Cyberattack suspended my website for abuse?

Thanks for your answers. If you have any other ideas, please let me know what to do.

1 Like

There are many type of DDoS, flooding to WordPress login form is in layer 7 OSI (Application DDoS), but any other may be in layer 3 or 4 (Network and Transport, like smurf, sync ackā€¦), with network and transport attack we must use iptables rule (Cloudflare) to defense but heavy flood we can use application filter (bot trap, .htaccessā€¦) to stop attacker. Due to have no logging module support in our hosting servcice then we must be used both of solutions. Clear ?

With that thing your solutions is you should have daily backup plan andā€¦congratulations, welcome back, I can see youuuuuuu.

Thanks, i hope to donā€™t get any problem of this kind anymore

1 Like

Itā€™s definitely clear to me that you havenā€™t suffered the same kind of DDoS attacks that I have.

.htaccess rules do nothing if the attack is hammering the service so hard with 1000 times the regular number of incoming connections it just overwhelms the serverā€™s network stack.

Bot traps do nothing against a DDoS attack. L3/L4 attacks cannot be logged for individual websites, because web requests are L7.

Iā€™ve suffered L7 attacks slamming right through Cloudflareā€™s web filtering and the traffic just completely choking the backend load balancers that sit well in front of any application code.

I know what attacks I have suffered and I know what options exist to combat it. So I can also tell you that none of those solutions can be applied on a web hosting account.

3 Likes

Excuse me Admin, Iā€™m not an expert and perhaps you already answered to this question. But if you say thereā€™s nothing that can be done if we were targeted by such an attack then why the error message Mr Helmort received states ā€œif you need your site online today you can upgrade to a premium plan.ā€? Is it from the attacker or from Infinity? Iā€™m glad that the guy received back his website. Did he have to upgrade?
Thank you for your clarification.

The free account has been reactivated.

Iā€™m not sure what happened here, the process Iā€™ve seen so far involved permanent DDoS suspensions, not temporary with the opportunity to upgrade to premium.

Generally speaking though, the number of accounts on a premium server is much lower than on a free server, so if your account gets a small DDoS attack, itā€™s easier for the server to just handle the load without impact to other websites.

3 Likes

Well, I am not sure why it seems to me a little suspicious that a free account with some commercial features 1) get attacked 2) then suspended and 3) as solution it is suggested a premium account by the Host.
Who has really benefited from such attack? For every crime thereā€™s a motive isnā€™t it?
Usually the motive indicates to the culprit.
Itā€™s true that the victimā€™s site was easily unsuspended this time. But at the same time you keep saying that the only solution is a premium account because the free one is subjected to suspension due to these attacks. Do backups is the mantra. But when you suspend a web site no backup will really help when you want money (ransom?) to unsuspend it. Itā€™s a matter of trust even though itā€™s a free account. Hence, I would expect as a policy that the Host always unsuspend such sites for free. Otherwise the suspicion remains. Sorry, these are just my feelings about this upsetting situation.

Your logic there does make sense.

There is another solution but it only works if you have a custom domain. Setting up Cloudflare on your domain will (usually) allow Cloudflare to take the brunt of the attack instead of the hosting server.

And for the record, no, IF/iFN is not attacking their own servers in an attempt to get you to upgrade. Youā€™re not the first person to point this paradox thing out.

3 Likes

I will say, Iā€™m surprised by the premium recommendation too. Most hosting providers are not eager to host websites that are likely to be the target of a DDoS attack. Either the attack was quite minor, or some lines got crossed internally at iFastNet.

A DDoS attack is basically just digital vandalism. Is vandalism usually done with some clever and nefarious purpose? No, itā€™s usually people being bored and stupid.

Iā€™m more surprised that the account was reactivated at all. I have seen many suspensions over the years due to sites likely being the target of a DDoS attack, and usually the gist was ā€œfind a different host, we donā€™t want to host your website anymoreā€. Which is harsh, and unfortunate if your website was the target, but I am convinced that it is a necessary measure the protect the stability of the platform and the millions of other websites that are hosted on it.

Just reactivating accounts that were the target of DDoS attacks and not taking any measures to prevent our servers from being attacked again is reckless and betrays the trust of everyone else affected by the attack.

And to be very clear, none of this is ā€œholding a website ransomā€. If your account is the target of a DDoS attack, weā€™re always happy to provide backups so you can migrate your website to another host without data loss, completely free of charge. And your free account will not be reactivated, even if you offer to pay us for it. If we wanted to extort people, we wouldnā€™t do that.

3 Likes

Hey!

I have additional question regarding this topic. Is it possible to setup Cloudflare to your hosting? If yes, I will get myself protected against flooding before it has a chance to happen :slight_smile:

Absolutely! As long as your site has a custom domain.

4 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.