Colocrossing Buffalo now offering 100Gbps DDoS Protection

DomainBop · Dec 21, 2014

So earlier tonight multiple sources on interesting Greenvaluehost email that went out.

The email is offering 100Gbps DDoS protection via Colocrossing's network in Buffalo, New York.

Provider offers DDoS protection and yet can't keep their own site online...

From their Twitter tonight...

GreenValueHost @GreenValueHost · 3h 3 hours ago

Our client area is currently offline due to a large scale DDoS against our systems. We are working on mitigating the DDoS now.

0 replies 0 retweets 0 favorites

Windham, NH
GreenValueHost @GreenValueHost · 3h 3 hours ago

We are NOT responsible for the PM inbox spamming occurring to @LowEndNetwork forum members nor did we have any prior knowledge of it.

drmike · Dec 21, 2014

http://secure.greenvaluehost.com/

Website is offline

No cached version of this page is available.

Error 521 Ray ID: 19c953143bf501ed Web server is down

You Browser Working

Newark CloudFlare Working

secure.****************** Host Error

Which has me going like huh?!?!?!?!

I mean GVH did advertise in that promo 100Gbps protection.... and they have long had their site nested behind meh, Ramnode and Cloudflare...

I expect some showmanship and some downtime, but they are getting punted and staying down.

DomainBop · Dec 21, 2014

drmike said:
I expect some showmanship and some downtime, but they are getting punted and staying down.

There's always the possibility that the skid who got pissed off when GVH (or someone claiming to be from GVH) spammed his LET PM box did more than just DDoS them...i.e. maybe they got hacked again. Their followup tweet says they are "performing very critical security and DDoS maintenance".

edit: and their home page says:

"We are aware that our client area is currently inaccessible. We are working on very critical security maintenance right now and will be making it accessible again as soon as our maintenance is completed. We apologize for any inconveniences this may cause."

MattKC · Dec 23, 2014

According to the thread at let, they dumped a tar.gz file in the root directory while performing their "upgrade" that contained whmcs attachment files (inc scanned id copies) and left it there to be pulled by anyone who accessed the old url. Classic GVH screw up if true. I'm sure they have already notified the impacted clients...just like they did during the previous hacks (and for those unaware, they have not reported these breaches to the cc association's where you are required to report even suspected breaches so that impacted accounts can be flagged and monitored). Failure to do so will get you punted from the issuers immediately so they are obviously hoping they never find out.

raindog308 · Dec 24, 2014

GVH either (1) never used this vaunted aegis of the net, or (2) switched to cloudflare after it let him down.

https://secure.greenvaluehost.com/announcements.php?id=29

drmike · Dec 24, 2014

MattKC said:
According to the thread at let, they dumped a tar.gz file in the root directory while performing their "upgrade" that contained whmcs attachment files (inc scanned id copies) and left it there to be pulled by anyone who accessed the old url. Classic GVH screw up if true. I'm sure they have already notified the impacted clients...just like they did during the previous hacks (and for those unaware, they have not reported these breaches to the cc association's where you are required to report even suspected breaches so that impacted accounts can be flagged and monitored). Failure to do so will get you punted from the issuers immediately so they are obviously hoping they never find out.

Bahaha.

Well, how many 'hacks' does this add up to for GVH? His hero at ChicagoVPS had by my count three. I think the lad has caught up with this one.

raindog308 said:
GVH either (1) never used this vaunted aegis of the net, or (2) switched to cloudflare after it let him down.

https://secure.greenvaluehost.com/announcements.php?id=29

Oh the public facing stuff and grammar issues / sloppiness.

GVH customer area recently has been buried behind RamNode and Cloudflare. Last check the client area was behind RamNode. Appears to be behind CF now. Must be some issues with Ramnode allowing attacks through or nulling GVH to throw them over to CF now. Bound to be layer 7 attacks, which are pedestrian to mitigate, but I don't believe Ramnode does layer 7 stuff to that degree he'd need.

CF in contrast you can crank up to almost paywall restrict inbound visitors plus the big 5 second cooling CF does avoids overloaded server state.

A few ahh iptables rules and simple things and most layer 7 stuff is just not scary. But for the amateurs, indeed CF works well to protect from such.

DomainBop · Dec 24, 2014

Database data rolled back one day; Please resubmit tickets & submit ticket to Accounting for missing orders/invoice payments
We deeply apologize about the troubles that the last few days have caused. We know that we have been experiencing issues with accessibility of our client area. They were due to very large scale DDoS attacks of all attack vectors and layers against our systems, ongoing nonstop for days ...

Large scale DDoS attacks cause databases to be rolled back one day...I learn something new every day.

Nick_A · Dec 24, 2014

drmike said:
Bahaha.

Well, how many 'hacks' does this add up to for GVH? His hero at ChicagoVPS had by my count three. I think the lad has caught up with this one.

Oh the public facing stuff and grammar issues / sloppiness.

GVH customer area recently has been buried behind RamNode and Cloudflare. Last check the client area was behind RamNode. Appears to be behind CF now. Must be some issues with Ramnode allowing attacks through or nulling GVH to throw them over to CF now. Bound to be layer 7 attacks, which are pedestrian to mitigate, but I don't believe Ramnode does layer 7 stuff to that degree he'd need.

CF in contrast you can crank up to almost paywall restrict inbound visitors plus the big 5 second cooling CF does avoids overloaded server state.

A few ahh iptables rules and simple things and most layer 7 stuff is just not scary. But for the amateurs, indeed CF works well to protect from such.

I haven't been alerted to any issues specifically on our end, nor have we turned GVH away to CF. I don't know exactly what their setup is, but Staminus typically advises against mixing CloudFlare in.

drmike · Dec 24, 2014

Nick_A said:
I haven't been alerted to any issues specifically on our end, nor have we turned GVH away to CF. I don't know exactly what their setup is, but Staminus typically advises against mixing CloudFlare in.

Professor Youngblood had GVH customer panel straight Ramnode+Staminus a day or two ago. Surely Layer 7 attacks ran him off for now.

Of course I asked, GVH hasn't been behind any of the CC filtering stuff yet, so while I like to punt them, would be misplaced for me to do so, YET.

DomainBop said:
Large scale DDoS attacks cause databases to be rolled back one day...I learn something new every day.

I am entirely unclear why someone EVER rolls a database back, unless that's date of last backup following a compromise, rm -rf'ing, or thoughts that someone manually input bad/malicious data in your database.

GVH is kind of special like that though. Not straight retard level, but only brand outside of CVPS/BlueVM/123Systems where one can convert shitastic experience and customer abuse into more future sales. Amazing what self mugging on prices can do. Sad when enough companies actually put time in, work hard, plan, invest and aren't getting customer buys like they should.

Aldryic C'boas · Dec 24, 2014

Roll backs typically happen because of "whoops, we tested new code on production equipment again, and had no fucking idea what we were doing".

Francisco · Dec 24, 2014

Aldryic C said:
Roll backs typically happen because of "whoops, we tested new code on production equipment again, and had no fucking idea what we were doing".

Dammitfran?

Anyway, I don't think CC has anyone skillful enough on staff to build their own platform and instead are going to use a RIOREY or something like that. Supposedly a fine unit, minus the fact the PPS is only 32M on their "Take out a mortgage" model. We all know if GVH actually puts out 100gbit filtering as "market breaking pricing" that people are going to go Chris Brown on it. I just don't see CC coughing up much past 10 - 20gbit for him at a reasonable price, especially when their upper limits aren't all that high.

A 20gbit NTP floods going to hit you for 15M PPS or so anyway. Does anyone think GVH is going to be coughing up enough cash for them to be willing to damn well near sacrifice their unit to them for it?

I also don't think Biloh is going to like GVH enough to say "here, go HAM". I'd almost say Ernie's the only reason GVH is still a client over there, and even that's only because he's just an extra way to sell dedicated servers.

Best of luck to them, but they better know how to cover their asses well.

Francisco

serverian · Dec 24, 2014

They sell it for $25 per 10G per server.

Colocrossing Buffalo now offering 100Gbps DDoS Protection

DomainBop

Dormant VPSB Pathogen

drmike

100% Tier-1 Gogent

DomainBop

Dormant VPSB Pathogen

MattKC

New Member

raindog308

vpsBoard Premium Member

drmike

100% Tier-1 Gogent

DomainBop

Dormant VPSB Pathogen

Nick_A

Provider of the year (2014)

drmike

100% Tier-1 Gogent

Aldryic C'boas

The Pony

Francisco

Company Lube

serverian

Well-Known Member