the low end of it all(since they were online during this time). The only referrals I am getting are from the front page of gizmodo, macworld, and pcworld. Which isn't anything like getting on the front page of Digg. Now, with a dedicated server all to myself, 1GB of RAM, and a 100Mbit line. . .I just don't see how this can be from referrals. . .but with it going on for 24+ hours straight, I don't see how it can be a DDoS attack either. After talking to a CSR, they said, as a test, I could redirect the website that is getting the most referral(from pcworld, macworld, gizmodo) to a blank directory. That would alleviate the connections from my dedicated server(and direct to the 1and1 error page), and would determine if it's a DDoS(if it didn't help) or just too many referrals(if it resolved the issue). I did this for ~2 hours yesterday and it didn't help at all(so I'm assuming they are right, and it's a DDoS attack). I know 1and1's customer service is shitty(I've been escalated to tier 3 so far), but their hardware and their network is top notch I am new to the dedicated server scene, but how many concurrent connections should I be able to do with a dedicated server? I assume 1-3 thousand. . .but from what I can tell I'm only getting like 500(from the woopra stats). I would love to hear any thoughts or comments about this issue. TIA
I wouldn't recommend jumping from shared to dedicated, you should of gotten a VPS that way the network setup and server scripts such as deflate would have already been installed and its a lot cheaper versus your bill for a dedicated server, But you'll need to find someone with good experience to set all that up, i'd say you'd also want to buy a firewall to re-route or stop the DDoS attack. Thats my only advice I have to offer you.
So, you think it really is a DDoS attack? I had planned on going with a VPS at first. But after searching google I learned that 1and1 VPS machines were overcrowded(at least from the few reviews I read). plus the cheap vps would have only given me 256mb of ram, instead of the 1gb. the price of a 1gb ram vps machine would have cost me the same as my dedicated server cost(70 per month) I decided to go with the dedicated server so that I would be 100% sure I wouldn't get issues like this. I also stuck with the managed server. . .I didn't want to spend time updating php/mysql if security updates came out. I'm not dumb, and I can research how to do small things like that. . .but that would just take away the time that I could have spent developing content for the website. I just wanted the transition to be as hassle free as possible. I guess that wasn't possible though.
1n1 is too expensive for their hosting and even vps. You can get same spec or better vps spec from other hosting at the same price with 1n1. So i urge you to use other hosting company for vps
I actually thought they were on the cheap side(I guess I get what I paid for). I don't know many other places that I can get a dedicated/managed server, with 1TB of BW for 70/month I know it's only a single core, and only 1GB of RAM, but for linux that should be plenty. I've been doing some more googling and I should be able to get at least 45,000 uniques per day before upgrading. . .I get at least 15,000 uniques per day at ~300GB of BW per month. so it's not like I'm doing anything heavy(just wordpress blogs).
Please read my article http://forums.digitalpoint.com/showthread.php?t=1129236 Below is a quote from my article :
As no-one is answering your question really; you should first find out if you are DDoSsed or not. There are many ways to do that, but check; http://brainfisheatfishbrain.com/ The latest article and many more on their for killing any (D)DoS attack without any help from the hoster. I have killed a lot of attacks with this information already, on extremely busy sites (millions of pageviews / day) and it all worked. Attacks the great 'Cisco firewalls' couldn't prevent/stop. If it is a DDoS, you can easily detect it, kill it and that's it. If it isn't, it will also show and you can get to 1and1 and say they are lying. Oh, and I really don't see how a VPS would help. You can install the same measures in and outside a VPS, and a dedicated server has a much more graceful handling curve of the problems you are referring to. If you need help just PM me.
Is your server managed or secured in any sort of way? You could have been DDOSed back when you were on the shared server but there was some security measures to prevent the attack. I would definitely secure your server with some software such as DDOS Deflate, APF, BFD, Mod Security, and Mod Evasive. It sounds like your server is unmanaged and if it is I would definitely recommend getting a managed server or VPS.
Hello, You could enter this command in SSH (root) & see if some IPs have a lot of connections to your server. A benchmark during a DOS attack maybe 100 connections. Now, if you have a firewall like APF , then ban IPs above 100 connections using If you have CSF , then you can just enable Connection Tracking, & set it to 100. (in WHM , or in the config file) Now, even after banning IPs having 100 connections, you are facing the problem, lower the limit to 60 (or even 40) till it resolves the problem. I would recommend CSF more than APF , as it is more actively developed. Ishan