Hacked - DDos attacked, Downtime 1 week...

Message from Host:

I was on a shared plan and they moved me to a VPS same problem
Host: http://www.urljet.com

I have had one host representative thats said "I think we could take care of you but you would have to use this plan with the firewalls"

https://www.liquidweb.com/cart/content/dedicated/Webmaster/Plan1

 

Yeah you'll have the same problem on a VPS because you weren't really adding any additional security. The dedicated server you can go with the dedicated firewall. We offer that for $50 per month through this special.
https://www.liquidweb.com/cart/content/dedicated/WHTSpecials/FirewallSpecial/

 

Bret, I was in a live chat on liquidweb 2-3 times with different sales people and they all say different things. First one said only the $180 plan would cover it, now your saying this $50 plan will do it.

And there is no money back if you can't prevent it?

 

Is this a DDOS attack in that your pipe is flooded or just making so many requests the server is crumbling?
Have you tried using software firewalls and blocking the offending IPs?

 

Yes... Its not that simple
Its pretty hard going against botnet

 

Its also hard when the IPs in the packet are spoofed, so they can just make them up as the go.
Its really a wonder how to defend against that.

 

Right. Regardless of what sales people may say on our chat. The logic holds that for serious DDOS attacks you're going to need serious appliances dedicated to your system. Those can cost many thousands a month. I'm not sure why someone would say moving from a shared account to the VPS would add security because it doesn't.

 

You cant spoof a TCP connection, due to the handshake that has to happen.
Sure you can do a SYN flood with spoofed IPs, but theres ways of protecting against that.

 

from what i know iptables on linux only can handling 100 ip address listed
if the DDOS source was come from thousand of ip address you need to ask your upstream to check out the connections to your server

 

Bret can I get a money back garauntee if you guys can't prevent this Ddos attack, Ive moved from 4 different hosts so far. They all said they could.

 

No we don't offer money back guarantee's specially for a DOS attack. The cost on our side wouldn't justify that. DOS attacks are harmful to data centers so inviting people to come over with current DOS attacks in place isn't vary appealing.

 

Then it would be 100% money wasted, I would pay for it then it wouldn't work and I would waste not only money but alot of time trying to get it back up. This attacker dosen't stop, has thousands of IP's a day comming in. I have been on every firewall for Ddos

 

Update... This attacker is using a botnet its been confirmed by a few people that have monitored each attack. What are my next steps

 

blocking the IP on your upstream side

 

It's not that easy because the flood is coming from thousands of IP's a day.

 

well i got the same situation with the thread starter couple of weeks ago

i had hardening my server using iptables firewall and can block 100 ips automatically but the attacks has come more bigger then what i had expected then i contacting my dedicated server provider

they scanning the ip which had come and banning thousand of ips in a day on their upstream side and till now the ip that already listed on their list is not opened until my instruction is given to them

and till now my server is safe

 

Glad to hear its not easy I first suspected.

 

Really, no one knows about botnet here? I have tried every security forum....

 

Update - I am now going with Danny's hosting site lenohost. Will see how long I stay with them

 

Danny hosting didn't last me more then 2 hours, I got my refund.