amuck-landowner

Colocrossing Buffalo now offering 100Gbps DDoS Protection

DomainBop

Dormant VPSB Pathogen
So earlier tonight multiple sources on interesting Greenvaluehost email that went out.

The email is offering 100Gbps DDoS protection via Colocrossing's network in Buffalo, New York.
Provider offers DDoS protection and yet can't keep their own site online...

From their Twitter tonight...

GreenValueHost @GreenValueHost  ·  3h 3 hours ago


Our client area is currently offline due to a large scale DDoS against our systems. We are working on mitigating the DDoS now.

0 replies 0 retweets 0 favorites

 

 

 


 








Windham, NH
GreenValueHost @GreenValueHost  ·  3h 3 hours ago



We are NOT responsible for the PM inbox spamming occurring to @LowEndNetwork forum members nor did we have any prior knowledge of it.
 

drmike

100% Tier-1 Gogent
http://secure.greenvaluehost.com/

Website is offline
 

No cached version of this page is available.


Error 521 Ray ID: 19c953143bf501ed Web server is down





 

You Browser Working

 

Newark CloudFlare Working

 

secure.****************** Host Error
Which has me going like huh?!?!?!?!

I mean GVH did advertise in that promo 100Gbps protection.... and they have long had their site nested behind meh, Ramnode and Cloudflare...

I expect some showmanship and some downtime, but they are getting punted and staying down.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
I expect some showmanship and some downtime, but they are getting punted and staying down.
There's always the possibility that the skid who got pissed off when GVH (or someone claiming to be from GVH) spammed his LET PM box did more than just DDoS them...i.e. maybe they got hacked again.  Their followup tweet says they are  "performing very critical security and DDoS maintenance".

edit: and their home page says:

"We are aware that our client area is currently inaccessible. We are working on very critical security maintenance right now and will be making it accessible again as soon as our maintenance is completed. We apologize for any inconveniences this may cause."
 
Last edited by a moderator:

MattKC

New Member
According to the thread at let, they dumped a tar.gz file in the root directory while performing their "upgrade" that contained whmcs attachment files (inc scanned id copies) and left it there to be pulled by anyone who accessed the old url. Classic GVH screw up if true. I'm sure they have already notified the impacted clients...just like they did during the previous hacks (and for those unaware, they have not reported these breaches to the cc association's where you are required to report even suspected breaches so that impacted accounts can be flagged and monitored). Failure to do so will get you punted from the issuers immediately so they are obviously hoping they never find out.
 

drmike

100% Tier-1 Gogent
According to the thread at let, they dumped a tar.gz file in the root directory while performing their "upgrade" that contained whmcs attachment files (inc scanned id copies) and left it there to be pulled by anyone who accessed the old url. Classic GVH screw up if true. I'm sure they have already notified the impacted clients...just like they did during the previous hacks (and for those unaware, they have not reported these breaches to the cc association's where you are required to report even suspected breaches so that impacted accounts can be flagged and monitored). Failure to do so will get you punted from the issuers immediately so they are obviously hoping they never find out.
Bahaha.

Well, how many 'hacks' does this add up to for GVH?  His hero at ChicagoVPS had by my count three.   I think the lad has caught up with this one.

GVH either (1) never used this vaunted aegis of the net, or (2) switched to cloudflare after it let him down.

https://secure.greenvaluehost.com/announcements.php?id=29
Oh the public facing stuff and grammar issues / sloppiness.

GVH customer area recently has been buried behind RamNode and Cloudflare.  Last check the client area was behind RamNode. Appears to be behind CF now.  Must be some issues with Ramnode allowing attacks through or nulling GVH to throw them over to CF now. Bound to be layer 7 attacks, which are pedestrian to mitigate, but I don't believe Ramnode does layer 7 stuff to that degree he'd need.

CF in contrast you can crank up to almost paywall restrict inbound visitors plus the big 5 second cooling CF does avoids overloaded server state.

A few ahh iptables rules and simple things and most layer 7 stuff is just not scary.   But for the amateurs, indeed CF works well to protect from such.
 

DomainBop

Dormant VPSB Pathogen
Database data rolled back one day; Please resubmit tickets & submit ticket to Accounting for missing orders/invoice payments
We deeply apologize about the troubles that the last few days have caused. We know that we have been experiencing issues with accessibility of our client area. They were due to very large scale DDoS attacks of all attack vectors and layers against our systems, ongoing nonstop for days ...
Large scale DDoS attacks cause databases to be rolled back one day...I learn something new every day.
 

Nick_A

Provider of the year (2014)
Bahaha.

Well, how many 'hacks' does this add up to for GVH?  His hero at ChicagoVPS had by my count three.   I think the lad has caught up with this one.

Oh the public facing stuff and grammar issues / sloppiness.

GVH customer area recently has been buried behind RamNode and Cloudflare.  Last check the client area was behind RamNode. Appears to be behind CF now.  Must be some issues with Ramnode allowing attacks through or nulling GVH to throw them over to CF now. Bound to be layer 7 attacks, which are pedestrian to mitigate, but I don't believe Ramnode does layer 7 stuff to that degree he'd need.

CF in contrast you can crank up to almost paywall restrict inbound visitors plus the big 5 second cooling CF does avoids overloaded server state.

A few ahh iptables rules and simple things and most layer 7 stuff is just not scary.   But for the amateurs, indeed CF works well to protect from such.
I haven't been alerted to any issues specifically on our end, nor have we turned GVH away to CF. I don't know exactly what their setup is, but Staminus typically advises against mixing CloudFlare in.
 

drmike

100% Tier-1 Gogent
I haven't been alerted to any issues specifically on our end, nor have we turned GVH away to CF. I don't know exactly what their setup is, but Staminus typically advises against mixing CloudFlare in.
Professor Youngblood had GVH customer panel straight Ramnode+Staminus a day or two ago.   Surely Layer 7 attacks  ran him off for now.

Of course I asked, GVH hasn't been behind any of the CC filtering stuff yet, so while I like to punt them, would be misplaced for me to do so, YET.

Large scale DDoS attacks cause databases to be rolled back one day...I learn something new every day.
I am entirely unclear why someone EVER rolls a database back, unless that's date of last backup following a compromise, rm -rf'ing, or thoughts that someone manually input bad/malicious data in your database.

GVH is kind of special like that though.  Not straight retard level, but only brand outside of CVPS/BlueVM/123Systems where one can convert shitastic experience and customer abuse into more future sales.  Amazing what self mugging on prices can do.   Sad when enough companies actually put time in, work hard, plan, invest and aren't getting customer buys like they should. 
 

Aldryic C'boas

The Pony
Roll backs typically happen because of "whoops, we tested new code on production equipment again, and had no fucking idea what we were doing".
 

Francisco

Company Lube
Verified Provider
Roll backs typically happen because of "whoops, we tested new code on production equipment again, and had no fucking idea what we were doing".
Dammitfran?

Anyway, I don't think CC has anyone skillful enough on staff to build their own platform and instead are going to use a RIOREY or something like that. Supposedly a fine unit, minus the fact the PPS is only 32M on their "Take out a mortgage" model. We all know if GVH actually puts out 100gbit filtering as "market breaking pricing" that people are going to go Chris Brown on it. I just don't see CC coughing up much past 10 - 20gbit for him at a reasonable price, especially when their upper limits aren't all that high.

A 20gbit NTP floods going to hit you for 15M PPS or so anyway. Does anyone think GVH is going to be coughing up enough cash for them to be willing to damn well near sacrifice their unit to them for it?

I also don't think Biloh is going to like GVH enough to say "here, go HAM". I'd almost say Ernie's the only reason GVH is still a client over there, and even that's only because he's just an extra way to sell dedicated servers.

Best of luck to them, but they better know how to cover their asses well.

Francisco
 
Top
amuck-landowner