Portal Home > Knowledgebase > Articles Database > Review: Gigenet's Proxyshield


Review: Gigenet's Proxyshield




Posted by phpmind, 12-30-2009, 09:44 PM
Before i placed order, i was told by Gige Sale rep. that Proxyshield will handle my current DDoS attack type easily so I rent a server at Gigenet.com and also purchased Proxyshield service at the same time. I have been using the service for around 4-5 days but the DDoS protected is totally useless at all. The attackers is using URL Get Flood to DDoS my site, but Proxyshield can not handle it. It blocked the IPs which request to index.php but also blocked legit traffic. Although server is running but no visitors can access my site, because the Proxyshield blocked all the traffic and not pass or just pass around 30% legit traffic to my site so total visitors was dropped dramatically around 70%. At the time i post this thread, bandwidth monitoring provided by Gigenet showing that current transfer rate is just 800kbps out and 897kbps out (normall traffic if not being DDoSed is 30mbps out/3mbps in) and the site has no visitors! I buy the Proxyshield service in order to prevent DDoS attack and let normal visitors access my site normally without interrupting. But the result now is too bad, if Proxyshield is just block 100% traffic and called it 'DDoS Protected' so i just told DC to null route my IP and save thousands of money! What different between using Proxyshield and not using it? 1. No Proxyshield: server overloaded and no visitors can visit. Pay for the server fee monthly (with some BW over charge) 2. With Proxyshield: server is fine, no visitor can visit. Pay for the server and Proxyshield. Now, my site is not accessible at all and i am sure that the attacker know that they succeeded making my site down, with or without Proxyshield.

Posted by ameen, 12-30-2009, 10:24 PM
PHPMIND, Please give me PM with your email, {I am sure we can find a solution fr you. I{ can also chat on gtalk or you can reach me by phone. I will send you my phone #.

Posted by ameen, 12-30-2009, 10:27 PM
Are you sure you did not get confused and think ddos protection comes with a dedicated server? Its two seperate products. Also do you have a ticket # to reference?

Posted by SoftWareRevue, 12-30-2009, 10:43 PM
It'll have to be a ticket number, because he doesn't have PM rights yet.

Posted by phpmind, 12-30-2009, 11:49 PM
Hi Ameen, it's 2 separate services (Dedicated server and DDOS protected). I have posted many tickets just because my site can not accessible during DDoS attack many times a day. My customer ID is 2260 , please check it and take a look at my proxyshield to see if you can give me better solution. Thank you.

Posted by ameen, 12-31-2009, 12:53 AM
Your sire loads up fine for me?

Posted by phpmind, 12-31-2009, 01:29 AM
Hi, 2 hours ago it was down 1 hour because the proxy blocked traffic. I had to send many tickets to have Gige engineer do DDoS migitation, then the site is back up. Please check the bandwidth graph, there're many times that the transfer rate dropped from 20-30mbps to below 500kbps in/out when the DDoS come, and for at least 30 mins. If proxyshield's filter is turn on, then only 30% legit visitor can access the site, 100% ddos traffic and 70% normal visitors got blocked. It's not stable at all. Because of this, the attacker of course knows that he still can take down my site even it is protected by Proxyshield. Now everytime he attacks (2-3 times a day) my site will down 30min to 1hour each time, what happen if he does it more frequently? When the traffic dropped below 10mbps that means the site lost 50% visitors. Check the BW graph below Bandwidth graph hour: hxxp://yfrog.com/b7gigenethourj Bandwidth graph day : hxxp://yfrog.com/jmgigenetdayj Last edited by phpmind; 12-31-2009 at 01:37 AM.

Posted by phpmind, 12-31-2009, 01:44 AM
Just happen 5 mins ago: hxxp://yfrog.com/3mgigenethour3j @Ameen: I don't have intention to give Proxyshield bad review. But i need a stable DDoS protected service. I would use Proxyshield all time even no DDoS coming for next 12 months, but i need it handle the current attack well so my site will not losing any more visitors and dont let the attacker know that he can take down my site very easily even it is protected by Proxyshield. My only concern is keeping site's visitors, if the site not stable or hard to access then no one want to visit it again, in the end i dont get any money to pay for the proxy service. Last edited by phpmind; 12-31-2009 at 01:55 AM.

Posted by ameen, 12-31-2009, 02:48 AM
What time zone are you on? Will you be able to talk tomorrow, I need to look into it a bit further. Email me ameen @ gigenet.com and add me on gtalk or aim, ameengigenet is my sn

Posted by phpmind, 12-31-2009, 04:13 AM
I just sent you an email. Currently the proxy's filter is on and it blocked half of legit visitors.

Posted by ameen, 12-31-2009, 04:45 AM
Can you get on messenger, if it was blocking half of your god visitors it would not be isolated to you, we have hundreds of clients being protected.

Posted by phpmind, 12-31-2009, 05:31 AM
Can you use email? Even me got blocked

Posted by phpmind, 01-14-2010, 01:15 PM
Hi Ameen, Now the Proxyshield is useless and passed 100% DDoS requests to my server. The attack type is URL GET Flood and Proxyshield can not do anything at all. I have sent you an email with detail logs as well as many support tickets. Now my server is being flooded all httpd processes and going to halt.

Posted by XFactorServers, 01-14-2010, 01:38 PM
phpmind wht isn't a gigenet support desk. put in a ticket or email ameen.

Posted by JustinAY, 01-14-2010, 05:06 PM
If you need a 3rd party DDoS mitigation / server hardening solution, I would recommend serverorigin (meh) or www.rack911.com (good, comes recommended around here). If you put in a ticket I'm sure one of these guys could help you out as well.

Posted by ameen, 01-14-2010, 06:15 PM
We stop get floods constantly, the problem is your configuration on your end. On top of that you ask us to remove some of the header checks which allows good portion of the bad traffic through. You cannot have your cake and eat it too. There will be false positives sometimes and you don't seem content on dealing with that for a couple of days, if you let us do our job the attack would be finished but you didn't.

Posted by ameen, 01-14-2010, 06:16 PM
You can also message me on AIM so we could have a more direct discussion as the time lapses and timezone difference seems to be an issue

Posted by PeakVPN-KH, 01-14-2010, 06:19 PM
Thank you for the recommendation. We do appreciate it.

Posted by railto, 01-14-2010, 06:49 PM
think the best thing for both parties is to take this away from the public forums and use IM or ticket

Posted by phpmind, 01-14-2010, 10:40 PM
No, i did not give false positives. Here is what i received from support: My server is now receiving URL GET Flood which all passed from Proxyshield IP. Although i increased maxclient/server limit to 2500 but "2500 requests currently being processed, 0 idle workers" and all processes is getting "/index.php" or another php file. The server load is 175 (sever spec dual 55xx, 6gb ram, 15k rpm hdd) I rent a well known ddos protected service named "proxyshield" but now i have to prevent ddos myself and my server is being ddosed to down all time. No matter what the attack size is big or small, i only concern that my website will be online and stable and the process will be handled by gigenet / proxyshield, not me. I also can not have knowledge as you, so i rent your ddos protected service, why asking me to filter out the attack IPs or send you the IPs list ? if i can do it all, why i have to pay for these service.

Posted by Ramprage, 01-14-2010, 11:06 PM
Is the attack coming from multiple IP's or a single IP range? With iptables and mod_security you can pretty much block out a lot of it.

Posted by The Universes, 01-15-2010, 03:00 AM
I agree, if its a small scale "flood attack", things like DDOS deflate, mod_evasive, and iptable rules can usually filter it out.

Posted by Scott.Mc, 01-15-2010, 05:34 AM
What they are saying is your webserver should be able to deal with such a small attack. Have you actually reviewed your system itself and if the application itself is capable of handling a few extra requests? I suspect not. Maybe rather than arguing with each other you should work with each other to come up with a solution. Gigenet could possibly have alook at your system for you or hire an administrator. It's been 2 weeks since this thread was started and god knows how long before then but this issue could have been long resolved by then and it's absolutely pathetic that it's still being discussed and going round in circles - if your website is as important as you claim.

Posted by PeakVPN-KH, 01-15-2010, 06:59 PM
It's likely it's very large just much of it's being filtered. What's being stated is the security is doing two things: 1) It's blocking legits 2) It's still passing so much traffic it's overloading the server. Although, regarding the previous suggestions. The amount of traffic still coming in is too much(Which is all coming in the DDoS Proxy IP). Therefore, ddos deflate and iptables won't help him because if he blocks the proxy then he's blocking all traffic. It sounds like he needs to be working directly with Gigenet. I know we've had customers come from them but we've also had them go to Gigenet. They provide excellent support and they have a good product. I'd imagine a little working with Gige, maybe give them a call. I'm sure they can help you with it. It is also possible you have a database or something heavily CPU intensive that you may need to tweak. We see it very often where sites are just not built to withstand DDoS attacks and when they occur, even blocking 99% of the dirty traffic, 1% still overloads the box. Try persistent connections on your database if it's some sort of forum, or something like that. Also, it's highly recommend to check with a company to optimize the server. You may want to tweak your timeouts and connection settings. I know we recommend checking with: serverwizards.com Staminus kind of turned them on to us for our customers. Maybe check with them and ask them to look over your server and verify you have everything optimized to handle the connection load that isn't being filtered. I don't want to come here and defend a competitor... Although, I will say that DDoS mitigation isn't an exact science. You can block on 'x' number of levels and attack triggers. Yet, it's still a possibility if it's too tightly configured you will block legit traffic. (This is also the case with appliances like Riorey/Intruguard or services like ethProxy/Proxy Shield/Secureport/etc) Whatever your method. Most will agree to protect between 95-99% of the dirty traffic. It is impossible to say all dirty traffic will be filtered and it'll never affect good traffic. Therefore, there is a buffer of 1-5% depending on the service. That buffer allows for the service to still pass enough dirty traffic to not affect clean traffic. SO! The point behind this post is to say that during an attack, even with protection, you're going to get a higher than normal traffic volume. That volume has to be dealt with on the server-side. It sounds like whatever the size of your attack, the 1-5% (or whatever Gigenet sends) is overloading the server. Theoretically, most servers have enough resources to handle this extra load. Some don't...or they are improperly configured. This is not the fault of the ddos mitigation company. You will have to seek server support and work with someone who specializes in getting that load down and making the best use of the resources on the server. Best of luck to you. Thanks



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
TikiWiki Exploit (Views: 537)