New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to get around antiddos on my server?
dodheimsgard
Member
in General
Hey guys
I have kimsufi server with kinda of api application running. This application is designed to handle around 200k requests in 30 minutes timespan few times a day. Sadly probably kimsufi detect part of this traffic as ddos attack (i get email 1 time a day about ddos) but im nearly sure its not ddos.
What should I do about this?
Move my application to hosting without anti ddos (hetzner)?
Or spread my aplication on few VPSes to reduce number of requests per IP?
Thanks
Comments
Move to a different provider is the only thing you can do. If you need ddos protection go with php-friends. Hetzner also has basic ddos protection, but you can try if it kicks in on your usage.
contact kimsufi
This isn't really an issue.
If you were to raise this to KimSufi, I'm sure they'll be able to help out.
OVH / KS does not offer any exceptions regardless of scale.
That's the worst recommendation you can give him.
Buy OVH where you can set network firewall rules that affect to the anti-ddos.
Based on the minimal info you provide nobody can offer sensible advice. Example: Those 200K requests come from about how many system and IPs? Mainly from some region or even country (which one?) or from all over the world? What kind of reqs? http or custom or ...?
Btw. why didn't you discuss with/inform Kimsufi front-up?
His issue is with the underlying mitigation, not the network firewall.
If OVH's mitigation is blocking his traffic, nothing can be done.
@jsg
Every user make max few requests (like 4-5 max), requests come from all over world. My stats show that user requests come from around 50k unique IPs. All requests are http get/post.
I dont discuss with kimsufi because from my experience they are close to no support company unless you are renting servers for shitload of money a month + i found many similar threads and conclusion was only 1 - OVH wont do anything to help me because they wont disable their antiddos system for one customer.
I know shit about antiddos systems, I have no bigger idea how such system may work so I'm asking here if moving to other provider without antiddos would be better solution or spreading traffic across more IPs (like 5-10 VPS for example)
You answered your own question. Move to another provider and ask them upfront about your use case before committing.
Then I'm not surprised that their DDOS detection gets excited. After all, what you describe (hours of almost no or little traffic and occasionally large bursts) does look like a potential DDOS to a cheap scanner.
I personally do not think that distributing your traffic over some more VPSs with Kimsufi would help because it only would make the bursts somewhat smaller (and seriously increase your costs).
I'd rather switch to a provider whom you can discuss with and explain the situation. Btw. your situation is not that exotic; Many businesses also have "transfer windows" every 2 - 6 hours when they get or send a whole lot of data at once.
There are some technical options too but I guess you don't want to (or even can't) redesign and change your software.
The fact that you get an email about detected DDoS attack doesn't mean that OVH filters out legitimate requests while DDoS protection is on. Did you actually get any complaints about service availability during that time?
First thing I thought of was offloading to a CDN, but it sounds like your app wouldn't really work with that kind of setup.
You should spread the traffic. Use multiple VMs. Then importantly use anycast dns. Load balancer will also be good option.
This type of app is best to use aws, vultr, do or linode. Or other providers that offers vps. But I still recommend aws for running api systems.
If he's using a Kimsufi server he probably doesn't want to spend the money on load balancers and AWS, Linode, etc lol.
If he wants to stick on KS then he can get multiple dedis there and load balance via dns or another dedi. He just need to spread the traffic. His issue is that 200k post/put or api request which will really gets blocked by antiddos systems. So lets say 5k-10k req per server? Lol so probably 20 KS servers.