Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What do you think of Sucuri?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What do you think of Sucuri?

Four20Four20 Member

My friend owns a big forum and lately the site is getting ddosed a lot, not only that, but he is getting random pms/emails claiming the forum is vulnerable and they know exploits in the site but not telling anything else, and that got him worried.

but for me I'm not really worried about the site getting hacked, since no one did anything so far.
But the ddos is getting annoying.

The site is on a OVH Server, not using CloudFlare ATM.
cPanel/WHM and LAMP stack are the only softwares on the server if that matters.
I'm thinking of getting a ddos protection VPS as a reverse proxy, and then buying Sucuri business plan for L7 protection.
I also noticed they offer many features, such as WAF, malware removal, malware scanning, etc.

Anyone using them?

Comments

  • K4Y5K4Y5 Member
    edited April 2016

    @Four20 said:
    My friend owns a big forum and lately the site is getting ddosed a lot, not only that, but he is getting random pms/emails claiming the forum is vulnerable and they know exploits in the site but not telling anything else, and that got him worried.

    but for me I'm not really worried about the site getting hacked, since no one did anything so far.
    But the ddos is getting annoying.

    The site is on a OVH Server, not using CloudFlare ATM.
    cPanel/WHM and LAMP stack are the only softwares on the server if that matters.
    I'm thinking of getting a ddos protection VPS as a reverse proxy, and then buying Sucuri business plan for L7 protection.
    I also noticed they offer many features, such as WAF, malware removal, malware scanning, etc.

    Anyone using them?

    You could look at AthenaLayer and then put a BuyVM DDoS protected VPS as a reverse proxy between AthenaLayer and the OVH server with a new IP (the current IP of the origin server is already known to the skiddies)

    Oh, and ensure that all the system generated emails are routed through a third party SMTP relay (Which you can call through the reverse proxy) and NOT your own server, as the mail header would include the (new?) IP of the origin server, again.

    Good luck resolving your situation.

    Thanked by 2Four20 deadbeef
  • Four20Four20 Member
    edited April 2016

    @K4Y5 said:

    I wouldn't really trust AthenaLayer for many reasons.
    What if I use Pro CF plan instead?
    And yeah BuyVM is one of the few providers I have in mind but I'm trying to avoid it since last two times I tried to signup my order got flagged.
    Also there will be many ways for skids to get the IP so Idk.
    Thanks

  • K4Y5K4Y5 Member

    @Four20 said:
    Thanks

    I tried AthenaLayer a while back. Its Ok.

    If you don't mind paying, CF pro is pretty damn good, and I'd recommend it over AthenaLayer any day of the week.

    Thanked by 1Four20
  • @K4Y5 said:
    If you don't mind paying, CF pro is pretty damn good, and I'd recommend it over AthenaLayer any day of the week.

    Alright thank you. And yes paying for CF is not a problem as long as it will help.

  • I use Sucuri for 3 big sites, they are awesome and their protection is really good. I have used CloudFlare since they launched but fully switched to Sucuri 2 months ago.

    You will not have any issues with L7 if you use Sucuri. My only issue was L7 and $200 x 3 CloudFlare Business was not within my budget. Sucuri also has good support, usually answers within minutes and they help you with any issues.

    PM if you need any help. You should be careful with some of their settings and also very important you choose the right caching method.

    Thanked by 1Four20
  • Btw, CF Pro will not help, tried it for a month and it was just as easy as before to bypass.

    Thanked by 1Four20
  • @Wicked said:
    Btw, CF Pro will not help, tried it for a month and it was just as easy as before to bypass.

    People confuse pro with business. Business helps, pro is just a bit more performance optimisation and better SSL.

  • @tr1cky said:
    People confuse pro with business. Business helps, pro is just a bit more performance optimisation and better SSL.

    Indeed. Bought it mainly for SSL.

  • nepsneps Member

    Four20 said: not using CloudFlare ATM

    I'd try CloudFlare's free plans before Sucuri. if you keep your true IP hidden CloudFlare can actually be pretty amazing, considering it's free. Of course it depends on the type of attacks that you're getting, but as I said, no harm in trying, it's free after all.

    As for the vulnerabilities in the site's code itself, I'd rather hire a dev directly and have them review site code than put my trust into so-called "malware scans" etc.

  • ATHENALAYER (@K4Y5) HAHAHA WE ALL REMEMBER HIS POSTS /no professionalism again

    (afaik) Nick Lim is a 12 year old scrypt kiddie who can barely code. I'm sure @jarland remembers him VERY well :)

    Thanked by 1GCat
  • @doghouch said:

    oh no you didn't! he released a free API source code, I'm sure he knows how to code

    All jokes aside, I don't really care about his age, but he is known to take projects down whenever he gets bored or can't pay his servers bills, so yeah, that's why I'd rather not to risk it using his service.

  • Sucuri is good as WordPress firewall, but something else is in high doubt. From basic tests i can say that their layer 7 protection is not far from cloudflare business - it will pass most flood requests and can be bypassed entirely with clever (targeted) attack. L7 protection can be archieved only with huge set of protection rules dedicated for your project (website) or at least CMS (engine), pre-thinked website logic and highly optimized environment/infrastrtucture. It's important to either be protected and stay real visitors untouched. Both cloudflare and susuci can't offer that. Cloudflare will bypass most ddos traffic so your server will likely to become down anyway. Susuci can bypass less, but it is likely to deny real visitors.

    If "big forum" has more than 10,000 daily visitors i'll be more than happy to help. I can offer hosted solution with enchanced website speed, scalability (clustering on demand), near full protection against CMS (engine) vulnerabilities (WAF) and guaranteed DDoS protection (especially layer 7) at no additional cost. Important to mention that it has close to 100% yearly uptime and i am offering SLA with refund in case of more than 1 minute downtime if you want guarantees. The ideal engine is phpbb or other similar lightweight (mybb and so on); vBulletin is harder but possible to protect with slightly stricter rules. Pricing is moderate and flexible.

    Thanked by 1Four20
  • zafouharzafouhar Veteran
    edited April 2016

    Why not use a DDOS protected IP from BuyVM? simple solution and it works unlike other solutions.

  • GCatGCat Member

    @Four20 said:
    All jokes aside, I don't really care about his age, but he is known to take projects down whenever he gets bored or can't pay his servers bills, so yeah, that's why I'd rather not to risk it using his service.

    Anyone else cringe at the code in that screenshot?

  • pyschz networks is what i recommend for L7 protection, there is several providers here that sell cheap dedicated servers located in that DC.

  • @zafouhar said:
    Why not use a DDOS protected IP from BuyVM? simple solution and it works unlike other solutions.

    Works for L4 but can't handle simple L7. Sucuri will do the job tho.

  • K4Y5K4Y5 Member

    doghouch said: ATHENALAYER (@K4Y5) HAHAHA WE ALL REMEMBER HIS POSTS /no professionalism again

    Come again? I couldn't decipher that extremely professional response.

    Thanked by 1doghouch
  • @Four20 said:
    All jokes aside, I don't really care about his age, but he is known to take projects down whenever he gets bored or can't pay his servers bills, so yeah, that's why I'd rather not to risk it using his service.

    He even uses file_get_contents to pull from another server. Isn't that what the curl function is for? :p

  • I added some of my stats with Sucuri and as you can see they really are helping. None of the attacks managed to reach my server(backend is a Vultr instance). So for $10/month you will have better support and almost as good protection as you would get with CloudFlare's $200/month plan.

    Thanked by 1Four20
  • I advise to not mess with this service. Because of its control me and my clients can’t go to my site (it’s blocking each 3-5 min). And now I can’t unbind this service from the site. I called to their office to ask them about canceling from their client base. It was easy. But forget about returning the money from your account, it’s impossible. Also I can’t seek their support, because my acc was deleted from their base (are you serious?). However my website is still blocked and I have no ideas what to do. Could you help me?...

  • pbgbenpbgben Member, Host Rep

    If this is an application layer attack, then its outside of OVH's capability IMO. If there is budget for it, try clustering a few lowend VPS to handle the traffic.

  • @johnmadboy said:
    I advise to not mess with this service. Because of its control me and my clients can’t go to my site (it’s blocking each 3-5 min). And now I can’t unbind this service from the site. I called to their office to ask them about canceling from their client base. It was easy. But forget about returning the money from your account, it’s impossible. Also I can’t seek their support, because my acc was deleted from their base (are you serious?). However my website is still blocked and I have no ideas what to do. Could you help me?...

    Unbind the service from your site? You can just change your DNS to point to another IP.

    It seems to me like you should have some sort of super managed hosting because you don't know shit.

  • johnmadboyjohnmadboy Member
    edited April 2016

    @Wicked said:

    >

    Unbind the service from your site? You can just change your DNS to point to another IP.

    It seems to me like you should have some sort of super managed hosting because you don't know shit.

    In fact, I did so.
    Maybe I said something wrong or not those words as you used to talk. And you're right, that I'm a beginner. But it doesn’t give you the right to be rude with me, because there is everybody beginning to do something like that in first time. I’ll hope for your understanding, dude.

  • @johnmadboy said:

    @Wicked said:

    >

    Unbind the service from your site? You can just change your DNS to point to another IP.

    It seems to me like you should have some sort of super managed hosting because you don't know shit.

    In fact, I did so.
    Maybe I said something wrong or not those words as you used to talk. And you're right, that I'm a beginner. But it doesn’t give you the right to be rude with me, because there is everybody beginning to do something like that in first time. I’ll hope for your understanding, dude.

    Sorry, didn't mean to be so rude :P Too bad Sucuri didn't work for you, but many other good services out there.

  • @Wicked said:

    Sorry, didn't mean to be so rude :P Too bad Sucuri didn't work for you, but many other good services out there.

    Thank you ;)

  • mujmuj Member

    I've had the same problem a few years back, change your server IP and try with Cloudflare free plan and enable "I'm under attack mode"

    If your still getting attacked move over to Securi which does work. But they do block some scripts as it detects it as XSS so you can whitelist them.

Sign In or Register to comment.