dos attack

Hi all,

hostforweb have just informed me that my site is suspended because it is launching a dos attack on their network... Any advice on what can be causing this and where i should loook??

Nathan

You are shitting me right? I don't know too much about your site, but I have read about it in the past. You have some kind of dance or exercise site right? If that is the case a site like that being the target of a dos/ddos attack I would expect to be a bit rare. Although nothing is out of the question, but are you sure hostforweb knows what they are talking about?

Unless it is there practice to suspend a site for a few out of the ordinary hits to a site I wouldn't expect your site to be a target, unless you were up to something out of the ordinary lately.

Or they have a very limited definition to what dos/ddos attack is. Being you visited your own site too often for them and they deemed you as an attacker.

You need to ask them for more details and post some proof because unless you are a big popular site or up to something I would like to hear about why they deem your site so.

You never know though people do some crazy attack stuff, but usually some one is pissed off or it's a popular site.

But I would be curious to know more details and just how hostforweb came to this conclussion and how they ultimately handle it.

this is what they told me.... I have a feeling they could be shitting me, but Im at work at the mo, so I cant check it out. All I know is this - we did an interview last night that goes out to 2m viewers on salsa TV. The site was up and running when we left the office. Thismorning, the site is down and hostforweb are telling me it is a doss attack from out site that is taking down their network. They refuse to unsuspend the site until we stop the attack.

If this is a traffic problem I am going to be livid with them, because i pay a fortune for a dedicated server and am always having problems with speed.

I will post more details when I get some.

That's amazing. So to them high traffic = ddos??

Wow, and you just launched!

This is going to be interesting.

this appears to be deliberate saboutage.... The site has been up for a few minutes and already it is being messed with....

what happened?

Glad to see you back online!

back, but for how long?????

Nathan, 

I just sent you a huge PM but I wanted to post this here in case anyone else runs into this. One of the guys I helped here has two dedicated servers. He had been kicked off two hosts because they CLAIMED he was getting DDOS attacked constantly. When I looked at his logs (now on the 3rd host) I saw that during these high traffic times it was the join form and the blogs (and sometimes the contact form) getting hammered. I guess a lot of these spammers use poorly written "bots" to try and post to any form they can find. Now whether these bots get stuck in a loop or they just keep trying until they are successful I have no idea. Long story short whenever these ddos attacks were SUPPOSEDLY happening was when the Chinese spammers were trying to post garbage to his site. The 3rd host wasn't trying to kick him out (yet!) but the server would would run out of memory and lock up any time this happened and have to be rebooted.

I guess in the long run it doesn't matter if it's a 12 year old kid trying to crash your site for kicks or a company in china spamming fake purses, the hosts take the easy way out and just call it all DDOS attacks. 

We ended up setting up mod_security to block any link posting on ANY page and then add their IP to the firewall block file after 3 attempts. It worked for him, he hasn't had any lockups or reboots in several months. 

This site might help you block the spammers. I started getting 4-5 china spammers recently and also from some place called Aland Islands.

http://www.countryipblocks.net/

Use the details on the right margin of that page and copy it to the bottom of your htaccess file. It may not block them all, but it did a great job for me on blocking ip's from India spammers.  The more hits you get from these countries, the lower your search engine ranking too.

If your ded server company keeps taking you down, try usavedomains.com. Beefy server and affordable.

Good luck.

I have about 10 Dolphin sites on the go, and used to drive me up the wall chasing spam accounts...

I installed 'join by country' mod by eSASe and have since only allowed my target countries to join (NOT China!) 

Have not had a single spam account or post since and that was months ago...

Brilliant mod, if you are targeting just select areas, or dont mind blocking out a few countries, then this could help.

Glad your site is back on!

we managed to kill the spam off by having a mandetoey photo upload on join....  but this was a hack on  our server root. a real pain in the ass...

 I am gonna same pinch you :) I have this same spammer problem all from some aland island. now i block all @123mail.ru etc.............

 and for your problem i would suggest you use cloudflare they provide a good security system. They almost block 100s of attacker per day by displaying captcha. see the attachment.