Portal Home > Knowledgebase > Articles Database > Surviving Sudden Termination Due to DDoS from Inmotion


Surviving Sudden Termination Due to DDoS from Inmotion




Posted by MuddiedKnees, 08-23-2013, 11:56 AM
I noticed that our site has been down for more than 24 hrs, so I contacted Inmotion. After several hours of waiting, they tell me that our 'account' has encountered a DDoS and will be terminated. I'm not sure, but is it possible for them to provide me with some numbers (maybe number of requests per minute or the delta) to at least clearly show that it is indeed our domain being targeted? BTW, out site is a family-run kids site providing lots of free educational materials, so I'm not sure why anyone would want to attack us. Of course, after all the flowery words I have shared here about Inmotion, I'm moving to another host. I have contacted them about getting a VPS before, and they told me it's not necessary as our site is well optimized. But now it seems they don't need my business at all. So we're not sure what to do. If we were really attacked, won't our domain remain a target even after a move? Any advice will be much appreciated! Thanks!

Posted by Vudoo, 08-23-2013, 12:20 PM
Because some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn." - Alfred Pennyworth. I would look into a service like CloudFlare to help protect against DDoS attacks, it's free unless you want some of the upgraded features like SSL.

Posted by MuddiedKnees, 08-23-2013, 12:23 PM
Thanks, Vudoo! I think I'll sign up to CloudFlare as advised.

Posted by AppDevPoint, 08-23-2013, 01:38 PM
DDoS protection prices thousands a month. Moving to a VPS or dedi will not protect you from suspensions and terminations if you are DDoS'ed again. While on a dedicated server if you become the target of a DDoS they will still suspend you to protect other dedicated servers in the same datacenter from network issues. You need the CloudFlare business plan or a dedicated server with DDoS protection but these prices thousands.

Posted by MuddiedKnees, 08-23-2013, 01:58 PM
Wow. It's strange though that out of the millions of domains out there, we are being targeted. If I had a VPS, would it be possible to configure Apache to limit GET requests to say 5000/sec, such that any more requests will be rejected regardless of source? One should be able to define this limit based on historical traffic and server capacity right?

Posted by Cloudc, 08-23-2013, 05:14 PM
DDoS Protection won't cost thousands a month, nowadays it's available at several hundreds per month for a server with a 10 gbps ddos protection. Don't darken the future of ddos protection please.

Posted by TrentaHost, 08-23-2013, 06:00 PM
Do you know what type of attack and how many GBPs? They should be able to tell you that so when you go shopping for a VPS or Dedicated which has DDOs protection you know who much you need to buy to protect yourself.

Posted by brianoz, 08-24-2013, 05:58 AM
Unfortunately, no configuration of Apache is going to help protect you against a really large DDOS. There are tools like CSF that help a little more than Apache configuration, but those are also no match for a real DDOS. Also unfortunately, DDOS attacks are far more common these days and any site can get attacked.

Posted by MuddiedKnees, 08-25-2013, 10:35 PM
We're just feeling the effects of the DDoS. Apart from 2+ days of frustrated visitors, we've lost our search rankings, but hopefully they will go back up. We've moved to a WiredTree VPS, and it looks like they have some DDoS protection, but I'm sure this will be no match for a true DDoS. I'm just somewhat relieved that we no longer share IPs with strangers and that someone is helping us monitor our own node 24/7. We're going to explore CloudFlare or other solutions once we get some baseline of how our VPS performs and behaves w/o any other layer between it and the Internet. TrentaHost--Inmotion is not giving any details about the attack, only that the 'DDoS' was massive and that it was targeted specifically at our website. They say that it was impossible to get logs. What I wish they would do right now is just give me a refund for the next 3 months, instead of simply telling me that they won't renew my account, which has practically been rendered useless.

Posted by astutiumRob, 08-25-2013, 10:49 PM
You don't lose your SE ranking based on 2 days of downtime.

Posted by ddosguru, 08-25-2013, 11:05 PM
I would argue that it would suffer a bit, perhaps not lost completely though.

Posted by TrentaHost, 08-25-2013, 11:16 PM
Okay, well goodluck with Wiredtree, next time pay on a month to month basis, then you'll be much safer and won't be needing to request refunds in cases as such.

Posted by electron_prince, 08-26-2013, 01:28 AM
wow, yours is just a shared server. I had a dedicated server with xlhost.com about 1 month ago and they terminated my server due to ddos attacks. That was their bloody scam trick to rob my money. On their server I was ddosed like everyday, they first null routed my ip, then next time they suspended and then they terminated the server. And when I moved to another host, I am not getting any ddos attack.

Posted by MuddiedKnees, 08-26-2013, 02:21 AM
electron_prince: We had two incidents before of (apparently) using up too many resources, resulting in suspension and getting moved to another server. Eventually, our simple static site proved to have very little impact on resources when Inmotion admins themselves did an assessment in response to our query about moving to a VPS (to be fair, they were very courteous, responsive, and straightforward during the assessment). But because they have accused us twice of affecting entire nodes, I'm a little wary about the DDoS conclusion, especially because they never presented any numbers. Please note that our site does get a lot of normal requests compared to our neighbors, so maybe this is why we are the usual suspects. I don't want to go beyond that and accuse them of anything, it's just that we would really appreciate seeing maybe the logs that show a spike in requests to our domain. AstutiumRob: Sir, I'm not sure if you could consider this 'losing rankings', but many of our popular pages got delisted pretty fast. I hope they get listed back in soon. I saw Matt Cutts video saying that a few days in the dark should be fine, but I think the crawler passed us soon after we got taken down. Also, because we were traveling when this happened, we bungled our transfer a bit (should've asked WiredTree to do it for us). We managed to get the site back up on WiredTree after more than 48 hrs, but failed to put up all the pages, resulting in the site going online with a lot of pages (including popular ones) returning 404s. TrentaHost: Thanks sir. We decided to do 3mos this time. I'm really hoping to stay for years with WiredTree as we did with Inmotion.

Posted by reto, 08-26-2013, 10:29 AM
Amen! The future, alas, looks like DDoS is getting stronger, more prolific and cheaper to inflict, whereas mitigation prices pretty much remain the same, or become cheaper at a much lower rate.

Posted by WiredTree James, 08-26-2013, 12:23 PM
Thanks for the business MuddiedKnees. While there are certainly things we can do from both a software and hardware perspective if you are under attack, I wanted to clarify that we are not classified as a DDOS mitigation host. If you are truly under massive attacks, it would be wise to protect yourself with third party mitigation behind the mask of DNS. If you would be willing to open a support or sales ticket on your current account with us, I would be happy to look over your setup and make recommendations for your current configuration.

Posted by MuddiedKnees, 08-26-2013, 06:04 PM
Hi (WiredTree) James! Thanks for the offer. I've been monitoring network and CPU utilization on Grove (maybe there's a better way, but I'm not aware), and there seems to be no indication that we are currently being attacked. But I'll still file a support ticket soon about this to take you up on your offer. Thank you.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
VPS Reselling (Views: 632)
help to solve debian (Views: 583)