Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Tips Im Under attack, OVH IP attacker
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Tips Im Under attack, OVH IP attacker

xreann20xreann20 Member

Hello,
OVH peeps there, my server is hosted within OVH and firewall seems to not work if the attack is coming frmo their IP. Any tips to block the attack?

--I always need help..pff

Comments

  • MikeAMikeA Member, Provider

    no. report the attacking IPs to OVH abuse. their firewalls only filter external traffic.

    Thanked by 2xreann20 coreflux

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • FranciscoFrancisco Top Provider

    THE CALL FROM FROM INSIDE THE HOUSE!

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • xreann20xreann20 Member

    @MikeA said:
    no. report the attacking IPs to OVH abuse. their firewalls only filter external traffic.

    Thanks, just did that. But its easy then? they just buy another vps = new IP .

    @Francisco said:
    THE CALL FROM FROM INSIDE THE HOUSE!

    Francisco

    walkie-talkie between rooms is better.

    --I always need help..pff

  • serv_eeserv_ee Member

    Is it just me or this seems to be a regular thing with OVH already?

    Thanked by 1xreann20

    I swear to drunk Im not god

  • MikeAMikeA Member, Provider

    @serv_ee said:
    Is it just me or this seems to be a regular thing with OVH already?

    has been an issue for years.

    Thanked by 2xreann20 coreflux

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • xreann20xreann20 Member

    Is it just me or this seems to be a regular thing with OVH already?

    has been an issue for years.

    Ohhh is it? so they cannot resolve this? Because the attacker IP is from an OVH VPS Reseller, Host4fun. So the attacker can just buy another VPS..this is so sad..isn't there any other way :(

    --I always need help..pff

  • xreann20xreann20 Member
    edited May 28

    @RIYAD sir check this IP one of your customer. ~redacted~

    --I always need help..pff

  • deankdeank Member, Troll

    Has been an issue since day one.

    Your resistance is futile, literally.

    Thanked by 1xreann20

    There are two things that make Earth spin: Money and PMS.

  • xreann20xreann20 Member

    @deank said:
    Has been an issue since day one.

    Your resistance is futile, literally.

    its @RIYAD 's customer lol. Imma send report abuse.then let that attacker find other OVH Reseller assuming host4fun does not tolerate abuse as they claim on their trustpilot responses.

    --I always need help..pff

  • seriesnseriesn Member, Top Provider
    edited May 28
  • xreann20xreann20 Member

    seriesn said: Send them a ticket?

    Sent an abuse report to their abuse email address. I will try creating a ticket.

    --I always need help..pff

  • deankdeank Member, Troll

    Once he is gone, you will be hit from another IP in some days.

    I guarantee that.

    Thanked by 1xreann20

    There are two things that make Earth spin: Money and PMS.

  • xreann20xreann20 Member

    deank said: Once he is gone, you will be hit from another IP in some days.

    I guarantee that.

    If he got unli cash. Then I just do load balancing soon. Imma try filter optimizations first

    --I always need help..pff

  • RIYADRIYAD Member, Provider

    @xreann20 already answered you over ticket . Also LET is not our support desk and remove the IP from this post .

    DeployNode - 1GB Ram , 20GB Storage , 1xCPU , 1TB BW ,Price :$1/month !
    Host4Fun KVM VPS in : SG,NYC,SEA,LA,UK,NL,PHX,ASH,ATL,NY,NC,DAL,MIA,CHI,OR,RS,DE,FR,PL,RO,CA (21+ Locations!).

  • xreann20xreann20 Member

    @RIYAD said:
    @xreann20 already answered you over ticket . Also LET is not our support desk and remove the IP from this post .

    Im happy to remove it, but I cannot. Moderators can only remove it I think. And btw I did no use this post to be your support desk for abuse. This is for tips from ovh users myself if there is a way to block an attack from inside OVH network.

    --I always need help..pff

  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire

    @xreann20 said:
    Im happy to remove it, but I cannot.

    @RIYAD said:
    remove the IP from this post .

    IP redacted.

    Thanked by 2RIYAD xreann20

    "Everyone you meet is fighting a battle you know nothing about. Be kind. Always."

  • AlwaysSkintAlwaysSkint Member
    edited May 28

    Personally, I don't see any reason to remove the IP. Providers should make more of an effort to stop abusive practices from their clients. Granted, the IP may then move to some other sucker client but it should be up to the provider to get it 'cleaned up'. Accountability is lacking, especially when provider's own ToS frequently state abuse is unacceptable.
    Just my opinion.

    [Climbs down from my broadcasts/port scanning soapbox.]

    Long live LowEndInfo.com

  • xreann20xreann20 Member

    UPDATE!

    Need provider suggestion on APAC region or around ~150 ms on apac..riyad dealt with it, now the attacker just bought another vps...lol @OVH_APAC @OVH_Matt is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.

    --I always need help..pff

  • What's the reason you're being attacked for? I mean, someone really wants to bring your service down.

  • xreann20xreann20 Member

    @SCAM_DONT_BUY said:
    What's the reason you're being attacked for? I mean, someone really wants to bring your service down.

    Basically its competition.

    --I always need help..pff

  • xreann20xreann20 Member

    I host a gameserver, and their players are going to me. They are threatened.

    --I always need help..pff

  • deankdeank Member, Troll

    @xreann20 said:
    now the attacker just bought another vps...lol

    Told you so.

    Thanked by 1xreann20

    There are two things that make Earth spin: Money and PMS.

  • xreann20 said: Basically its competition.

    Okay, then internal attacks are a lot more common than what I've thought before. Looks like OVH isn't interested in this at all...

  • xreann20xreann20 Member

    deank said: Told you so.

    I knew you were correct, I underestimated OVH lack of support :neutral:

    Im trying @splitice , although graph is not working. got high ping tho. Im open to suggestions :) Thanks all!

    --I always need help..pff

  • OVH should really address the internal attacks situation as it's becoming a common practice these days I see. Their protection works great for most people, including myself but the fact that you can launch attacks within their network it's pretty scary stuff.

  • EdmondEdmond Member without signature

    @kalimov622 said:
    OVH should really address the internal attacks situation as it's becoming a common practice these days I see. Their protection works great for most people, including myself but the fact that you can launch attacks within their network it's pretty scary stuff.

    This is some dumb loophole where you think you can trust every single customer within the network but you can’t. Why bother attacking from a outside network if you just get a VPS from OVH and flood another OVH customer?

    I mean it makes sense now... when I ping a OVH IP, before I reach their network’s hops, always see a hop or two return nothing. Imagine those are where the firewall is and everything routed internally, even across datacenters, doesn’t matter...

  • EdmondEdmond Member without signature

    @xreann20 said:

    deank said: Told you so.

    I knew you were correct, I underestimated OVH lack of support :neutral:

    Im trying @splitice , although graph is not working. got high ping tho. Im open to suggestions :) Thanks all!

    If your trying X4B, you need a new OVH IP again still. Once they do not know the origin IP address, their DDoS protection should kick in as intended.

    Thanked by 1xreann20
  • xreann20 said: Im open to suggestions

    Keep reporting the attacker so OVH could suspend them.

    Thanked by 1xreann20

  • SplitIceSplitIce Member, Provider
    edited May 31

    @xreann20 The Layer 4 filtering graph is unavailable for display. This does not affect mitigation performance or results.

    It's disabled due to the huge growth we have had in the last few months.Optimizations are being developed for our collector and as soon as they get the collector running smoothly again it will be back. The absolute last thing we want is for people to make incorrect decisions based on incorrect data (due to missing periods of data etc) and hence as a non-critical feature it will be disabled until we are sure we have it under-control.

    Thanked by 1xreann20
    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in the Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • xreann20xreann20 Member

    Edmond said: If your trying X4B, you need a new OVH IP again still. Once they do not know the origin IP address, their DDoS protection should kick in as intended.

    Done already, only problem now is latency, seems like they mitigate the attacks well.

    --I always need help..pff

  • xreann20xreann20 Member
    edited May 31

    MikeA said: has been an issue for years.

    that staff/founder said the team is working on it :D srsly its been 2 years? sounds like it wont be fixed for another few years. because they are apparently been "working on it" for 2 years already, perfecting every packet filter there is :)

    *SARCASM - for those people who don't get cues

    --I always need help..pff

  • vip3r09vip3r09 Member

    I find it absolutely shocking how vulnerable OVH servers are to internal attackers. Making me think twice about renewing my 2 dedicated servers and going with different provider after reading this.

    Thanked by 1xreann20
  • tsofttsoft Member

    Is it possible to see the attacker IP or country?

    Today got
    Detection of an attack on IP address 145.239

    This server runs an internal app. No idea who was interested to attack it. Maybe false positive.

    Thanked by 1xreann20
  • EdmondEdmond Member without signature

    @chihcherng said:

    xreann20 said: Im open to suggestions

    Keep reporting the attacker so OVH could suspend them.

    Who’s stopping them from going to another host that uses OVH and continuing to attack OP’s IP addresses?

    Thanked by 1xreann20
  • MikeAMikeA Member, Provider

    @Edmond said:

    @chihcherng said:

    xreann20 said: Im open to suggestions

    Keep reporting the attacker so OVH could suspend them.

    Who’s stopping them from going to another host that uses OVH and continuing to attack OP’s IP addresses?

    that is the problem :open_mouth:

    Thanked by 1xreann20

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • xreann20xreann20 Member

    tsoft said: Is it possible to see the attacker IP or country?

    You can just check IP info of that IP, then that is the country of the VM they use. Not the attacker's actual country.

    --I always need help..pff

  • xreann20xreann20 Member

    vip3r09 said: I find it absolutely shocking how vulnerable OVH servers are to internal attackers. Making me think twice about renewing my 2 dedicated servers and going with different provider after reading this.

    They have no fire extinguisher inside their house. You will go down if the attacks come from the inside, btw this is just the time I found out about this, that its so easy to take down an OVH server.

    --I always need help..pff

  • tsofttsoft Member

    @xreann20 said:
    You can just check IP info of that IP

    OVH blocks these IPs, so they do not reach the server. Anyway, probably bot net, so it is pointless to track the ips.

    Ddos took 5 minutes. That how it works:

    Start

    We have just detected an attack on IP address

    In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure.

    The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers.

    At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation.

    After 5 minutes

    Dear Customer,

    We are no longer able to detect any attack on IP address

    Your infrastructure has now been withdrawn from our mitigation system.

    Thanked by 1TimboJones
  • chihcherngchihcherng Member
    edited June 3

    @Edmond said:
    Who’s stopping them from going to another host that uses OVH and continuing to attack OP’s IP addresses?

    Their pockets? and the number of providers using OVH hosts? Assuming they can't buy another VPS again from providers suspending them, they won't be able to attack OP from OVH IP eventually.


  • EdmondEdmond Member without signature

    @chihcherng said:

    @Edmond said:
    Who’s stopping them from going to another host that uses OVH and continuing to attack OP’s IP addresses?

    Their pockets? and the number of providers using OVH hosts? Assuming they can't buy another VPS again from providers suspending them, they won't be able to attack OP from OVH IP eventually.

    Providers take time to respond to abuse tickets? How much would the cheapest VPSs be? Dollar or two a month? If they got a day’s use out of it, it’s just $30 for the whole month.

  • WebGuruWebGuru Member

    I have been a victim of regular attacks (L4, L7) from within OVH network for years and i can assure you they are not interested to put their house in order they believe there is nothing wrong with it.

    Most of the booters/stressers you see online that charge pennies for taking down servers use multiple OVH ip addresses to launch these massive attacks!

    I don't like cloudflare too but i respect them for being honest at least. I contacted them in past when some kids were using cloudflare bypass trick to launch attacks on my site that was using cloudflare protection and CF admitted it with an open heart that it's possible to bypass their javascript cookie page easily and only way to avoid these attack is using captcha protection instead of default JavaScript cookie based protection.

  • xreann20xreann20 Member

    chihcherng said: Their pockets? and the number of providers using OVH hosts? Assuming they can't buy another VPS again from providers suspending them, they won't be able to attack OP from OVH IP eventually.

    OVH Resellers are everywhere, and their cheap. $$$ won't be an issue when they are these 512mb $1 resellers.

    PS: *PROBABLY EXAGGERATED

    --I always need help..pff

  • xreann20 said: OVH Resellers are everywhere, and their cheap.

    How many OVH resellers are there? If every victim reports abuse to the correct abuse contact with proof, attackers will soon run out of resellers to buy from. But if no one reports, then no OVH reseller will know some customers are abusing its service.

    Just like what's currently happening in the USA. The system can't see its own problems and it won't correct itself without the many protests going on across the nation. Yes, it might still be the same after so many protests, as history has shown us, but still, we could give it another chance. The same for OVH.


  • xreann20xreann20 Member
    edited June 4

    chihcherng said: How many OVH resellers are there? If every victim reports abuse to the correct abuse contact with proof, attackers will soon run out of resellers to buy from. But if no one reports, then no OVH reseller will know some customers are abusing its service.

    Just like what's currently happening in the USA. The system can't see its own problems and it won't correct itself without the many protests going on across the nation. Yes, it might still be the same after so many protests, as history has shown us, but still, we could give it another chance. The same for OVH.

    the *** are you comparing it to? Provider is replaceable, I don't know about your government, if I keep reporting it Im left 0 players. Your solution is very inefficient lol, I already reported 4x, how long still? 50 more? and btw its not reseller, 1 ip is from ovhcloud only 1 is reseller the others are from unknown organization so probably OVH cloud also. I REPORTED 4X, within 3 days of downtime, still continues to persist only 2 IPs are not attacking anymore, but still 2 IPs can down me, the next day again 4 IPs attacking now different, it can continue for so long that crows turn white, don't underestimate OVH superb support, how many more years?*SARCASM

    --I always need help..pff

  • xreann20xreann20 Member

    chihcherng said: How many OVH resellers are there?

    so many?, we have different attackers from different victims. wrap that logic around your brain. your solution requires sacrificing my gameserver to an abandoned one.

    --I always need help..pff

Sign In or Register to comment.