botnet ddos attack

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
New to forums
New to forums
Posts: 13
Joined: Mon Jan 05, 2015 2:05 pm

Re: botnet ddos attack

Post by chuck316 »

WOW I hit a nerve and that was my intention at all. Like I said I asked about managed sever when I first signed up months ago with NFO and they asked for what? The said oh we can't do that and I still signed up. My ONLY complaint was humm since we don't see a problem your on your own and was told we do not know Linux from some support person is to why they couldn't do managed support for me. Not here to argue just what has been told to me.

Kraze said "It's more likely they didn't know it was for a competitors service as it wouldn't make sense for a legitimate company to use their resources on doing so. Though, if they did I'm glad!"

Of course they knew it was a competitors server since it wasn't theirs... So that was kind of a lame and desperate statement to make. LOL I have been with them for over 5+ years selling webhosting service on 2 different VDS I get from them and I know 100% they are legit and did this as a personal favor or as a client courtesy for me since I have been a long time client of theirs is all.

Anyway if is now taken care of as of now and that's all I wanted.

Again I didn't mean any harm here just stating what I have seen and been told by NFO support is all. I didn't mean to hit any nerves or start any trouble.

You can close lock or even remove this thread if you would like.
This is my homepage
This is my homepage
Posts: 642
Joined: Sun Sep 20, 2009 6:15 pm

Re: botnet ddos attack

Post by rustydusty1717 »

I love NFO in every aspect. No one can top their services and support.
User avatar
Posts: 12962
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle

Re: botnet ddos attack

Post by Edge100x »

I'm not sure why anyone here (or elsewhere) would have the idea that we don't know Linux. A cursory look at our KB or this forum make it clear that we know it thoroughly. We've been using Linux since the founding of the company and continue to use it for all sorts of things, including webhosting, VDS-hosting, game servers, voice servers, DNS servers, backup servers, etc.

I just didn't know what to tell you in terms of configuring your specific 3rd-party firewall wrapper, and I don't believe any of the staff did, either. If we did, we would have helped even further. It's in our nature to try to help, even for things we don't officially support (in the appropriate places, of course).

One of the great benefits of a forum is that anyone can pitch in. From the general silence, it is likely that others here weren't familiar with your specific configuration problem, but there are many other things that our community members can and do assist with, because we're not the only ones who try to help out whenever we can.

For others who read this thread because they see the same nf_conntrack error that this gentleman did, my early posts will likely apply to you:

1. For a potential quick-fix, try bumping up ip_conntrack_max.
2. Consider limiting connections allowed per IP (which is easy to do with iptables).
3. Consider using the Apache logs to determine attacker IP addresses and blocking them with iptables using the ipset module (we've discussed this previously in other posts).
4. If you are running an unusual GUI and don't understand how to configure it, consider disabling it or learning it in more depth.

We also do offer webhosting here, and with our webhosting, you would not have had to deal with this problem.
Compulsive poster
Compulsive poster
Posts: 70
Joined: Fri Feb 21, 2014 10:24 am

Re: botnet ddos attack

Post by Bubka3 »

CSF is a popular firewall for cPanel/WHM servers. When configured properly it will easily rate limit per IP and that's most likely what the other company applied. The default configuration is not good for just about anything.

This thread also illustrates why I hate the word "unmanaged". Unmanaged implies nobody manages the service, and usually the host is always blamed for whatever knowledge the operator of said service lacks. Which is why I wish everyone would start using the word self-managed. It sets a standard of "You provide the knowledge, we'll sell you the hardware".
chuck316 wrote:Of course they knew it was a competitors server since it wasn't theirs... So that was kind of a lame and desperate statement to make. LOL I have been with them for over 5+ years selling webhosting service on 2 different VDS I get from them and I know 100% they are legit and did this as a personal favor or as a client courtesy for me since I have been a long time client of theirs is all.
Now, this I find hard to believe. I don't know what legitimate business would help a client with a service on a competitor's hosting platform. That just sounds fishy to me. Call me crazy, but I hope they didn't set you up for sabotage later on. I could easily imagine a scenario where they set up a backdoor to break something later and then tell you it's NFO's fault in effort to get you to migrate your remaining services to them.
User avatar
Posts: 12962
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle

Re: botnet ddos attack

Post by Edge100x »

Self-managed does sound like it would be a better term. I will have to consider changing that. (It's in a lot of places here, so it would be a bit of work, though.)
New to forums
New to forums
Posts: 13
Joined: Mon Jan 05, 2015 2:05 pm

Re: botnet ddos attack

Post by chuck316 »

Sorry Bubka3 but your statement here

"Now, this I find hard to believe. I don't know what legitimate business would help a client with a service on a competitor's hosting platform. That just sounds fishy to me. Call me crazy, but I hope they didn't set you up for sabotage later on. I could easily imagine a scenario where they set up a backdoor to break something later and then tell you it's NFO's fault in effort to get you to migrate your remaining services to them."

Leads me to think you must have had bad luck in the past trying to find a legitimate host so I am very sorry.

as far as my other host I use for hosting (Not gaming and they do not even claim to do gaming) but for hosting only I have been with for over 5 years and they do all my server management and have taught me quit a few things over the years and I do trust them 100%

This is their second time helping me on the NFO VDS I use. The first time was to make the nameservers work. When I asked NFO when I first signed up they said you have a unmanaged server please use our forums for support. Anyway the other host set it up for me and this was months ago.

Now I'm not knocking NFO by no means and they do give what they offer great fast servers.

Now at one time I thought about getting another vds from them to expand my hosting business nothing to do with gaming but when I requested more info about managed servers they said they just couldn't do it they just don't have the know how on many 3rd party apps. Some things needed to do a hosting business. I liked the honest answer and thanked them and just got the second VDS from the other datacenter I use. Not a deal was just going to expand to the Dallas area is all.

Edge100X did try his help to the best of his ability it just so happened it wasn't enough to fix or control the problem and ONLY becasue of his lack of knowledge of whm/cpanel and CSF firewall.

oh and edge100x to answer your question about "I'm not sure why anyone here (or elsewhere) would have the idea that we don't know Linux"

I had submitted a ticket asking about how do I look up hard drive usage since it isn't shown in the back office just bandwidth and I was told you have to go through the OS and so I asked what the command was using SSH and the answer was I'll copy and paste

"I am not familiar enough with Linux myself to know how to look it up off the top of my head unfortunately."

So I just assumed not enough experience with Lunix was known by the techs. So if I'm wrong then sorry.

So back to business here I just didn't feel it is right for someone or anyone really to say if one company helps a good client of theirs with another company then they must be doing something backhanded to make that company look bad. That is just not right. and I'm sure NFO really don't feel that way either becasue if they did then is what what they would do if they had the chance. :O) I don't think so most legit companies to not need to try and sabotage another company. Hell in my case they would loose a very good long time client if they even thought about it.

Hope there is no hard feeling here I sure didn't mean for it to be. I just needed the problem fixed and I don't care who or how it got fixed me you or a 3rd party person as long as it got fixed.

Hell I got to even say I had cpanel techs involved before I even submitted a ticket to NFO or made any posts in here and I'm sure cpanel didn't inject a backdoor or anything. :O)
This is my homepage
This is my homepage
Posts: 642
Joined: Sun Sep 20, 2009 6:15 pm

Re: botnet ddos attack

Post by rustydusty1717 »

One client better off not having.
User avatar
Former staff
Former staff
Posts: 4362
Joined: Fri Sep 17, 2010 9:06 am
Location: California

Re: botnet ddos attack

Post by kraze »

To clarify here. The reason this discussion took a slight turn was due to how you phrased your response after Edge tried to assist.
chuck316 wrote:Well thanks for trying to help. I just wish NFO had real support for their servers. I had to contact my other VPS company and asked them to help me with NFO servers which they gladly did and for now it seems to be working what ever they did.

But it would be nice if NFO had experienced working on their servers.

But thanks for the help you were able to give.
Hopefully, you can see how that comes off a bit odd as it implies we sold you a product with specific support when we didn't. I believe we're pretty clear on what unmanaged means. We do have real support for our servers and do offer additional outlets for things we cannot assist with, these forums and our KB section here are a few of those.

It is true that not all the staff here are experienced with Linux, and for good reason. It's just not a job requirement. We encourage all employees to venture out of their current skill set and learn additional skills, but it's not required. The employees who are required to work with Linux do know Linux.

There is also no hard feelings here. Once I saw that, I just wanted to correct it, as this is a public forum and other users will see this. It's important we have proper information here.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
New to forums
New to forums
Posts: 13
Joined: Mon Jan 05, 2015 2:05 pm

Re: botnet ddos attack

Post by chuck316 »

Well that is true I guess I could have worded that different or just said Ok thanks all is fixed now and left it at that. I guess I was just frustrated and was venting.

NFO does have good and fast servers this was why I even asked about hosting when I did back then and the fact they were honest and said we could not give managed support for hosting becasue of the 3rd party apps being use was GREAT and being up front.

Anyway like I said I didn't mean to imply anything really I guess becasue of my lack of knowledge of servers I was hoping to get help on the DDOS I was getting on the server and Edge100x was trying to help me but talking over my head. :O) I even submitted a ticket saying Edge100x was talking over my head and he replied back there saying it was him (The same person) and top please continue in the forums.

I guess what got to me also was the people jumping on the other host claiming they must not be legit and probably injected in the server and so on. Then making slide comments with no help intended but to make remarks that are uncalled for.

This is one reason I really don't like visiting forums of any kind. A lot of people just come in to bash the poster. Not saying this forum just talking forums in general.

Ok done now. :O) as long as no hard feeling we are good to go.
Compulsive poster
Compulsive poster
Posts: 70
Joined: Fri Feb 21, 2014 10:24 am

Re: botnet ddos attack

Post by Bubka3 »

chuck316 wrote:Leads me to think you must have had bad luck in the past trying to find a legitimate host so I am very sorry.
Assumptions. I can tell if a host is a legitimate business or some kid with mommy's credit card reselling off of OVH or whatever the cheap crap servers are nowadays.
chuck316 wrote:Hell I got to even say I had cpanel techs involved before I even submitted a ticket to NFO or made any posts in here and I'm sure cpanel didn't inject a backdoor or anything.
cPanel is your software vendor. They have an interest in making sure the software is working properly for you, that's their business model.
chuck316 wrote:as far as my other host I use for hosting (Not gaming and they do not even claim to do gaming) but for hosting only I have been with for over 5 years and they do all my server management and have taught me quit a few things over the years and I do trust them 100%
chuck316 wrote:So back to business here I just didn't feel it is right for someone or anyone really to say if one company helps a good client of theirs with another company then they must be doing something backhanded to make that company look bad. That is just not right. and I'm sure NFO really don't feel that way either becasue if they did then is what what they would do if they had the chance. :O) I don't think so most legit companies to not need to try and sabotage another company. Hell in my case they would loose a very good long time client if they even thought about it.
Either that hosting company is selling you server management services, or they have no business touching anything hosted elsewhere. That's just my opinion.

Also, it's nothing against you, or that other hosting company. This is a public forum and everybody should be able to express their opinion. All I'm saying is personally I would never allow this to happen. It's just a matter of liability for both me and that other host, even if no harm is intended.
New to forums
New to forums
Posts: 13
Joined: Mon Jan 05, 2015 2:05 pm

Re: botnet ddos attack

Post by chuck316 »

Understood Bubka3 and tend to agree with you on most cases here but I guess this is when trust kicks in. If you trust your hosting company in my case it is another datacenter that I do PAY for support on their servers so going into NFO was strictly a favor for me as a courtesy is all.

I would have NEVER another vender in that I didn't trust but after 5+ years they earned my trust. As a matter of fact they were the ones who suggested NFO servers for gaming servers. Since NFO use's InterNAP bandwidth and that's would be best for gaming.

Anyway this has been a learning period. :O)
Post Reply