I’ve been with the same dedicated server provider for about 6 months, haven’t really had any issues that couldn’t be solved through direct communication, an outage for about an hour total. So up until this point I’ve been fairly happy with my experience. I was hosting a fairly large community back in 2011 on Garry’s Mod, and nearly every time someone was banned, we would get attacked. The attacks would vary, some decently weak (90-110megabit/s) others saturating our line (1-3gigabit/s) and alerting the datacenter of the large amount of traffic. I think the best experience I had was with Steadfast in Chicago, they entered multiple ACLs to block the incoming attacks and managed to stop about 60% of the malicious traffic. (all originating from cod4 source ports, sound familiar anyone?) But it just simply wasn’t enough, the user who was launching the attacks was arrogantly posting about his success of the attacks on our community forums. After he finally became bored and left for a while, we got the next months scheduled invoice, with a nice $400 overage fee. (Due to the fact that, filtering the attack requires gathering data which can’t be done when the target address is nullrouted, the address had to stay online for a bit while the large attack was happening for the datacenter to collect any data on the incident.)
Today I requested our line speed be re-upgraded to 1000mbps so I could begin hosting multiple Garry’s Mod servers again, and the following response was received.
I guess the whole point of this rant is, where is the initiative? If we go back a couple of years, these attacks weren’t running rampant. But since they are, I think we need to evolve into a state where we can deal with these attacks. Lets face it, anyone can drop $10 into a couple cheap vpses on a 1000mbps line and pop off a perl script, and this will take down pretty much 99% of the servers on any source engine game today. I’ve spent well over $1000 with this host, from general upgrades to monthly payments, and my reponse to wanting to host a game on a machine I pay for is basically, if you get attacked, your account gets suspended.
Using that same logic, could I not go the VPS route and attack all of their customers? Are they just going to shut every one of their customers accounts down because they don’t want to filter the attacks coming from literally a handfull of IPs? It costs but a mere fraction to take down a server as it does to run one, and our only foolproof option to ddos attacks at the moment other than spending hundreds of dollars on hardware firewalls and load balancers, is nullrouting. Which isn’t technically a solution to the problem, it’s a temporary solution if you have an extremely limited amount of bandwidth. But if the user is following your community like a hawk, watching every time the servers are online just to attack again, nullrouting is the same as having the servers down from the attack.
Where/What is the solution? When do datacenters draw the line and start providing customers with reliable solutions, and stop implementing an abandonment policy if you’re attacked more than once a year?