When your client was targeted by ddos, and you force to nullroute the IP for may be few days if the ddos not stop. How you guy try to cool down the customer when their server get down for few days?
How you handle DDOS Customer
- Thread starter hostemo.com
- Start date
Just explain to him that he's attracting bad traffic to his website, for whatever reason that may be. It's having a negative impact on other paying customers, and while you understand it's an inconvenience for him that he is nullrouted, that you will not allow any individual customer (him) to impact the quality of other's services because of it.
Honestly, I'd place a note in the customer's profile to keep a log of when this happens. If it happens more than a couple times, I'd probably refer him to 3rd party filtering services like Cloudflare or x4b that would allow him to remain your customer but with filtering in between or provide him a full backup of his container and tell him he's a high risk client and you don't want him on your network... good luck in your search and good bye.
Last edited by a moderator:
I'm usually a smartass and say "Quit pissing people off on EFNET".
Before we got our autonull we had to take a "You can't be hosting with us anymore" route, but with our
autonull we do a 1 hour automated nullroute. We have some customers too cheap to buy filtered IP's so
they get nullrouted 30 - 40 times a month, not even kidding.
If your datacenter doesn't provide filtering or an autonull you'll likely have to take the same
stance to protect the rest of your customers.
Francisco
The bigger problem is spammers, and twitchy networks who null/pull the power from your server... 
Maybe I should make a new thread, but how do people handle outbound spam? I've tried blocking IP and allow only the ones that ask (maybe even better is to route through my own MTA?), but SolusVM seems to mess up iptables :/
Maybe I should make a new thread, but how do people handle outbound spam? I've tried blocking IP and allow only the ones that ask (maybe even better is to route through my own MTA?), but SolusVM seems to mess up iptables :/
In fact, we have the solution for them. Just they not willing to spend.
We just keep extending the nullroute until they switch to one of our DDOS Protected VPSs, it doesn't make sense that other clients on the node/network should suffer from attacks directed at one client and any amount of downtime caused by a single client is unacceptable.
One time a client told me "you're going to make me wait 24 hours for only a 5 minute outage" but 5 minutes multiplied by the number of clients on the switch was just unacceptable.
My biggest issue with DDOS attacks isn't how our clients react to the downtime, it's how the clients would react if we got booted from a data center as the result of the attacks (past experience has me very cautious with this subject).
One time a client told me "you're going to make me wait 24 hours for only a 5 minute outage" but 5 minutes multiplied by the number of clients on the switch was just unacceptable.
My biggest issue with DDOS attacks isn't how our clients react to the downtime, it's how the clients would react if we got booted from a data center as the result of the attacks (past experience has me very cautious with this subject).
yup....they is no other alternative way to do it if customer not going to spend for better security. so i will only keep nullroute the ip if they attack is continue.
drmike
100% Tier-1 Gogent
I call the kid's mother and ask if she is familiar with her son being the star of this game called DDoS.
DDoS happens and sucks.
Nulls are the typical routine and hard to find fault with. The downside is you can per se target your enemies/competitors/whoever and put them down and out In the dirtend segment this tactic is as common as Sunday.
DDoS in general seems to be popular. Just search Twitter for DDoS and you might be surprised about how much chatter around it and who is dropping that word and why.
DDoS happens and sucks.
Nulls are the typical routine and hard to find fault with. The downside is you can per se target your enemies/competitors/whoever and put them down and out In the dirtend segment this tactic is as common as Sunday.
DDoS in general seems to be popular. Just search Twitter for DDoS and you might be surprised about how much chatter around it and who is dropping that word and why.
If you have an online company, then operating a website without DDOS protection is a gamble. IMO, it's worth spending a few extra dollars as an insurance policy. Like other forms of insurance, you hope to never have to use it, but it's worth having if you do.
You see, in fact a lot of users do not manage their vm security properly, and by the end the server was being compromised. Sometime really dont know how to say about the customer.
Last edited by a moderator:
I'm trying to convince my brother of that right now. I've been hit with DDOS before because someone didn't like me and I lost a lot of income.
hellogoodbye
New Member
Somewhat off-topic, but how strongly would you guys recommend DDoS protection for non-businesses? Particularly for hobbyists who are running personal websites like blogs and fan communities. Are there instances where you feel DDoS protection would be overkill because the likelihood of it happening is very low?
drmike
100% Tier-1 Gogent
If you have visibility in low end land and any competitor or haters, you will eventually get your DDoS experience.
I think with cost from the common cheap DDoS offerers (BuyVM, RamNode, SecureDragon) it's minimal enough cost and fairly easy to justify.
The hassle comes in with some of the configurations and things that break over the DDoS protect as well as traffic issues when two public interfaces. Typically, I just disable the non filtered IP and do build from there outward to remove any wonkiness.
DomainBop
Dormant VPSB Pathogen
DDoS filtered IP offerers would be a better description. Prometeus also offers filtered IPs in Italy (filtering done by SeFlow).
If you need something stronger there's always OVH's free DDoS protection (slow reaction times). Heavy duty DDoS protection isn't cheap (for example: SeFlow's top protection is 240 euros per server).
I know that BuyVM and RamNode offer filtered IPs, but we do not (our VPS nodes are colocated inside the data center). Just wanted to point that out since it's a common misconception about our service since we used to do it that way over a year ago.
As for DDOS protection for a "non-business" site, it all depends. If the site is for something that may attract unwanted attention (i.e. a controversial, religious, or political site) or the site becomes very popular to the point that a skid would want to brag about taking it offline then yes, you should get DDOS protection for it. If the site has a small niche community (i.e. basket weaving, post-it note artwork, tissue blowers anonymous, etc...) then you probably don't need it so maybe something like Cloudflare's free service would be plenty for distributing small attacks from a single person with a large home upload speed and no life.
My rule of thumb is if it has the potential to generate income it gets protected even if it doesn't need to be. Like for my free web hosting service website, it doesn't generate any income but it might in the future so I throw it behind Cloudflare and have it hosted on a DDOS protected server. My personal websites are hosted on a non-protected cPanel server since they are such a small target and downtime is not a factor as long as the MX servers stay online (they sites can be offline for a month and nobody except Google and the 200 or so monthly visitors would notice).
We nullroute the IP and if the attacks are common we refer the customer to a 3rd party filtering service or explain we don't want them as customer anymore. Downtime because of a customer is unnaceptable.
In asia we are unable to compare with those provider in usa and europe. In order to filter the ip, you must have a very big capacity to against the dos.
Like in asia, 1gbps = multiple 10G in usa or europe. 1gbps capacity is totally not enough for us to against the dos. This is why we have no options to keep null route the ip.
Like in asia, 1gbps = multiple 10G in usa or europe. 1gbps capacity is totally not enough for us to against the dos. This is why we have no options to keep null route the ip.
BrianHarrison
Member
It's great to have a pre-defined ticket reply message ready for these types of abuse issues. You run into the same recurring discussion over and over:
1. Customer gets hit with DDoS.
2. Net admin null routes customer.
3. Customer gets on trouble ticketing system in a rage.
4. Back and forth explanation of why it is necessary to nullroute ones service when they have not purchased DDoS protection.
You can save yourself a lot of time with a well-crafted ticket reply template.
1. Customer gets hit with DDoS.
2. Net admin null routes customer.
3. Customer gets on trouble ticketing system in a rage.
4. Back and forth explanation of why it is necessary to nullroute ones service when they have not purchased DDoS protection.
You can save yourself a lot of time with a well-crafted ticket reply template.
This is why I like RamNode, someone can pay $5 and generate a network flood for a minute or so, and IP gets null routed for five minutes or so (unless it was a really large attack), but then it comes right back online and hardly affects me.
If you don't care about null route now and then, then what does it matter?
Last edited by a moderator: