i'll try and be understandable. ok, so my site is dragging ass real bad, so i email support, and they say my ip is getting over 300 connections and they have to block it. in the process of blocking it, all the other sites hosted on that ip are also down. now i ask them to find out which site on that ip is receiving all these connections. but they say they cannot tell which site it is, so they block everything. so my question is this: is this bullshit or are they able to know which website is getting all these connections at once? there are only about a dozen or so sites on this particular ip.
Now they should have just blocked the ips that were making all the connections and not take your site down If they blocked the offending ip lets say 222.222.22.22 then that person would not be able to connect to the server and still allow your sites to be live.. He also should be able to tell you what site was causing the problem.. by either using top through ssh or looking in the apache status. If it is running nobody process it is a little more difficult to track down If they showed up as nobody processes
300 connections, sounds like a DDOS attack. Simply installing a decent firewall and DDOSDeflate or something similar should resolve this without causing you too much trouble. IwhiC is corrrect, the offending IP (of the user) should be blocked rather than the host IP (ie your site's IP).
thanks for your comments and advice. my sites have been down for over 5 hours now and all i get from my current host are lies and Abbot and Costello support. its hard to believe my current host used to be the best available host around, but greed and incompetence has driven them into the ground. let them crash and burn, their the worst on the planet and all their customers are suffering because of it. oh yeah, i need a host.
I am sorry to here that. Your sites should not be down. What are your requirements? What are you hosting now? You can check out our specials that we have I am sure they will fit your needs. http://forums.digitalpoint.com/showthread.php?t=811395
Hey, Take a look at http://wiree.net/ for some good offers And about the IP issue, they might block the entire IP if there is alot of websites getting these ddos attackes and get a new shared IP! And yes, it is possible to see what site recieves this amount of connections, else your webhosting is pure stupid
Hello They can check using top command in ssh. I have had these issues with few sites i host (They reached 200 connections). But i never blocked the shared ip of the sites. Only the ip's of visitors were blocked. If you need web hosting you can check out our VPS plans on http://totalrootvps.com/plans.htm Remember to use promo code Launch while ordering to get 25% off your first month. Or if you prefer shared or reseller hosting please see our plans on http://mycoolworld.org/ Regards
It is true that they should not have blocked your website, but they cannot see which website is getting the connections, if they are not using SuExec (phpSuexec or SuPHP). Though it is secure to use phpSuExec, some scripts do not work with it, & it is not that efficient , thus taking up more resources. Ishan
They should have at least some sort of defense against these types of things. They should at least have something like cms firewall, which is pretty good since it doesn\t block any ports. If they cannot protect their own servers like that I would not recommend staying with them.