DOS / DDOS Attacks / Firewall Testing

Toggle sidebar
  • WELCOME TO THE NEW SERVER!

    If you are seeing this you are on our new server WELCOME HOME!

    While the new server is online Scott is still working on the backend including the cachine. But the site is usable while the work is being completes!

    Thank you for your patience and again WELCOME HOME!

    CLICK THE X IN THE TOP RIGHT CORNER OF THE BOX TO DISMISS THIS MESSAGE
Status
Not open for further replies.
Other than the caching snafu this morning, it has been working well. I have been looking at the logs and it is catching a lot of stuff.

Our stats show that today we are sending 970 pages per minute. :D

Also blocked some major attacks as well... in fact I didnt realize how many people (or bots) are alwayhs trying to break in and do harm to the website.

Screen Shot 2014-10-23 at 9.56.23 PM.png
 
Scott Greczkowski said:
Our ISP where we host our servers has notified us that our servers are frequently being hit by DOS / DDOS and other cyber attacks. They have recommended that I put our web server behind a firewall to stop these attacks and they suggested a few options.
Click to expand...
I would have thought that this was a feature or benefit that a webhosting service would provide !

If this was happening frequently, were they manually dealing with it ?
 
  • Like
Reactions: Jim S. and navychop
Obviously you have never worked in a commercial webhosting environment When you co locate servers you send them your servers, they put them in a rack plug them in and turn them on, from there on out, you are on your own.

However for some of the attacks they have blocked them from coming into their router, but they can't keep doing this for me which is why they suggested the firewall.

In 24 hours it has blocked over 30,000 threats against the server. Very happy with it so far!
 
If you have a moment, can you explain how a firewall in the cloud can even work? It's a web proxy server? So all traffic that requests access to SG goes to the firewall first? I'm surprised SG is still fast.
 
Yes it goes through their firewall first. :)

http://sucuri.net/website-firewall/

Everything you request goes through them to our server and then goes out to them to you. Its fast because of the caching that is done, common files are saved on their server meaning less is being transferred from our server. Plus we have all our static files (images, java, css) stored on cloud servers and when you load those files they come from the cloud server closest to you. This actually speeds things up a bit overall.

In addition the server load has dropped. Our average server load is around 0.80 however since flipping over to the Firewall our server load is down to 0.25. This load drop is because of the fact that a lot of the resources are not coming off our server they are coming from the firewall cache and cloud servers and also all the bots and scanners trying to get in and find a weakness in our site are not being blocked and not using those resources. In addition stuff served from their cache is also being compressed to speed up the transfer to you.

As I said I am very happy with it so far.
 
  • Like
Reactions: TheKrell
Scott Greczkowski said:
Look at the picture I posted last night it shows what the attacks were that it blocked.
Click to expand...
Ahhh, got it.

Just curious, what does "IP address not whitelisted" mean ?

And the site is blocked from certain countries ? Is that by you or by some gov't requirement (like visitors from Iran, N Korea, etc) ?
 
IP Address not whitelisted means something is trying to access a secure part of the website, such as the admin control panel, the database manager and moderator control panel. Those areas are now blocked if the ip address of the user (aka staff) is not listed in the whitelist. :)

Blocked countries are countries that we are getting a lot of attacks from, currently China and Hungary are blocked.
 
  • Like
Reactions: TheKrell
It's not immediately obvious to me why your outbound stuff needs to go through their proxy as well. I'm pretty sure the SG web server already caches.

Edited to add: If I may be so bold, how much does this service cost?
 
TheKrell said:
It's not immediately obvious to me why your outbound stuff needs to go through their proxy as well. I'm pretty sure the SG web server already caches.

Edited to add: If I may be so bold, how much does this service cost?
Click to expand...
The outbound stuff is scanned to make sure it has nothing bad in it as well. :)

Actually the service isn't bad for costs its an addition $10 a month on top of the other costs from them.
 
  • Like
Reactions: TheKrell
Scott Greczkowski said:
The outbound stuff is scanned to make sure it has nothing bad in it as well
Click to expand...
This is only out of curiosity, but how would something "bad" get on the server ? The same rules/filters are used on inbound and outbound or no ? The other possibility is something bad got on days, weeks, or months ago and is waiting (?).
 
  • Like
Reactions: TheKrell
It only covers one site on the server... so if we had more than one website hosted here... like mynameishall.com there is a chance that mynameishall.com might get infected with something which could corrupt other directories and could harm visitors to SatelliteGuys.US even though all the damage was done at mynameishall.com. As an example a simple mysql injection that redirects you to myfiledownload.com... (Remember that?) :)
 
Status
Not open for further replies.

Similar threads

Scott Greczkowski
    • Like
    • Sad
Testing Ace UI
Replies
33
Views
4K
primestar31
primestar31
Foxbat
    • Sad
More Sucuri Firewall Issues
Replies
6
Views
1K
Foxbat
Foxbat
Scott Greczkowski
    • Like
  • Locked
Looks like the Firewall Burped
Replies
21
Views
2K
mdonnelly
mdonnelly
EarDemon
  • Locked
Firewall Error
Replies
5
Views
2K
redelephants
redelephants
Dudleydog73
  • Locked
Sucuri firewall?
Replies
86
Views
12K
Tampa8
Tampa8

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Latest posts

Share this page

Share this page
Top
Back