[bedelman]

My main site, www.benedelman.org, is offline due to a DDoS attack from bad actors yet to be identified. My web host, Globat, says this is the worst DDoS they've ever faced, and they're apparently in no position to get my site back online. I'm working to find a new hosting company. Any suggestions?

[ecomcity]

Host on the same service as FBI.org and FTC.org. Get some States Attorney Generals to install cybercrime sniffers or even the Carnivore system to identify the Adwhore perps.

[Jorge - JRami]

Many choices, but I have used powweb.com for few years with one site with no problems, even though they have lots of users, etc.

Now, if your site does not really need any PHP or all those bells and wistles, try godaddy.com, 3.95 a month.

You can also try, autica.com, good for reseller accounts too.

[bedelman]

Those are the kind of companies I'd usually look to. Indeed, that's about how I found my old host, Globat.

But now that I'm seeing hundreds of megabytes per second of DDoS traffic (600MB/sec, to be precise!), I don't think these folks are up to the task. I'm going to need an ISP with a savvy fraud department, with a great relationship with its upstream connectivity providers. I don't get the sense that these cheap folks fit the bill.

Anyone have any experience recovering from DDoS?

[Kellie aka Ms. B]

For the welfare of the other sites that would be on a shared server, you may want to consider a dedicated server plan. Check the hosting forum, there have been many suggestions/experiences/etc posted there.

[Kellie aka Ms. B]

Ben,

I'm not certain if you may want to be posting publicly that you are currently hosted somewhere that can't or isn't dealing with a DDoS. Know what I mean?

[bedelman]

I have nothing to hide. The folks who are doing this to me know perfectly well that they're doing it and that, for now, they're succeeding. The extent to which Globat can handle DDoS is also perfectly well known -- they (like others) can handle most DDoS most of the time, but some DDoS is just too intense. 600MB/s is a lot to ask!

I will check out the hosting forum. Thanks for the pointer.

[Kellie aka Ms. B]

I meant others. Hope you can get things resolved.

[Fer]

What about a blog at google at least as a secondary source?

[Dynamoo]

Ouch.. that's tough. I've been on a shared server under DDOS and it was not a pleasant experience.

At least it proves the point - the people who distribute the spyware on your site are criminal gangs who recruit armies of zombie PCs, despite their own protests of innocence.

I've seen similar things happen to Andrew Clover's site with large-scale joe jobs from zombie PCs.

[chrisk]

If you are running on IIS, i might try http://www.easy-guard.com/en/

I have been considering loading it on a few of my primary boxes as a just in case.. I have no idea if similar things are available on Linux or even if this product works well. I just had it bookmarked...

[Drewbert]

Ben,

Go ask your question on slashdot. Very few mum&pop type hosting operations could handle what you're experiencing, both bandwidth wise and how to fight it.

[Chocolate_Chicken]

Want stealth?

Try Tripod.

No joke.

[bedelman]

I'm back online. For those interested in who helped, see paragraph three of today's update to my site. I consider myself quite fortunate.

[Zeus]

Glad to see you back online. Hope you'll find who's behind the DDoS attack.

[Haiko de Poel, Jr.]

Can you please explain to me your rationale for the Globat affiliate link when you preface it with "My prior web host"?

Is that a new way of pre-selling via a negative testimonial?

I am no longer amazed or shocked at any of this, only appalled.

[Drewbert]

I'm getting a 404 for http://www.benedelman.org/news/020905-1.html and the main page goes to a GoDaddy advert - did you do a deal with Bob Parsons, or the girl with the broken spaghetti string strap? :^)

[Zeus]

Drewbert must be under a DDoS attack. http://www.benedelman.org/news/020905-1.html is up for me.

[bedelman]

Globat remains a good choice for most folks. They're not right for someone receiving a major DDoS attack. But in the $10-and-under (per month) department, they're about as good as it gets, in my view.

If someone happens to click through my link, then sign up with Globat, why shouldn't I get a commission? I don't intend to be "selling" Globat in the new post, so this is a little different from most affiliate links. But it's certainly not "appalling." (Incidentally there's no "u" in "appalled.")


Drewbert, the DNS propagation can take a bit of time. I changed my DNS at 2am Eastern last night, and my TTL is 1 hour, so officially you should see the change as of many hours ago. But the fact is many DNS servers cache records for longer than the TTL permits. Sit tight and the site will come back for you eventually. Sorry...

[Haiko de Poel, Jr.]

I've never seen a negative presell... and wanted your rationale because your article didn't explain it.

The link wasn't appalling *thank your the spell check*, far from it! Oh and shoot yeah, if someone does click on your link and buys, you should be re-numerated! Hosting isn't free, much less when DDoSed.

The appalling part was the DDos, but like I said, I'm no longer amazed or shocked.

[Catwoman]

Ben,

A few years ago, grc.com was also the victim of DDOS attacks. His site was hit several times within the same week. You can read about it here http://grc.com/dos/grcdos.htm if you haven't seen it already.

It took a while but eventually he found out who did it, it's all described on his site and he even posted his conversations with the hackers. Since the two of you kinda deal along the same lines on the internet, he might be willing to give you a few tips on how to get to the culprits or even provide some help. Worth a try. What a great lawsuit that would be if you caught them!

I'm glad to see that they didn't scare you away! Good job and keep at it, you have a lot of people behind you. The work you do benefits ALL honest affiliates and companies.

Catwoman

[bedelman]

Catwoman, Thanks for the link. I had seen that page, but not recently. It's all the more chilling now that it's so timely for me. Highly recommended reading.

[SSanf]

Still down here, too.

[RadarCat]

Hi, bedelman

You might want to get web host suggestions from Steve Gibson at:

http://www.grc.com/support.htm

My best guess is that this is not the last time you will be a DDOS target.
Your work has obviously gotten some crooks worried.

RadarCat, Webmaster
http://www.os2warplinks.com

[ecomcity]

I see you site is back up now Ben. Hope you catch the perps.