Ddos attack can't use infinity free anymore

Got this message on my support ticket.

Your service was a target of ddos attacks and we can no longer continue to host it unfortunately.

You would need to find a different hosting provider with ddos protection.

A backup of your account can be provided upon your request.

So I can’t use InfinityFree anymore?

If your account was suspected of a (D)DoS attack, then you(re acount) were targeted by many malicious attackers. While you still could use InfinityFree services, using a different service with (D)DoS protection may work better for you if your site is a popular one.

No. This is wrong. The OP has been banned from using InfinityFree.

Correct. As the support ticket said:

5 Likes

The support told me that with a premium account on infinity free I can use the same domain since they can use more resources. Is this correct?

Generally, customers banned from InfinityFree because they’re targeted by a DDoS attack (or a TOS violation) aren’t allowed to upgrade to premium either. The support messages seem to contain an offer about upgrading to premium regardless of context sometimes. But If the support message you got really was phrased that way and they say they’d welcome it on iFastNet, then that would be an option. A confusing one because web hosting companies generally don’t want to host sites that have been known to be the target of a cyber attack, but an option nonetheless.

3 Likes

We can spend more resources protecting your site on a paid for service and would allow that.

Please let us know if there is anything we can do.

This is the response I got, now what am I supposed to do?

Also because the support doesn’t seem to answer now, where can I see proof of the Ddos attack? My traffic is normal as always and many times my website was suspended with that message:

It appears your website was incorrectly detected as abuse by our anti fraud systems.

How do I know this is not another “incorrect” report.

The IP address 185.27.134.60 was in fact documented to be under a DDoS attack over the past few days.

I’m not sure what metrics the iFastNet staff who make these kinds of decisions have access to, but apparently they have reason to believe that your website was the target.

3 Likes

There is not a lot we can do except for wait for the attack to pass.

Is there a way to keep using iFastNet? I am willing to use a premium account. The support stopped answering.

If support told you upgrading is an option, you can pick a plan out at iFastNet.com. However, note that InfinityFree and iFastNet are two different companies, so by upgrading your website you will manage it on iFastNet website, not InfinityFree’s

5 Likes

"With a premium account here? Can I use my current domain?
You wrote at 2024-12-24 15:20 (2 hours ago)
Hi there,

We can spend more resources protecting your site on a paid for service and would allow that.

Please let us know if there is anything we can do."

This is all I got and then radio silence. If I create an ifast account with premium hosting and change the nameservers will it work normally?

Once the site is moved, yes. The easiest thing to do is to contact iFastNet’s support after you’ve signed up for premium and ask them to migrate your account for you. Once you do that, your account from then on will be managed with iFastNet’s cPanel installation, and will not be available through InfinityFree’s client area or control panel.

4 Likes

If we suspect a particular site is the target of an attack, we may choose to refuse service to that website. It’s a crude, but effective measure to stop the attack and prevent the same IP address from being attacked again.

While we’d like to be able to host websites for everyone, if a single website is responsible for tens of thousands of websites being unreachable, we have to decide whether to meet the needs of the few or the many.

5 Likes

Thank you for your answers, I will be seeking web hosting elsewhere, it’s been a frustrating time since there has been numerous suspensions of the website and the support would restore it after a day stating there was an incorrect alert. A dynamic site would trigger the daily hit limit and a static site is completely unsustainable since you get suspended for no reason at all. At first they would tell me it was an Instagram word or something, but now you get nothing. It’s not worth using it as a free hosting since you are actually paying with your sanity. I don’t know about the “attack” but I sure know about the times IPs were down and it was impossible to know when it would be resolved. Also the support seems to be clueless about basic problems and they actually told me that if I wanted to keep using the service I would have to update to a premium plan.

A paid hosting service elsewhere will save everyone the frustration and the time needed to monetize everything so you don’t get suspended. It’s been great for testing a website but a frustrating process to maintain it.

We’re very sorry to see you go!

Imo, ddos protection should be added for the IP (anycast?), since hackers may one day decide to DDoS the IP for “fun”, regardless of what is hosted, maybe just to show off their stupid DDoS tool, maybe as a form of DDoS ransom, or for whatever other reason.

We already have DDoS protection for our IP addresses. However people often seem to believe that DDoS protection is just something you can enable to solve all problems. Which is not at all how it works. If you think it’s that easy, do you really think that DDoS attacks would be as big of a problem as they are?

Traffic filtering is not free. It can be very costly, with the cost scaling depending on the volume of traffic it should handle. I went into more detail about this in this post:

Another thing to consider is that it’s not like DDoS traffic just comes with a big red flag assigned to every network packet identifying it as DDoS traffic. Being able to reliably filter attack traffic and regular traffic is very difficult, with a lot of manual fine tuning, and you either risk blocking legitimate traffic or letting attack traffic through, overloading the backend infrastructure.

6 Likes

Glad you have DDoS protection.
True, it is a lot more complex than anycast and AI filtering, with whole companies like Cloudflare and Akamai created around mitigating the issue. (But even still, there was a DDoS that slowed down upstream ISPs for a bit, even though cloudflare blocked the traffic on its end)

Anycast routing is not a DDoS mitigation method. It’s a system mainly used for load balancers and DNS servers where you want to be able to deploy servers in multiple locations across the world and people to be routed to the closest server. Applications using anycast are a little bit more resistant to DDoS attacks, because DDoS traffic can bring down only one POP but not others, but it’s not exactly DDoS protection.

And anycast doesn’t really work for web hosting, because most sites have a single, central database which requires them to be hosted from a single location.

And “AI filtering” doesn’t really make sense to me. AI inference is incredibly computationally expensive, and running it on attack traffic is orders of magnitude more costly than just getting enough capacity to handle the DDoS traffic.

Cloudflare and Akamai can handle DDoS attack by just being very big companies with a huge amount of network capacity, as well as not doing a lot other than handling a lot of traffic, so they are really good at doing it efficiently. CDN companies don’t really have any special tricks to block attacks.

6 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.