All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Revenge DDoS - Warning to Providers
randvegeta
Member, Host Rep
Hello all.
I'd like to share a little story, which will hopefully help some providers make some better decisions.
About a month ago, we had a new client order our HK based NAT VPS for HK$65 (US$8.5) per YEAR service. Super cheap, especially for HK. The specifications for the server is quite low. And in order to lower expectations even further, we have a very unflattering NAT VPS description page to communicate to buyers what it is they are buying. In fact, no where on our website do we advertise the NAT VPS so we even link back to this page on the WHMCS order form.
https://hosthongkong.net/?page=NAT-VPS
This customer happened to be from China. As an HK based hosting company, no surprise we get a lot of Chinese customers. And probably 90% + do not cause us issues. So this client orders, and a few days later, without even sending an EMail or submitting a ticket opens a dispute at Paypal, claiming the service was not as described. In the Paypal dispute they post screenshots of the service having poor performance. Specifically showing disk I/O at being only 10MB/s and bandwidth only getting around 4Mbit (to/from China). I respond to the Paypal dispute by linking back to my NAT-VPS page showing that the I/O limit is actually only 10MB/s and fair usage bandwidth should be expected to be 400Kbit/s. Thus the performance was absolutely as described.
Paypal found closed the dispute and found in our favor. And per terms of service, the VPS was terminated for opening a BS dispute.
So this was back in mid to late February. Perhaps coincidentally, the day after the dispute was closed in my favor, our website has been under continuous DDOS. Our firewall has blocked some 1000 subnets in the last 24 hours alone. The amount of traffic is thankfully not too high so we're not straining our network by any stretch. But we had to implement some policies to detect and block these connections to reduce the load.
The number of IPs this attacker has access to is staggering. Literally 10s of thousands. Most of the IPs appear to be from China, though as they get blocked I'm seeing more and more IPs from around the rest of the world. It is staggering because it's been almost a month and this guy isn't letting off. Just persistently sending us junk traffic. 10s of thousands of IPs. Over a US$8.5 PER FUCKING YEAR service.
Now even though 90+% of Chinese customers are fantastic, the <10% that are problematic really make a strong case for not doing any business with China at all. The level of entitlement and vindictiveness is, as I have said, staggering.
I wonder how much a persistent DDoS attack, using 10s of thousands of IPs for a month costs these days.
Comments
Good news, big attacks costs big money. Usually they won't last more than few days. You knew the risk of industry. Swallow it.
It is saddening to face such situation over such little issue. There is a book called Laws Of Powers which describes perfectly such behaviour. I call them Nordols.
They would stop at nothing to get what they feel is right. Mitigating such client profile isn't easy and proceeding with ease, caution and discussion is a way to go. But it doesn't sound you were in position to detect that before.
If it makes you feel any better, I'm sure all of hosting providers faced such threats / attacks.
Somehow reminds me of the guy back in 2019 who ransomed us with a 40Gbit attack.
Went away after we mitigated it and told him to go fuck himself
As well got ransomed with ddos some months ago to take offline some porn website. (compeition of the customer)
Happens. Sadly. Its the market
From time to time it is happening to almost all providers. Those customers have their own Rules/TOS/Money back guarantee understanding. The risk always exists.
Prepare for an onslaught of DDoS for your comment. You knew the risks of trolling online!
Sure. I mean.. this is nothing really new. It's just the scale and rationale makes no sense. The cost of the attack can't be so cheap that it's worth getting 'payback' over US$8.5. The client was at fault, but even if he feels he's right and that we really stole his $8.50, it's just $8.50. Why dedicated so much effort and resources to an attack that achieves nothing.
At the moment, all it achieves is a momentary increase in my server's CPU load. As the IPs get blocked, load drops. And this is happening automatically. The inconvenience for me is a slower system when the IPs go into rotation. If the attack were to be any stronger, I just activate my DDoS scrubbing with L7 protection. I don't because this increases my latency.
I'm very curious as to how much this is costing, and how much he's willing to spend just to slow down our website.
Went away after we mitigated it.
Yeah we had some similar cases over the years. We have mitigation but this is a weird attack where it's specifically attacking the web server to raise the load. Hardly any actual traffic, so it's not consuming our BW to any meaningful degree.
We have network level mitigation which we could activate but that actually has some adverse effects on overall performance for the whole network, so we don't activate it unless it's serious.
if it doesnt let up, I guess we'll just move the website to an always on protected network. Will see how it goes.
It can also be FOC, if their circle of friends are, you know, PKs.
FOC? PK?
Free Of Charge, Packet Kiddies.
Rumors are @codydoby resold the server to a random guy he met online after he realized it was barely useable. He told the poor dude the server could stream Pornhub at 4K resolution.
Ever since I exposed him, the MJJs have been attacking me:
Good luck.
Do push-ups for mitigation. 1 push-up = 1kpps DDOS protection
What's new? Revenge attack has been in existence of man kind for as long as males have had balls.
What does MJJs mean?
I can't fathom how such shitbags exist.
@randvegeta , maybe the guy has his own botnet or smth. DDoS attacks cost ~$15/hr iirc, so it's not cheap to run for an entire month.... Do you think he will just never stop???
Also, maybe use CF
Lacking a penis
I can mitigate the attack fine.
No need for cloudflare. Just annoying. I see my firewall blocklist growing ever larger, and my log file filling up with nothing but junk.
Please don't talk nonsense. When did I say it?
I'm sorry about that, but I don't know much about such advanced things. Maybe it's just a coincidence, after all you are so famous. People are afraid of famous and pigs are afraid of fat.
the fuk this even mean tho
It means @yoursunny is always famous not only among MJJ but also among (maybe) guys in other places for his various speeches including replying with the classic no-IPV6 shame list and special push up videos.
>
Fat pigs get slaughtered first. He’s trying to say mysunny should keep a low profile and stop posting pictures of his peach butt.
>
That’s what I mean, I just analyze it objectively.
Who the fuck gives a shit about those? It's banter at best. You're the one I always see who likes talking shit and then suddenly demands an apology like they disrespected your entire ancestry when they hit you back. Fucking snowflake.
Sorry I saw upstairs (@Kiwi83) is talking nonsense AGAIN LIKE YESTERDAY about me just now.
So I was a little angry that caused my incoherent remarks above. But I believe @yoursunny won't care, right? The adults don't remember the villains.
To be honest, there must be someone who doesn’t like something.
Finnaly, good day today.
Even so, @codydoby still manages to bring severe shame to all MJJs on top of his family and his country.
good day! shall we continue???????
You come again? It is you....
It was upstairs who made up the fact that it did not exist for me! Who started to mention me and frame me? Would you please put yourself in a different position and think about it?
I did talk about situation of @yoursunny. But I didn't offend you, so don't be like this.
Please don't turn this thread into the one which was recently closed.
relax. I'm just kidding. just here for some deals.
Well, when your website got plagiarized, others suggested you to attack the other site. You expressed the desire to attack, but claimed that you did not know how to do so.
https://hostloc.com/forum.php?mod=redirect&goto=findpost&ptid=809111&pid=9983316
Hint: there's no use looking for WordPress on my servers. I don't have WordPress.
All my websites are open source, and you can find the code on GitHub or Bitbucket.
If you do find a vulnerability, there's prize for you.
Do you want me to do a special push-up video for you?
I'm getting 300pps across all my servers. How do I do 0.3 push-ups
?
We don't want deals. We want drama.