Long story short, you can’t “just” filter connections and block all the bad while letting all the good pass. Blocking requests is easy, but being able to reliably distinguish legitimate visitors and attack traffic is both complicated and costly.
If it was easy, don’t you think you wouldn’t need Cloudflare’s “I’m under attack”, i.e. “block everyone and everything until they can complete a CAPTCHA” to contain the traffic? Cloudflare is a much bigger company which is specialized in blocking attacks. And if a company like Cloudflare can’t do it, why would you expect that we could?
I know. We wish it was easy. I was talking to our techs at work, and apparently we,re regularly taking over 0.5 million hits and hour. And about 95% of those are attacks… If there were an easy fix we’d have worked it out by now
Just got to keep everything crossed and hope cloudflares “under attack” mode provides enough protection
I was thinking that the ISP could have some sort of rate limiting applied to inbound connections but I can see that with the same ip hosting 1000’s of websites it wouldn’t be that simple
Unfortunately most DDoS attacks (especially big ones) use hundreds if not hundreds of thousands of different IPs for the specific purpose of avoiding ratelimits.
It must be difficult to experience this some sort of attack. I would be mad if I were in your position.
IFastnet should’ve been more considerate in the amidst of a DDOS attack. Affected websites might not deserve suspension. It’s not their fault that the total number of daily hits went up to 50,000. I hope IFastNet allows reactivation of these affected hosting accounts after the attack.
Considering that iFastNet hasn’t closed my support ticket yet, I inquired about this current attack and if they are looking into this situation or ignoring it.
From the making of this post, that was 20 minutes ago, with no response.
They won’t. Mostly because it is not worth the effort to look at graphs and try to figure out if it was a DDoS or something else. Again, free hosting, nobody’s getting paid.
Also, if your site is a magnet for bad attention, there are not that many web hosts out there that would welcome you back, they know that will potentially cause more harm to their servers in the future.
I got a response back, but it’s basically another “We don’t want to host your site at all” thing. This time, though, it’s AI generated.
Full AI generated response
Hi there,
Thank you for contacting us. We understand your frustration regarding the recent issues with your website. We want to provide a clear explanation of the situation and the reasons behind our decision.
The difficulties you’ve experienced are related to Distributed Denial of Service (DDoS) attacks. These attacks originate from vast networks of compromised devices, known as botnets. These botnets can consist of millions of individual devices, including:
Infected IoT (Internet of Things) devices: Everyday items like smart TVs, security cameras, routers, and even refrigerators can be infected with malware and become part of a botnet. These compromised devices are then used to flood target servers with traffic.
Compromised Servers: Servers themselves can be infected with malware, turning them into unwilling participants in DDoS attacks.
Compromised Personal Computers: Although less common than IoT devices in large-scale attacks, personal computers can also be part of a botnet.
The scale of these botnets is immense. DDoS attacks can originate from millions of different IP addresses spread across the globe. This makes it incredibly difficult to pinpoint the source of the attack and block it effectively. Think of it like trying to stop a flood by blocking individual raindrops \u2013 the sheer volume makes it nearly impossible.
It’s important to understand that any web hosting provider, regardless of size or security measures, can be targeted by a DDoS attack. These attacks are, unfortunately, a common occurrence on the internet. While we employ various mitigation techniques, no system is completely immune. DDoS attacks are a fundamental challenge for the entire internet infrastructure.
Receiving a DDoS attack is, to a large extent, unavoidable. Just like a business can’t prevent someone from throwing a rock through their window, a web host can’t prevent someone from launching a DDoS attack. We take proactive steps to minimize the impact of these attacks, but complete prevention is not currently feasible.
Due to the persistent and severe DDoS attacks targeting your website, we’ve reached the difficult decision that we are unable to continue hosting your site at this time. The ongoing attacks are impacting not only your website but also the performance and stability of our servers for other customers. We understand this is frustrating news, and we haven’t reached this decision lightly.
We sincerely apologize for the inconvenience and disruption this has caused. We hope you understand the complexities of DDoS attacks and our position in this matter.
I don’t think it’s cloudflare that doesn’t allow subdomains, it’s IF. To use CF, you need to point a domain to their nameservers. If IF allows to change NS on free subdomains, that essentially makes IF a free domain provider
Good point. However, there is a more efficient way to do that. Instead of a manual approach, it can be automated somehow. We know that in order for the VistaPanel to create a graph, it needs statistical data. The data itself can be processed and analyzed to filter out the accounts who suffer from the attack.
However, the users can take advantage of this approach if the implementation is faulty.
They can conduct a fake DDOS attack on their website as an “excuse” for other violations. In order to avoid that, a proper algorithm or implementation is mandatory. While the automated suspension system can detect most of these violations, we know that it’s far from perfect. Perhaps that’s why the support ticketing system exist in the web hosting services from MOFH. It’s another story, though. But that’s the point.
The idea is possible. There are more efficient ways to do things. Had IFastnet taken this approach, the speed of the assessment would be faster than usual.
Yes, but the point of “We don’t want to host domains that get attacked” is probably the major point.
Sure you can build systems to detect a DDoS attack after it happened, but that’s not going to stop similar attacks in the future. Unfortunately the lack of effective DDoS prevention is a major downfall of using free subdomains (To be clear, effective protection is available for custom domains on free hosting, it is mostly free subdomains that suffer from this issue).
I agree but it’s not the point. I didn’t say that we should build the system as a solution for these attacks.
If the system is to be implemented, then the staffs from IFastnet can check whether a certain hosting account is affected by DDOS attack or not, without looking into the VistaPanel manually, for the purpose of reactivating the suspended account that has been affected by the attack.
Unfortunately, it’s kinda useless, from what you told us earlier:
I never said that it’s a solution to prevent the future attacks to happen.
0.5M hits per hour is peanuts. That’s 139 requests per second. That’s not attack traffic, that’s just regular daytime load.
These attacks we’re seeing generate maybe 3k requests per second. That’s over 10 million per hour.
I’ll talk to them about this wave of attacks and see if something can be done. However, please understand that it’s nobody’s responsibility to make sure that every single website keeps working at all costs. The goal is to keep as many websites running well as possible, even if that means taking down a few websites that are the source of high server load.
You are right. Even if we provided the ability to change nameservers for free subdomains, Cloudflare won’t let you add a subdomain to their platform.
We used to have a system in the past where we would just add the entire reseller domain to our own Cloudflare account and let people enable Cloudflare on their subdomains. But then Cloudflare will just take down the entire domain whenever they get a complaint about a bad site on it, so it just doesn’t work for shared domains.
You’re essentially asking us not to just detect which sites are the target of a DDoS attack, but also distinguish whether that attack was done to harm the website in question or to harm the hosting provider, and disable account limits when the goal of the attack is to harm the hosting.
I don’t see how that’s possible with “processing and analysis”.
Now you break it down, that does seem very low… I’m wondering If I’ve been given dud information I know that out of our 50 servers, we have one reset every 15 minutes because of DDOS attacks causing crashes, and thats just the traffic that gets through
Ah well its not my department I’m not questioning it.
Praise the hosting gods!! (Hosting gods = iFastNet)
My account is now unsuspended!
I self-suspended it so that these domains aren’t being attacked. I’m probably going to keep it that way for a few weeks. I won’t announce when they are back online again.
But that code still has to be called, still has to run. That can be done, but it’s not a solution. By the time the number of requests we are seeing even reaches the PHP layer it is far too late. The hit has been counted, the account is suspended, and the server takes a hit.
Here’s something interesting:
iFastNet Ticketing/CS people are still against me hosting my websites on their services. When I thanked them, they told me (basically) “We DO NOT want to host your websites, find a different provider. We WILL NOT re-activate your account”.
But yet, I can use my account just fine, as of right now it’s self-suspended but I can use it just fine when I re-activate it.
Does iFastNet (iFastNet CS) know my account isn’t suspended for Abuse?
Really chuffed for you