New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
location ?
https://www.ovh.co.uk/web-hosting/
Any
http://en.hostsolutions.ro/hosting/shared-hosting/ start from the next week is protected by voxility up to 960 gbps DDOS
buyshared will be perfect...wont it ?
BuyShared has no DDoS-protection and I don't think they offer DDoS-protection as an addon.
Yeah do you know any tr1cky?.
We always recommend users get a VPS for DDOS protection.
When a DDOS attack leaks (it will) you don't want your site getting ripped offline because the booter 2 accounts down is getting its face checked.
Francisco
Multiple VPS in different locations. OVH is a decent option.
Also, what about cloudflare?
Do not host user generated content with him looking at some past threads.
never i told this , i only mentioned if the customer put a website should be pending of his website
We provide ddos protection up to 250Gbit / 370mpps. It's based on Upstream Filtering and our own ddos mitigation appliances, which are self developed over the years and able to handle also sophiscated floods from layer 3 to layer 7.
Have a look on https://www.kms-hosting.com/webhosting/. Dedicated IP is possible for at least 7,50€ per month, including Layer7 DDoS Protection in order to handle HTTP Floods.
XHostFire specializes in DDoS protected shared, not sure on r1sof and let's encrypt though @deployvm
Cloudflare don't do Layer 7 DDoS Protection.
Yes they do.
@jarland: You are welcome to your opinion, but its contradictory to all the evidence. And given the number of attacks we see that go right through CloudFlare, I would beg to differ.
Cloudflare are a Web Accelerator & CDN & WAF, any other capabilities are not their main focus. A simple cookie from a calculated mathematical problem or "CF-Bypass" (as its called by the skids) script, and you are through.
Apparently their their support at the enterprise level have some manual ACL capability, but automatic Layer 7 mitigation (aside from a JS Verification Page "under attack" mode?). Nope.
Anyway, its not my intent to hijack this thread for a discussion of the effectiveness of CF. I just wanted to make this clear to the OP.
I see plenty of XMLRPC floods pass right through CF as well to our users that are stubborn enough to put CF in front of our filtering.
Francisco
Still, you can put application level filtering behind CloudFlare and you have a solid L4 protection in front.
I don't think x4b does otherwise, I know standard voxility filtering isn't good either when it comes to L7 attacks.
I am not 100% sure what you are saying, but we dont use any Cloudflare or any other Layer 7 filtering solution. Our platform (X4B Sense) is entirely developed in-house.
Note: We do use some Riorey hardware in Romania for an extra bit of pre filtering (was very necessary in the past when we couldn't get affordable high spec hardware, now it just adds a bit of extra stability - RO consistently sees ~99.99).
Our Layer 4 filtering is a combination of the filtering of various large networks (Network Level protection) and our own in-house filters for more fine grained filtering (network level filtering brings it down to < port speed).
TL;DR ^^^
P.S based definitions we use, this is the model we use:
Layer 4 Network Level Filtering: Responsible for reducing a DDoS attack down to <1Gbps/600Kpps (or <10Gbps/4Mpps where a 10Gbps port is in use). Typically most network level filtering is very rough, and should not be applied to specifically. This is the only part we dont currently do this ourself, instead outsourcing it to networks such as Voxility. The aim of this is to prevent network port saturation.
Layer 4 Server/Service Level Filtering: Responsible for reducing a DDoS attack to no more than 5% or 1Mbps attack traffic (whichever is bigger). Normally better than this. Its quite normal to use deep packet inspection and other 'expensive' filters at this level. The aim of this is to keep the OS & server online.
Layer 7 Level: Although we also provide some FTP, SA:MP, TS3 and other protocol filters when most people think Layer 7 they think HTTP / HTTPS. For HTTP/HTTPS this is where you need lots of memory, and complex algorithms to do it properly. We also do a bit of machine learning at this level too.
Application Level Filtering: This is normally rules that are specific to your application. i.e limiting the rate of certain expensive API calls. We dont specifically provide this functionality (although we have some tools in the dashboard that can allow people to do some of this). This definately not a one shoe fits all level, unlike the others.
Cloudflare from my understanding provides the tools for you to implement your own WAF (Application Layer filtering) and Layer 4 filtering. I have not seen them provide any support for complex Layer 7 floods (although as mentioned I understand they might have the manual capability in Enterprise plans).
--
I dont mean to put them down FYI, they do some good work helping fund the development of OpenResty (including ngx lua) which we use extensively
Our contributions to that project (small donations, and code patches) dont really measure up... yet.
--
Voxilities filtering is just a JS set cookie and meta refresh. Extremely simple to bypass but defeats compromised service / amplification attacks (WP/Joomla/PHP Avatar etc) since the attacker cant control the machines / software performing the request - even just to add a static cookie.
Quite a few 'stressers'/'booters' have attacks built to exploit this. Some execute a V8 JS client on the first request and harvest cookies. Others send a bunch of static cookies with every request. Its often called 'CF-Bypass', 'JSBYPASS' or just "Bypass Voxility"
i.e.
No it isn't: https://www.cloudflare.com/ddos/
You might say that you dislike it, that the free tier doesn't have much of it, or that it's imperfect (what isn't?), but not that they don't do it. That would be factually inaccurate. I've used it and watched it in action, that's not an opinion.
@jarland Ok, so inadequate DDoS protection then. Perhaps an Opportune time to mention how often LET (which uses Cloudflare) is offline (as recently as yesterday)?
Anyway I feel like I am taking this thread offtopic. I just wanted to raise that point that CloudFlare alone is not a DDoS protection solution, and that I (and many others) would not consider it DDoS protection. A WAF? A Web Accelerator? A CDN? sure.
I'd be interested in hearing that from people who pay CloudFlare $200/m or more for their actual full protection as opposed to repeatedly referencing the free tier. I disagree entirely that CloudFlare is not a capable DDOS protection, and would argue that it's one of the best in the world. I would not, however, argue that you get all of its features for $0-$199/m.
LET is more unique in that it had a widely known IP that passed traffic to the web server without CF. I never noticed LET offline behind "I'm under attack" mode. I never received a captcha+timeout.
I have paid $200/month for CloudFlare Business several times and this will prevent Layer 7 attacks. By using their "always under attack" solution you will have pretty similar protection but I don't recommend it.
But I am currently with Sucuri, they also have really good protection and is only $10/month.
Can you confirm that the 10$ plan provides worse protection than the 20$ plan? That's actually what they say but I don't fully trust them.
You should check flokinet.is. The guys there know what they are doing and provide good DDoS protection for an acceptable price