| ▲ | throwaway150 8 hours ago |
| > I'm not too worried about someone DDOSing my personal site. Yeah, they could do it. And then what? Who cares? Have you experienced a targeted DDoS attack on your personal site? I have. I too had this attitude like yours when I didn't know how nasty targeted DDoS attacks can get. If you're not too worried about someone DDoSing your personal site, then your host taking your website down and then you having to run circles around their support staff to bring back the website up again, then I guess, you don't have a problem. It's nice that you don't care. (Honestly speaking. Not being sarcastic at all.) Personally, I wouldn't mind DDoS on my personal site if the problem was just the DDoS. Unfortunately, mostly it isn't. A DDoS has other repercussions which I don't want to deal with exactly because it's a personal site. I just don't want to spend time with customer support staff to find out if and when I can bring my website back up again. DDoS on my personal website by itself isn't all that bad for me. But having to deal with the fallout is a pain in the neck. |
|
| ▲ | tcfhgj 7 hours ago | parent | next [-] |
| My hoster wouldn't take me down though. Instead it will protect me for free: https://www.hetzner.com/unternehmen/ddos-schutz |
| |
| ▲ | internetter 6 hours ago | parent | next [-] | | In my experience hetzner DDoS protection doesn't work | | |
| ▲ | mananaysiempre 6 hours ago | parent [-] | | As long as the hoster doesn’t actively make things worse by disconnecting you, any further help is just a happy accident. The bar is very low. | | |
| ▲ | internetter 5 hours ago | parent [-] | | Yeah I suppose by "doesn't work" I should clarify that maybe it is doing something and preventing some attacks, and that it doesn't take down my server. With that being said, it has certainly failed to mitigate attacks on numerous occasions that cf would've. |
|
| |
| ▲ | pixel_popping 5 hours ago | parent | prev | next [-] | | this is too naive sorry, Hetzner will disconnect (and ban you if DDoS is too long), same as OVH. It works mostly for brutal UDP flooding but sophisticated attacks such as swarm of Puppeteers hosted on infected machines by the millions will not be protected, those "new DDoS mode" are offered by most DDoS providers. | | |
| ▲ | altfredd 3 hours ago | parent | next [-] | | Cloudflare will disconnect you from their free plan just as quickly. Especially when you are facing "infected machines by the millions". | | |
| ▲ | ffsm8 42 minutes ago | parent | next [-] | | Likely true, but now you can go back to the original statement: the issue isn't really that the service isn't available for a while... It's that the hoster will remove your server. Your server will keep existing if cloudflare just drops their free service, effectively going down for the ddosrs but still available for your own access directly | |
| ▲ | fastily 19 minutes ago | parent | prev | next [-] | | Citation needed. I know folks using the free plan that have gotten ddos’d and cloudflare kept them online. Can you point me to an article where cloudflare disconnected someone for getting attacked | |
| ▲ | preommr 2 hours ago | parent | prev [-] | | Except that Cloudflare is geared towards ddos protection - i.e. you can monitor, get alerts, turn on temporary protection, etc. It can do this because that's it's main business. It's not possible to have the same expectations from infra providers like Hetzner. |
| |
| ▲ | tcfhgj 5 hours ago | parent | prev [-] | | evidence? | | |
| ▲ | pixel_popping 3 hours ago | parent [-] | | Handled hundred of dedicated servers for different projects over the last 20 years. Yes, OVH literally does ban accounts, and Hetzner nullroute your service at first if it's an elaborated attack. |
|
| |
| ▲ | throawayonthe 3 hours ago | parent | prev [-] | | that's ddos protection.... |
|
|
| ▲ | wpm 8 hours ago | parent | prev | next [-] |
| If I wasn’t running my own personal site at home on a proxmox vm, why would I choose a hosting provider that doesn’t do DDOS protection themselves? |
|
| ▲ | nalekberov 3 hours ago | parent | prev | next [-] |
| This is mostly scaremongering, not all hosting providers take your site down just because someone you pissed off decided to DDoS you. In Russia (I have nothing against Russia - I just know this info about “Дождь ТВ”), some news websites have been targeted by state-baked DDoS attacks, but I highly doubt most people are in this category. |
|
| ▲ | samtheprogram 7 hours ago | parent | prev | next [-] |
| You keep saying stuff like "the fallout" and "the repercussions" but then the only example you can provide is talking to customer service to bring your stuff back online. Is that it? Honestly speaking, not being sarcastic at all. |
| |
| ▲ | RijilV 7 hours ago | parent | next [-] | | So the internet is a series of pipes, or tubes, whatever. This quintessential personal blog website is hosted somewhere in this inter connected mess of things. There’s a hierarchy of these pipes/tubes, and they all have some ever diminishing capacity as they head from a mythical center to the personal blog website. When the bad guys want to DDoS the personal blog website they don’t go and figure out the correct amount they need to send to fill up that pipe/tube that directly connects the personal blog website, they just throw roughly one metric fton at it. This causes the pipes/tubes before the personal blog website to fill up too, and has the effect of disrupting all the other pipes/tubes downstream. The result is your hosting provider is pissed because their infrastructure just got pummeled, or if you’re hosting that on your home/business ISP they also are pissed. In both cases they probably want to fire you now. | | |
| ▲ | q3k 7 hours ago | parent | next [-] | | This is incorrect. Any decent host/ISP will instead (automatically, sometimes) emit a blackhole request for the given target IP address to their upstreams, causing the traffic to be filtered there (at the 'larger pipe'). In turn, these upstreams can also pass on the same blackhole request further up if necessary. This means the target is down from the point of view of the Internet, but there is no collateral damage. See: BGP Blackhole Community (usually 65535:666). | | |
| ▲ | ralferoo 4 hours ago | parent [-] | | Interesting, I didn't realise blackholes were special-cased to allow BGP announcements of /32 instead of the usual /24 or larger. I'd just assumed (like the GP) that the traffic ended up on the target's closest network to the source and only then was it filtered. |
| |
| ▲ | nalekberov an hour ago | parent | prev [-] | | How is that even legal? Is that my fault if some random guy got upset about what I posted online? |
| |
| ▲ | HelloNurse 6 hours ago | parent | prev [-] | | It can be really bad, especially if the enemy deliberately attacks when you really need your site and/or makes you look evil. |
|
|
| ▲ | TZubiri 8 hours ago | parent | prev | next [-] |
| Starting without ddos protection and installing ddos protection IF you get attacked sounds like a reasonable strategy to me. |
| |
| ▲ | dymk 8 hours ago | parent | next [-] | | That’s like saying you should buy car insurance after you wreck your car | | |
| ▲ | alwa 7 hours ago | parent | next [-] | | How? Isn’t it more like the difference between carrying an umbrella every day and ducking into the corner shop to buy one when you notice it’s raining? | | |
| ▲ | Johnny555 2 hours ago | parent [-] | | That's a good analogy since the corner shop is going to be sold out of their small stock of umbrellas during the rain storm so you won't be able to buy one until the rainstorm is over but at least you'll have protection for the next storm. If staying dry is important to you, you should buy the umbrella before the rain. | | |
| ▲ | nmz 2 hours ago | parent [-] | | Not if you live in a desert, which most blogs do. | | |
| ▲ | Johnny555 2 hours ago | parent [-] | | That continues the analogy -- it doesn't rain often in the desert, but almost all deserts receive rain. And since it rains so rarely, you're certainly not going to find an umbrella during the rainstorm. So again, if staying dry in the rain is important to you, buy an umbrella before the rain, if you don't care about getting wet from time to time, then no need for the umbrella. While the personal blog owner may not care about DDoS related downtime, he may face extra usage charges due to higher bandwidth, CPU usage, etc that he'd like to avoid. |
|
|
| |
| ▲ | variadix 8 hours ago | parent | prev | next [-] | | Depends on the distribution of accidents and the distribution of costs. If P(ddos) * Cost(ddos) < P(no ddos) * P(cloudflare outage) * Cost(cloudflare outage) then you would be better off not using Cloudflare. This is not considering other issues with Cloudflare, like them MITM the entire internet and effectively being an unregulated internet gatekeeper. | |
| ▲ | hypeatei 7 hours ago | parent | prev | next [-] | | Unless your server literally starts on fire because of DDoS, no it isn't. Your things will be just fine after an attack, it isn't that serious. | |
| ▲ | OkayPhysicist 5 hours ago | parent | prev | next [-] | | Insurance protects you from big expenses. What's the big expense here? Oh, my site's down for a bit. | |
| ▲ | grayhatter 7 hours ago | parent | prev | next [-] | | Sounds reasonable if the car insurance could magically and near instantly fix your car, undo all the property damage and no one could get injured. Insurance for physical things is different for services, they don't map as an analogy. A better one would be, Because you buy a new car every hour, it's like buying insurance for every car after someone steals your 700th car. That prevents your car from getting stolen. | |
| ▲ | thfuran 8 hours ago | parent | prev | next [-] | | But you can just download a new car. | |
| ▲ | phyzome 7 hours ago | parent | prev | next [-] | | My site being down for a couple days is not an unacceptably large loss, unlike an uninsured car being wrecked. It also isn't a good analogy because insurance doesn't apply retroactively to wrecks that happened before start of term, and is event-based rather than providing continuous value. | | |
| ▲ | Johnny555 2 hours ago | parent [-] | | I thought that's why it's a good analogy - DDoS protection doesn't apply retroactively to prior attacks (or even current attacks, it's hard to apply DDoS protection while your site is down due to DDoS). If you want protection from DDoS, you need it before the DDoS. If you want to insure your car in case of accident, you need to insure it before the accident. |
| |
| ▲ | 7 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | shortrounddev2 7 hours ago | parent | prev | next [-] | | No its like saying you should buy a new battery after your battery dies. Yeah, its nice to have a spare battery around i guess but its not like your battery dying will significantly ruin your finances | | |
| ▲ | c22 7 hours ago | parent [-] | | It's more like buying the plug-in version after the battery dies... You already experienced the downtime, so if not having downtime was a goal you already failed. If avoiding downtime is not important then there's no reason to add anti-downtime capability to your system. The most charitable modeling of this approach is that the downtime incident may prompt one to realize that avoiding downtime actually is an important property for their system to possess. | | |
| ▲ | Dylan16807 3 hours ago | parent [-] | | The actual charitable model is that you expect close to zero attacks, but if you actually get hit your expected rate of future attacks goes up by an order of magnitude or two. And it's that change in expectations that gets you to buy protection. You don't care about going down once, you do care about frequent outages. And you know this from the start, you don't realize it later. |
|
| |
| ▲ | unethical_ban 8 hours ago | parent | prev | next [-] | | That's like saying my personal blog going down is as impactful to my health and finances as getting into an automobile accident. Assume a "personal" blog or site is not making money for the owner, and they have backups of the site to restore if the VM gets wiped or defaced. Why spend money on DDoS protection if it is unlikely to ever occur, much less affect someone monetarily? | | |
| ▲ | jimmydorry 7 hours ago | parent [-] | | Depending on the host, you may get charged a big bill for traffic. If you're hosting at home, your ISP may blackhole all traffic to your residence (affecting your day job and being a nightmare). When it comes to DDoS, most providers are quick to blackhole, and slow to unfreeze, without getting the run around. |
| |
| ▲ | iso1631 6 hours ago | parent | prev [-] | | It's like saying you should buy volcano insurance after you get hit by a volcano |
| |
| ▲ | benmmurphy 8 hours ago | parent | prev | next [-] | | in the cloud you should be able to turnkey this quite easily. i think in a DC this can be a bit more tricky because you will still be getting traffic from the DOS to your network interface after you have flipped the switch to cloudflare. This traffic will cause both you and your provider a problem. but i think the idea is you would have two sets of IPs one for the normal public hosting, and one for cloudflare proxy then when you become under DOS attack you have a process in place for BGP to stop advertising the normal public hosting IPs and you switch to cloudflare. i presume if BGP stops advertising the IPs then eventually you will stop getting the DOS traffic. | |
| ▲ | k4rnaj1k 8 hours ago | parent | prev [-] | | This strategy requires you to be "on-call" for personal stuff. Honestly, I don't want to spend more time on pet projects than I already do. Or cutting some of it away on support instead of spending more on things I would actually be interested in. And resulting downtime might be even bigger than that with cloudflare. | | |
|
|
| ▲ | close04 8 hours ago | parent | prev [-] |
| > then your host taking your website down and then you having to run circles around their support staff to bring back the website up again These are very different situations. With a DDoS the disruption ends when the attack ends, and your site should become available without any intervention. Your host taking down your site is a whole different matter, you have to take action to have this fixed, waiting around won't cut it. |
| |
| ▲ | throwaway150 8 hours ago | parent | next [-] | | > These are very different situations. It is obvious those two are very different situations. I'm not sure I understand your point. Yeah, nobody will be bothered by a short 15 minute DDoS attack. I prolly wouldn't even notice it unless I'm actively checking the logs. Sure, nobody is going to be bothered by that. But what if someone's DDoSing persistently with a purpose? Maybe they're just pissed at you. My point is... a sustained DDoS attack will just make your host drop you. So one situation directly leads to another and you are forced to deal with both situations, like it or not. | | |
| ▲ | blueflow 6 hours ago | parent | next [-] | | > a sustained DDoS attack will just make your host drop you I'd love to see someone suing the host for damages. The contract binds them as much as it binds you. Sounds like a good way to have your next gaming rig financed. | | |
| ▲ | giancarlostoro 5 hours ago | parent [-] | | I'm pretty sure in every webhost terms of service I've ever read they leave language in to kick you out if you are degrading the service for others. Turns out a prolonged DDoS attack is degrading the service for others. The bigger cloud providers are drastically less likely to drop you but now you're paying a premium on hosting. |
| |
| ▲ | NewJazz 7 hours ago | parent | prev | next [-] | | DDoS attacks are frequently shorting than 15 minutes. We've seen plenty of attacks last less than a minute. | |
| ▲ | close04 8 hours ago | parent | prev [-] | | > It is obvious those two are very different situations. I'm not sure I understand point. Your host taking down the site and forgetting to bring it back up after a DDoS attack isn't a common thing with any host, unless it's the kind that does this routinely even without a DDoS. And then you should look long and hard at your choice of hosting. Either you suffer from a DDoS attack and come back when it's over, or you have a host that occasionally brings your site down and fails to bring it up until you chase them. But one does not follow the other without a lot of twisting. |
| |
| ▲ | whartung 7 hours ago | parent | prev [-] | | Not may area, so forgive me. How does taking the site down stop the DDOS attack? Isn't the host network still being bombarded by garbage packets, even if there isn't anything there listening? Or is routing the destination IP to /dev/null enough to blunt the attack? I know there are different kinds of attacks (e.g. some that are content based, impacting the individual server), but I thought most of them were just "legit" requests storming through the door that the server can't keep up with. Having the site taken down after the fact, as a "risk to infrastructure" that the host can't afford, that's a different issue. | | |
| ▲ | grayhatter 7 hours ago | parent [-] | | Forgiveness not necessary, these are good questions. Internet packets have to travel through many routers between the source and the attack and the server they're attacking, at each step the routers usually get smaller. the smaller routers are less able to withstand the amount of traffic destined for one server, which means they can't route traffic to all the other servers that are not under attack. a common strategy is to drop the traffic at a much farther away server, thus protecting the smaller routers, thus protecting all the other servers. The host Network would definitely still be affected by the DDOS, which is why the strategy is often to "blackhole" the traffic farther away from the individual server racks. I see people say route traffic to /dev/null All the time, but I personally try to reserve that for the individual servers or the nearest router, just to avoid your exact confusion. depending on how well designed, any specific network is the "hug of death" which has taken down many sites would also degrade the performance of the peers next to that server. Which is why many ISP are quick to block the traffic farther away. To protect not you but their other customers. To be fair (pedantic), if it's part of a DDOS, it's not a legit request. Depending on the capabilities of the attackers, they will either choose obviously invalid requests because those take longer to process or exclusively valid requests which take longer to process. it is generally speaking much easier to send valid well-formed requests because that's what most libraries exist to do. you're often writing custom code if you want to send an invalid request because that is a bug in other cases. A good example of an invalid request is setting up TLS transmitting a partial packet and then closing the connection (or leaving the TCP open), This one can be particularly expensive and much harder to detect. > How does taking the site down stop the DDOS attack? When people say take the site down, in this context, they often mean one of two things, either changing the DNS configuration to point to a different IP address (or none at all), or "null routing" traffic to the under attack IP, at an edge router, edge in this case meanthing their upstream ISP or other network peer. (farther from the victim server) I object to both uses because the specificity is important. When I say take down the server, I almost always mean quit [nginx] or power off the box. | | |
| ▲ | whartung 6 hours ago | parent [-] | | Ok, thanks. I was thinking more things being done to the actual machine the site was hosted on. |
|
|
|
