e107, Remembers where I left my pants last night
Home Downloads Forums Misc Bugtracker Documentation/Wiki Plugins Themes Hosting Reviews
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
e107 Project Tracker
Changelog Changelog | Stats
Bugtracker Bugtracker
     80 open | 5030 total | Stats
Issue tracking (Jira) Issue tracking (Jira)
Feature Requests Feature Requests
     1372 open | 2139 total
SVN Tree SVN Tree
Released Files Released Files
Download Stats Download Stats
How to get SVN version How to get SVN version

e107 on IRC
freenode.net
For real-time help and friendly chat please join #e107 on the Freenode Network

It's a friendly channel so please drop in and say hello regardless of your e107 or IRC experience

If you're new to IRC please click [here] for an explanantion of what to do.

Web Hosting

e107.org :: Forums :: Miscellaneous :: General Discussion   << Previous thread | Next thread >>
DDoS resistant web hosting?
Moderators: jalist, McFly, bkwon, streaky, C6Dave, SecretR, steved, bugrain, AndyDev, Hansi64, nlstart
Author Post
Brad R
Wed Jun 30 2010, 08:03AM
Registered Member #18939
Joined: Tue Jun 28 2005, 05:48PM
Location: Ontario, Canada
Posts: 197
 		Well, it's been over 48 hours and we're still offline. We're not compromised, but the sheer volume of requests is overwhelming. Our web host has added the .htaccess rules (acutally using modsecurity) to block the attacks, and they're still bringing down the web server. They're reporting attacks from "thousands" of IP addresses.

I'm also seeing attacks on pages which are specific to our e107 site (our custom plugin), so I'm sure the attackers are using Google or some other search engine to find sites to attack...and we seem to rank high in this department.

So it may be that our current web host simply can't filter the volume of attacks that we're getting. In which case we'll need to move to a new host with better ability to filter HTTP requests. Can anyone here recommend a "DDoS resistant" web host?
Back to top
C6Dave
Wed Jun 30 2010, 11:04AM
AKA 2dopey

Registered Member #9506
Joined: Sat Jul 31 2004, 02:57AM
Location: North East UK
Posts: 9298
 		He probably won't like the recommendation under the circumstances but Fused click to open link in new window is still keeping e107 alive

"The irony of the Information Age is that it has given new respectability to uninformed opinion" - John Lawton 1995
Back to top
Website
nlstart
Wed Jun 30 2010, 11:30AM
nlstart

Registered Member #29855
Joined: Fri Aug 18 2006, 03:12AM
Location:
Posts: 4239
 		Actually that's quite some advertisement! Grins!
nlstart plugins: YourFirstPlugin | EasyShop | Locator | ShowMyIP | Poker | FlickrFeed | EasyBackup | EasyDBtool | e107_Quiz | News scroller | Slideshow | BanHelper | EasyGallery | EasyHours
Back to top
Website
rgk
Wed Jun 30 2010, 02:44PM

Registered Member #21870
Joined: Tue Oct 25 2005, 06:07PM
Location: NY
Posts: 1132
Member Of The e107 Support Team
 		i use Linode over here, you can guarantee your own security.

i have yet to have a problem but remember its not shared hosting.
-rgk

MadGizmo.com | MadGizmo.org
Back to top
Brad R
Wed Jun 30 2010, 03:24PM
Registered Member #18939
Joined: Tue Jun 28 2005, 05:48PM
Location: Ontario, Canada
Posts: 197
 		Thanks for the Linode tip, but I'm not yet up to managing my own web server. We use a "managed VPS" now through our old shared hosting provider. Basically they set up the VPS to look like their shared hosting service, and they take care of software installation, configuration, and updates, and also backup. Which was great until the attack of the killer 'bots.
Back to top
septor
Wed Jun 30 2010, 03:31PM

Registered Member #37
Joined: Sun Aug 11 2002, 05:20AM
Location:
Posts: 700
Member Of The e107 Support Team
2dopey wrote ...

He probably won't like the recommendation under the circumstances but Fused click to open link in new window is still keeping e107 alive



At what costs, though. Keeping it alive can't be cheap.

Edit: I'm not suggestion they're bad either. If I had to pay for hosting (which may happen sooner or later) I would use them.

[ Edited Wed Jun 30 2010, 03:35PM ]
Security issue? e107 security is here to help.

My e107 related scripts can now be found on GitHub. Use at your own risk.
Public ready scripts will be pushed to plugins.e107 only.
Back to top
Website
Mojo Will
Wed Jun 30 2010, 05:16PM

Registered Member #31550
Joined: Wed Oct 18 2006, 05:03PM
Location: England UK
Posts: 458
2dopey wrote ...

He probably won't like the recommendation under the circumstances but Fused click to open link in new window is still keeping e107 alive



so why was the main e107.org hosting account 'suspended' most of this morning?
Mostly Mojo
Premium Marketing, Design and Development
xenthemes.com
Want some proper themes? xenthemes have them!
@theMojoWill
Follow me on Twitter
Back to top
Website
Duce
Wed Jun 30 2010, 05:24PM

Registered Member #38832
Joined: Fri Aug 03 2007, 09:10AM
Location: Centurion, South Africa
Posts: 189
Mojo Will wrote ...

2dopey wrote ...

He probably won't like the recommendation under the circumstances but Fused click to open link in new window is still keeping e107 alive



so why was the main e107.org hosting account 'suspended' most of this morning?


Probably a sea cable that went down...
This whole week I have also been battling to get pages here.
You can't touch this!
Back to top
septor
Wed Jun 30 2010, 05:49PM

Registered Member #37
Joined: Sun Aug 11 2002, 05:20AM
Location:
Posts: 700
Member Of The e107 Support Team
Mojo Will wrote ...

2dopey wrote ...

He probably won't like the recommendation under the circumstances but Fused click to open link in new window is still keeping e107 alive



so why was the main e107.org hosting account 'suspended' most of this morning?



Pretty hard to grasp the concept behind, keeping e107 alive, isn't it?

Considering the hosting that powers this website is all donated, I seriously doubt any persons here gave any money to Fused to bring it back up; which would fully imply that they have reactivated the account, thus making the initial suspension invalid.

[ Edited Wed Jun 30 2010, 05:51PM ]
Security issue? e107 security is here to help.

My e107 related scripts can now be found on GitHub. Use at your own risk.
Public ready scripts will be pushed to plugins.e107 only.
Back to top
Website
ChicksHateMe
Wed Jun 30 2010, 08:30PM
Registered Member #14644
Joined: Mon Feb 14 2005, 06:20PM
Location: Leominster, MA USA
Posts: 453
 		I have some sites on Steadfasts shared, and 2 were getting hit, and they took them down. I contacted them, told them I was aware of the hits to contact.php and I would take care of it. They put them back online within 5 minutes and they've been up since, without delays that I've noticed.
I am SOOOO old, I still do all my graphic designs on the original Lite-brite.
Back to top
Nowwhat
Thu Jul 01 2010, 12:54AM

Registered Member #38024
Joined: Thu Jul 05 2007, 02:08PM
Location: Lost in the south of France
Posts: 1208
Member Of The e107 Support Team
 		Using shared and private hosting in Europe by OVH.
They never ever touch server continue - only take care of the hardware, which, after all, I rent.

But the choice of a host is a less important matter in this case, the number of hits you receive is.
If your site is popular (referenced a lot) then even a 100 $ / month server could go down.

Hey guys, e107 is getting popular, and a massive scan trying out all our sites that haven't upgraded to recent versions is one of those things that can happen.
My 0.7.22 sites did stand the shock very well, even with 400+ sessions, and I'm using many many non core plugins - some sites generate more then 90 SQL calls just for the public front page (which is considered as far to much).

I find it unbelievable that there are so many older version out there - just waiting that their host (??) drops by to update their "0.7.15" site ..... Worse, running a 0.7.15 not knowing 0.7.22 exists is ... strange.
Because they didn't (update), they shut down your site that you 'rented' or 'gave' because its considered to have a security leak, things get hard to believe. If they start treating their own web server's system OS, their PHP, the SQL software versions the same way, well, I think I move right away.

On the net, one has to follow the upgrade path, or .... well, you vanish.
If you own a e107 site, visiting e107.org ones in a while - visit you profile and subscribe to the "new version available" mail list isn't a difficult thing to do. If it's time to upgrade, we can help you. Just ask if questions - we all started there.
Never ever edit core code and updating will be easy.

[ Edited Thu Jul 01 2010, 12:58AM ]
Knowing where you are helps if you want to know where to go.
Back to top
Website
C6Dave
Thu Jul 01 2010, 02:21AM
AKA 2dopey

Registered Member #9506
Joined: Sat Jul 31 2004, 02:57AM
Location: North East UK
Posts: 9298
septor wrote ...

..........Pretty hard to grasp the concept behind, keeping e107 alive, isn't it?

Considering the hosting that powers this website is all donated, I seriously doubt any persons here gave any money to Fused to bring it back up; which would fully imply that they have reactivated the account, thus making the initial suspension invalid.

e107.org along with many other sites has been under heavy attack and bandwidth usage went through the roof. Auto triggers take care of it and.......... yep it gets suspended until the reason behind the spike is found and dealt with. It's no different in that sense to any other host. However Fused are Pro Active and not just re active and are very security concious.

Steps have been taken to resist the attacks and the wiki pages updated for members interested (pity all aren't though) in protecting their sites
"The irony of the Information Age is that it has given new respectability to uninformed opinion" - John Lawton 1995
Back to top
Website

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System


All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL licence.
Bug Tracking Software
Render time: 0.2604 sec, 0.1242 of that for queries. Memory Usage: 3,769kB