Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking 4 Low Cost Storage Server with DDoS protections for hosting website / Already with time4vps
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking 4 Low Cost Storage Server with DDoS protections for hosting website / Already with time4vps

peejaygeepeejaygee Member
edited February 2017 in Requests

Hey All,

So, I've been with time4vps for a while (for the most part, very happy with them), had my own personal (none eCommerce) website, all nicely running, then beginning of this year, I'm guessing someone decided to DDoS either my site, or the server (or both, as I'm not that technically minded with this stuff). I've had notifications (on a WP Plugin) about bruceforce attacks at the login part, basically without touching anything (under the hood), my site ended up falling over (excessive Apache threads, causing excessive memory usage, causing services to fail, like mariadb, like lots of people, like LOTS were trying to get to my site, symptoms of DDoS), all I can imagine there is something that is going on, that I can't control and the setup I have with time4vps doesn't allow things like this to be stopped (no DDoS Protection).

I'm still with them until August, so I figured I'd reach out and see if there is anything else I can go for. I am paying the just shy of $48 a year for the specs below and with all due respect, I can't be paying much, it's a personal (geeky) website about me, that not many legitimate people would stumble across and trying to justifying the money to the wife, is a no go.. :)

So, can anybody help me, or at least point me in the right direction, so I can possible move to another host, and start again fresh, with the protection I need to not worry about what is happening to my site when I'm not watching it?

Oh, yeah, the specs I have now are.

CPU 1 x 1.90 GHz, RAM 1024 MB, Storage 1024 GB, Bandwidth 8 TB, No Backups

Date, then in, then out (bandwidth used)

2016-10 1400 MB 7948 MB :
2016-11 1326 MB 6703 MB :
2016-12 2305 MB 8547 MB :
2017-1 1540 MB 5188 MB :

Can anybody help?

Comments

  • Protection and that bandwidth is going to be hard to beat for the price.

  • I'm happy to tweak settings, I'm just trying to show what I have now. My bandwidth for the last few months I've just added to the post under an edit.

  • Backup services are not generally supposed to be used for live production stuff so unlikely to have protection.

    And based on what you've described you're under an application / Layer 7 (D)DoS attack which is unlikely to be protected by standard DDoS protected providers. You need a specialized service or the know how to deal with this situation.

    Thanked by 1WSS
  • cfgguycfgguy Member, Host Rep

    Your best bet is to setup reverse proxy which is ddos protected. Try Luxemburg location from buyvm. Those guys offer ddos protection

    Thanked by 1Francisco
  • Those storage servers don't have many resources other than raw disk space, so running anything on them besides semi-cold storage isn't a great idea. Also you won't beat the price per TB for that much storage and it will be hard to even match it.

    Your bw amounts look very low: are you sure they're in MB rather than GB? What are you using all that storage for?

    I don't have public-facing services to any of my storage servers, and have been meaning to actually firewall them so that only my own other servers can reach them at all, but haven't been organized enough yet.

    How much storage do you actually want?

  • time4vpstime4vps Member, Host Rep

    peejaygee said: I can't control and the setup I have with time4vps doesn't allow things like this to be stopped (no DDoS Protection).

    We do not offer pro-active DDoS monitoring and mitigation, correct. But, as a DC owners we have ability to nullroute IP address in case of excessive bandwidth overuse. Your storage server runs with 400 Mbps port speed, so we can sustain this amount of bandwidth without auto nullroute kicking in.

    In your case CSF (software firewall) should do enough to stop some nasty traffic. Also consider Cloudflare. If you have any questions how to setup proper software protection for DoS attacks please contact us and we will help you with information. You are not alone, we are here for you.

  • @willie said:
    Those storage servers don't have many resources other than raw disk space, so running anything on them besides semi-cold storage isn't a great idea.

    Willie, I totally get that, originally when I wanted to get/set up my space I reached here (lowendtalk), I ened up with time4vps and I emailed them asking about any issues they would face if I did what I did, to which they stated they were happy to have anything on it (within reason for legal reasons) I was totally new to linux, websites,etc, and I didn't want to spend lots of money on something I didn't know if it would take off, etc.

    @time4vps said:

    In your case CSF (software firewall) should do enough to stop some nasty traffic. Also consider Cloudflare. If you have any questions how to setup proper software protection for DoS attacks please contact us and we will help you with information. You are not alone, we are here for you.

    time4vps,

    I did used to use Cloudflare, but I was having issues were jetpack was reporting that my site was down, so I submitted a ticket and was advised it may be Cloudflare causing it, so I stopped using them (Ticket ID: #2018517)

    With it being the 'storage server' and I wasn't using it for it's intended purpose, I figured I didn't have a 'right' to submit a ticket for help, so I appreciate you saying that.

    I'm currently in the process of pulling all the files back down to my main PC, once that is done (and it's taking a while) I'll wipe and start again and then I'll look for solutions online and reach out for 'support' to get some proper protection setup. My current setup only had a firewall and some jail software installed. While I totally appreciate that the setup is not for it's intended use, it's an ideal costing for my needs.

    Thank all for coming back to me, it's given me food for thought.

  • doesn't look like you need much bw... how about diskspace? do you need 1 TB space at all? with more RAM instead of space and bw you could use more ressource on something like a reverse proxy setup to lift load of the box.

    also a lot of bruteforce attacks against wordpress or heavy load due to much connections doesn't necessarily imply DDOS of a kind...

    I'd suggest to redefine what you really need or are looking for, like 2 vcore, >2Gb RAM xy GB space, 500GB bw ...

  • @HungryVM,

    While I'm still with Time4Vps, I'm going to stick with them and see what I can do, but I'll bear things in mind for when it expires (or close too in August/September)

    @Falzo,

    Yeah, when I first setup, I didn't know how much I would use, etc. but now, knowing my setup, I could probably get away with 500gb now (I have/had my server once a month, zipping and backingup, and it's at the 'delete the first one stage' and I'm only at 220gb), and less BW (and go for more memory, although a buddy of mine says 1gb should be enough?). I totally here and understand were you are coming from, again, like saying to HungryVM, I'll take your information under advisement until closer the time.

  • layfonlayfon Member
    edited February 2017

    @HungryVM said:
    1024 GB Ram

    You might want to correct "1TB Ram" typo?

  • 750 GB RAID10 Storage
    8 TB BW @ 1GBPS
    $58 / year Includes DDOS Protection.

    Server is Colocated at hetnzer.

    Is this a KVM?

  • peejaygee said: jetpack

    DIsable jetpack and use cloudflare. Install tested plugins to replace jetpack tasks, chosing only those you really need.

    peejaygee said: storage server

    As others said, never -ever- use a storage server for production state. There is a reason cheap storage servers are called "storage servers" - and it is not only the size of the HDD. They have smaller specs than others, because they are intended to keep only backups. It is a miracle time4vps did not suspend your server for abusing, getting so much traffic to the vps...

    peejaygee said: it's an ideal costing for my needs

    A solution would be to use a smaller vps for handling your website and mount a time4vps folder as the file storage solution to your production vps.
    Cloudflare would save you a lot traffic for static files and can mitigate some low and simple DDoS attempts.
    On top of that, if you can afford it, buy a small vps from a protected provider and use it as proxy between your domain and your real vps.

  • @jvnadr said:

    peejaygee said: jetpack

    DIsable jetpack and use cloudflare. Install tested plugins to replace jetpack tasks, chosing only those you really need.

    I've thought about disabling Jetpack, as the only item I use on it is the notification when the site is down and I don't think there is another place that can do that? I can't incorporate it into the site as if it's down the notifier wouldn't work.

    peejaygee said: storage server

    As others said, never -ever- use a storage server for production state. There is a reason cheap storage servers are called "storage servers" - and it is not only the size of the HDD. They have smaller specs than others, because they are intended to keep only backups. It is a miracle time4vps did not suspend your server for abusing, getting so much traffic to the vps...

    Before I signed up I reached out and explained my needs and my usage, and they didn't have an issue with it, hence it not being suspended.

    peejaygee said: it's an ideal costing for my needs

    A solution would be to use a smaller vps for handling your website and mount a time4vps folder as the file storage solution to your production vps.
    Cloudflare would save you a lot traffic for static files and can mitigate some low and simple DDoS attempts.
    On top of that, if you can afford it, buy a small vps from a protected provider and use it as proxy between your domain and your real vps.

    I actually use the VPS as an 'OwnCloud' server, hence the storage, but the low traffic of my personal site is the reason I bolted that alongside too (utilize as much as I can)

  • jvnadrjvnadr Member
    edited February 2017

    peejaygee said: I've thought about disabling Jetpack, as the only item I use on it is the notification when the site is down and I don't think there is another place that can do that? I can't incorporate it into the site as if it's down the notifier wouldn't work.

    Use free external monitoring systems. https://nixstats.com/login
    There are other plugins for this job, also.

    peejaygee said: Before I signed up I reached out and explained my needs and my usage, and they didn't have an issue with it, hence it not being suspended.

    Even then, a storage vps has lower cpu cycles to use and it is not intended for production. Avoid it.

    peejaygee said: low traffic of my personal site

    If your site does not have real traffic (and your traffic is ~8-10GB per month, as I see in your initial post), then, you should consider to use some cheap shared service (you can find a lot in LET), keeping time4vps server for its initial purpose: your owncloud server.
    Try @Ishaq 's service in this link https://www.lowendtalk.com/discussion/101346/pageclick-uk-ssd-cpanel-let-s-encrypt-daily-backups-reseller-9-99-year-end-of-year-sale for example, or, BuyShared https://buyshared.net/shared-cpanel-hosting/. And, if you have a lot of files you want to have in your WP site, hotlink them from your time4vps service.

    Thanked by 1Ishaq
  • Just grab a small OVH VPS.

  • Is owncloud a big disk i/o hog? I've heard that some other programs like that are.

  • @jvnadr said:

    Use free external monitoring systems. https://nixstats.com/login
    There are other plugins for this job, also.

    Done, got rid of Jetpack

    Even then, a storage vps has lower cpu cycles to use and it is not intended for production. Avoid it.

    I also have a bandwagon host account that I've not used in a while, but I moved away from them because of the small amount of space, but looking at your logic, I could possible duplicate my site with them and like you said reference the other place for the hot-linking.

    If your site does not have real traffic (and your traffic is ~8-10GB per month, as I see in your initial post), then, you should consider to use some cheap shared service (you can find a lot in LET), keeping time4vps server for its initial purpose: your owncloud server.
    Try @Ishaq 's service in this link https://www.lowendtalk.com/discussion/101346/pageclick-uk-ssd-cpanel-let-s-encrypt-daily-backups-reseller-9-99-year-end-of-year-sale for example, or, BuyShared https://buyshared.net/shared-cpanel-hosting/. And, if you have a lot of files you want to have in your WP site, hotlink them from your time4vps service.

    The specs on the the VPS with Bandwagon are

    RAM:0.96/512 MB
    SWAP:0/512 MB
    Disk usage (/): 0.33/5 GB
    Bandwidth usage:Resets: 2017-03-12
    0.03/500 GB

    You think that would be enough for a WordPress site?

    @willie said:
    Is owncloud a big disk i/o hog? I've heard that some other programs like that are.

    I've not had any issues with it, but I only have small changes at a time, just an easy way to sync stuff up between a machine in work and a machine at home (at home I use SyncTrazor to sync all my LAN machines)

  • peejaygee said: You think that would be enough for a WordPress site?

    It depends on the load (aka, your daily visitors). If your site has less than 2-3K visitors per day, then, 512MB could fit fine. If you have the capability, don't use any web control panel (I assume you only host one site there). Install a LEMP stack (nginx with mysql and php, there are plenty of tutorials on how to do it out there) and you are ready. Use cloudflare to save some load and it'll run like a charm.
    https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu-14-04

    When you install your WP to the new server, mount a remote folder from your time4vps node, to the WP media directory and config your WP to use this as media storage.
    https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-14-04

    willie said: Is owncloud a big disk i/o hog? I've heard that some other programs like that are.

    No, it's not, of course always depending on the usage. If you have 100's of users grabbing and uploading files from/to owncloud installation, then, yes, it could be a disk i/o hog. But for normal personal usage, even an old single hdd could fit. (Although I don't like the way owncloud handles working docs, when saving them constantly. Pydio is far better IMHO)

    Thanked by 1Yura
  • @jvnadr said:

    When you install your WP to the new server, mount a remote folder from your time4vps node, to the WP media directory and config your WP to use this as media storage.
    https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-14-04

    I tried this, I think it's a little bit above my linux knowledge. While you pointed me towards a 'Ubuntu' tutorial, and I know most linux commands are very similar, I tried to find a tutorial for Centos, I tried with public keys, I tried with a username without a password and with, while I could get it to mount manually, I couldn't get it to mount auto as it needed some form of password (as the public key thing didn't work for some reason even though I thought I stored it in /root/.ssh/authorisedkeys as websites told me too)

  • Create a ssh key to both servers:

    ssh-keygen -t rsa

    Press enter without typing anything on the questions you get.
    Copy key from bandwagonhost server to time4vps and vice versa

    scp ~/.ssh/id_rsa.pub root@YOUROTHERSERVERSIP:.ssh/authorized_keys

    Do it for both servers (from bandwagonhost enter time4vps ip and from time4vps server ender bandwagonhost ip)
    It will ask you to accept ssh and enter your password, say yes and enter it.
    That was all. Now, test it trying to ssh from one server to another (use ssh XX.XX.XX.XX, aka the ip of the other server that that to use). If it login without asking you password, you connected the server.

  • So, I did exactly as you said, yet it still asked me for the passwords at the ssh xx.xx.xx.xx comment (I did have to tweak all the commands though, as I have both servers on different SSH ports) and one thing that did scare me a little

    reverse mapping checking getaddrinfo for [hidden] [hidden] failed - POSSIBLE BREAK-IN ATTEMPT!

    but as it happened on both I sorted guessed it was the norm.

    thoughts as to why it still asked for my login password?

  • Type

    ssh-agent bash
    

    which should give you a shell prompt. Then type

    ssh-add id_rsa
    

    (or whatever file you put your new key in). Then try to ssh into the other server.

  • No offense, but I think you should follow another root to host your site. You are not familiar nor are capable on setting up more complex infrastructures and troubleshooting them, yet.
    If I where you, I would go with a shared hosting even for a couple of months (there are plenty of good and cheap with a lot of space shared hosters in LET, I already gave you some suggestions) and in that period, in my free time, I would give efforts to learn more deeply how things are working and how to setup the vps. This way, you will not find yourself in trouble when your vps infrastructure breaks on something and you cannot find a solution easily, while on production state.

    Now, in topic:

    peejaygee said: I did exactly as you said, yet it still asked me for the passwords at the ssh xx.xx.xx.xx comment (I did have to tweak all the commands though, as I have both servers on different SSH ports) and one thing that did scare me a little

    The command to copy key in a non standard port is: ssh-copy-id -i ~/.ssh/id_rsa.pub -p <port> user@host

    But I don't know what is your ssh config on both servers, you have to tune it to work.

    Another solution is to use a free online service (dropbox, google drive) as media box for your WP, by using something like this:

    https://wordpress.org/plugins/google-drive-wp-media/
    https://wordpress.org/plugins/external-media/

Sign In or Register to comment.