Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to get around antiddos on my server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to get around antiddos on my server?

Hey guys
I have kimsufi server with kinda of api application running. This application is designed to handle around 200k requests in 30 minutes timespan few times a day. Sadly probably kimsufi detect part of this traffic as ddos attack (i get email 1 time a day about ddos) but im nearly sure its not ddos.

What should I do about this?
Move my application to hosting without anti ddos (hetzner)?
Or spread my aplication on few VPSes to reduce number of requests per IP?

Thanks

Comments

  • pikepike Veteran
    edited November 2019

    Move to a different provider is the only thing you can do. If you need ddos protection go with php-friends. Hetzner also has basic ddos protection, but you can try if it kicks in on your usage.

  • contact kimsufi

    Thanked by 1Clouvider
  • DPDP Administrator, The Domain Guy

    This isn't really an issue.

    If you were to raise this to KimSufi, I'm sure they'll be able to help out.

  • SplitIceSplitIce Member, Host Rep

    OVH / KS does not offer any exceptions regardless of scale.

  • @tgl said:
    contact kimsufi

    That's the worst recommendation you can give him.

  • stefemanstefeman Member
    edited November 2019

    Buy OVH where you can set network firewall rules that affect to the anti-ddos.

    Thanked by 1uptime
  • jsgjsg Member, Resident Benchmarker

    @dodheimsgard said:
    Hey guys
    I have kimsufi server with kinda of api application running. This application is designed to handle around 200k requests in 30 minutes timespan few times a day. Sadly probably kimsufi detect part of this traffic as ddos attack (i get email 1 time a day about ddos) but im nearly sure its not ddos.

    What should I do about this?
    Move my application to hosting without anti ddos (hetzner)?
    Or spread my aplication on few VPSes to reduce number of requests per IP?

    Thanks

    Based on the minimal info you provide nobody can offer sensible advice. Example: Those 200K requests come from about how many system and IPs? Mainly from some region or even country (which one?) or from all over the world? What kind of reqs? http or custom or ...?

    Btw. why didn't you discuss with/inform Kimsufi front-up?

    Thanked by 1dodheimsgard
  • MikeAMikeA Member, Patron Provider

    @stefeman said:
    Buy OVH where you can set network firewall rules that affect to the anti-ddos.

    His issue is with the underlying mitigation, not the network firewall.

    If OVH's mitigation is blocking his traffic, nothing can be done.

    Thanked by 2dodheimsgard uptime
  • @jsg
    Every user make max few requests (like 4-5 max), requests come from all over world. My stats show that user requests come from around 50k unique IPs. All requests are http get/post.

    I dont discuss with kimsufi because from my experience they are close to no support company unless you are renting servers for shitload of money a month + i found many similar threads and conclusion was only 1 - OVH wont do anything to help me because they wont disable their antiddos system for one customer.

    I know shit about antiddos systems, I have no bigger idea how such system may work so I'm asking here if moving to other provider without antiddos would be better solution or spreading traffic across more IPs (like 5-10 VPS for example) :)

  • @dodheimsgard said:
    @jsg
    Every user make max few requests (like 4-5 max), requests come from all over world. My stats show that user requests come from around 50k unique IPs. All requests are http get/post.

    I dont discuss with kimsufi because from my experience they are close to no support company unless you are renting servers for shitload of money a month + i found many similar threads and conclusion was only 1 - OVH wont do anything to help me because they wont disable their antiddos system for one customer.

    I know shit about antiddos systems, I have no bigger idea how such system may work so I'm asking here if moving to other provider without antiddos would be better solution or spreading traffic across more IPs (like 5-10 VPS for example) :)

    You answered your own question. Move to another provider and ask them upfront about your use case before committing.

  • jsgjsg Member, Resident Benchmarker

    @dodheimsgard said:
    @jsg
    Every user make max few requests (like 4-5 max), requests come from all over world. My stats show that user requests come from around 50k unique IPs. All requests are http get/post.

    I dont discuss with kimsufi because from my experience they are close to no support company unless you are renting servers for shitload of money a month + i found many similar threads and conclusion was only 1 - OVH wont do anything to help me because they wont disable their antiddos system for one customer.

    I know shit about antiddos systems, I have no bigger idea how such system may work so I'm asking here if moving to other provider without antiddos would be better solution or spreading traffic across more IPs (like 5-10 VPS for example) :)

    Then I'm not surprised that their DDOS detection gets excited. After all, what you describe (hours of almost no or little traffic and occasionally large bursts) does look like a potential DDOS to a cheap scanner.
    I personally do not think that distributing your traffic over some more VPSs with Kimsufi would help because it only would make the bursts somewhat smaller (and seriously increase your costs).

    I'd rather switch to a provider whom you can discuss with and explain the situation. Btw. your situation is not that exotic; Many businesses also have "transfer windows" every 2 - 6 hours when they get or send a whole lot of data at once.

    There are some technical options too but I guess you don't want to (or even can't) redesign and change your software.

    Thanked by 1dodheimsgard
  • exception0x876exception0x876 Member, Host Rep, LIR

    @dodheimsgard said:
    Hey guys
    I have kimsufi server with kinda of api application running. This application is designed to handle around 200k requests in 30 minutes timespan few times a day. Sadly probably kimsufi detect part of this traffic as ddos attack (i get email 1 time a day about ddos) but im nearly sure its not ddos.

    What should I do about this?
    Move my application to hosting without anti ddos (hetzner)?
    Or spread my aplication on few VPSes to reduce number of requests per IP?

    Thanks

    The fact that you get an email about detected DDoS attack doesn't mean that OVH filters out legitimate requests while DDoS protection is on. Did you actually get any complaints about service availability during that time?

    Thanked by 2dodheimsgard uptime
  • raindog308raindog308 Administrator, Veteran

    dodheimsgard said: kinda of api application

    First thing I thought of was offloading to a CDN, but it sounds like your app wouldn't really work with that kind of setup.

  • You should spread the traffic. Use multiple VMs. Then importantly use anycast dns. Load balancer will also be good option.

    This type of app is best to use aws, vultr, do or linode. Or other providers that offers vps. But I still recommend aws for running api systems.

  • MikeAMikeA Member, Patron Provider

    @cazrz said:
    You should spread the traffic. Use multiple VMs. Then importantly use anycast dns. Load balancer will also be good option.

    This type of app is best to use aws, vultr, do or linode. Or other providers that offers vps. But I still recommend aws for running api systems.

    If he's using a Kimsufi server he probably doesn't want to spend the money on load balancers and AWS, Linode, etc lol.

  • cazrzcazrz Member
    edited November 2019

    @MikeA said:

    @cazrz said:
    You should spread the traffic. Use multiple VMs. Then importantly use anycast dns. Load balancer will also be good option.

    This type of app is best to use aws, vultr, do or linode. Or other providers that offers vps. But I still recommend aws for running api systems.

    If he's using a Kimsufi server he probably doesn't want to spend the money on load balancers and AWS, Linode, etc lol.

    If he wants to stick on KS then he can get multiple dedis there and load balance via dns or another dedi. He just need to spread the traffic. His issue is that 200k post/put or api request which will really gets blocked by antiddos systems. So lets say 5k-10k req per server? Lol so probably 20 KS servers.

Sign In or Register to comment.