DDoS or php-fpm bad script?

[Brad Padgett]

Not sure why everyone is telling you to change hosts. Must want you to PM them for affiliate links or something.

If you are currently with OVH, you already have very good DDoS protection in place. There is no reason to change hosts or use Securi or anything else. Either you are likely not being DDoSed, or whatever it is just isn't at a level where it's triggering the protection at OVH, and you might need to fine tune the protection with them.

Your wrong. No one was going to give any "affiliate links".

I don't know what kind of host OVH is, but DDoS protection is important to some people. Maybe he's not getting attacked but he could in the future.

Cloudflare isn't always enough. Also, I think if he had advanced mitigation already he would have told us that. If he does then be the hero and explain in more detail.

 

[TPerry]

In your load example, it shows "lfd" as sleeping. I believe that is a process for the CSF - Config Server Security Firewall. By the example showing it sleeping can't be good.

Sleeping is a normal status.. means that at that moment in time it is not active and waiting for the next process to call it. Basically stubbed in memory to keep the start up time for it minimal for when it is needed again. Why keep something active all the time that doesn't need to be used every second.

 

[TPerry]

You don't need any mitigation or protection from layer 3,4,7 since you'll be using Sucuri in front of your website.
Just don't let your server IP to be leaked on public.

Which means DON'T send mail directly from your server... you will have to use SMTP (unless you like jumping through hoops) to send your mail via a third party.

 

[WSWD]

Also, I think if he had advanced mitigation already he would have told us that. If he does then be the hero and explain in more detail.

What is there to explain? OVH has DDoS protection enabled by default. Perhaps she already knew that, perhaps not. She certainly does now. Like I said, I don't understand why people are recommending DDoS protected hosts (especially via PM), when she already has a DDoS protected host. Doesn't make sense.

 

[rdn]

Not sure why everyone is telling you to change hosts. Must want you to PM them for affiliate links or something.

If you are currently with OVH, you already have very good DDoS protection in place. There is no reason to change hosts or use Securi or anything else. Either you are likely not being DDoSed, or whatever it is just isn't at a level where it's triggering the protection at OVH, and you might need to fine tune the protection with them.

Nah I'm OVH user too but OVH only protect you from Layer 3/4 DDOS attack not for Layer 7 type.
Sucuri solve all my headaches.
Not just me, I know 3 other people here with large forum suffering from layer 7 ddos attacks and ended up using Sucuri.

 

[Brad Padgett]

Which means DON'T send mail directly from your server... you will have to use SMTP (unless you like jumping through hoops) to send your mail via a third party.

I agree. I learned this a while back that having an MX entry leaks your ip to attackers.

 

[rdn]

Not just MX entry but also Mail headers from your site .

 

[Cyb3r]

Hey guys, sorry for the late reply I was kinda busy last few days, any how I know OVH is providing a DDoS protection but I don't know if I can trust them or not, because usually I get an email notifications when an attack is happening, but it stopped for while and I don't know why.

Also I don't think they use layer 7 DDoS mitigation, But I have to say the uptime on their server better than any other company I hosted with, I tried 2 previous hosts one of them was "BuyVM", I was suffering all kind of attacks, their layer 7 DDoS protection for some reason was broken.
BTW the price I gave you here was the server cost plus some flavors (2 ips + 200GB backup storage).

You can't afford $9 USD a month?
https://sucuri.net/website-firewall/signup

I didn't notice that, I might use their service soon, I'm really tired from moving hosts, I have to set everything up again, that's just frustrating.

Just don't let your server IP to be leaked on public.

I think they know my server IP by now because at some point I disabled CF to see my changes on my site, I know this because previously I checked the ssh log file and there was a lot of IP's trying to log in.

Now is there any possible way to change my primary server IP? I already got 2 additional IP's I don't use.

Not sure why everyone is telling you to change hosts. Must want you to PM them for affiliate links or something.

If you are currently with OVH, you already have very good DDoS protection in place. There is no reason to change hosts or use Securi or anything else. Either you are likely not being DDoSed, or whatever it is just isn't at a level where it's triggering the protection at OVH, and you might need to fine tune the protection with them.

I just started with 2 months ago, I have to say they are better than the others but as I said before I don't know if I can trust their DDoS protection or not.

Oh and BTW it's "He" not "She".

I agree. I learned this a while back that having an MX entry leaks your ip to attackers.

Not just MX entry but also Mail headers from your site .

I use Mandrill for the site mailing is there any other way for the ip to get leaked?

Thank you all for the kind replies.

 

[Cyb3r]

What is there to explain? OVH has DDoS protection enabled by default. Perhaps she already knew that, perhaps not. She certainly does now. Like I said, I don't understand why people are recommending DDoS protected hosts (especially via PM), when she already has a DDoS protected host. Doesn't make sense.

I have digged little bit into their DDoS protection and I noticed some option in the IP menu http://i.imgur.com/1DvLo8U.png I didn't understand what it does, after googling over their site I found this article http://www.ovh.com/us/a1171.protection-anti-ddos-service-standard which is talking about false positive ssh issues I didn't understand, can you explain more if you know anything please? should I enable that option or it has some side effects?

Thanks.

 

[AzzidReign]

I love when people who've never had to deal with horrible attacks act like they know DDoS protection. I've been around a while and have used many of the services out there. You can read my guide below but I'm currently using Sucuri, and I pay monthly. To do so you have to use a debit card I think so I just used my PayPal card lol was going to come from the same place. Contact them, they will help.

For the money, you can't beat the set up I have in my guide. Took me years to figure out but it's now been years since we've gone down due to ddos which use to be multiple times a week. Whether you listen to my advice or not, I'd be careful listening to the ones that haven't dealt with an attack over 50gbps multiple times.

 

[Cyb3r]

I love when people who've never had to deal with horrible attacks act like they know DDoS protection. I've been around a while and have used many of the services out there. You can read my guide below but I'm currently using Sucuri, and I pay monthly. To do so you have to use a debit card I think so I just used my PayPal card lol was going to come from the same place. Contact them, they will help.

For the money, you can't beat the set up I have in my guide. Took me years to figure out but it's now been years since we've gone down due to ddos which use to be multiple times a week. Whether you listen to my advice or not, I'd be careful listening to the ones that haven't dealt with an attack over 50gbps multiple times.

I was a member of your forums for long time now, you can find me under the same name here, I also run a gaming site which is growing very fast but the haters won't let me do my job, I keep getting more frustrated by how this attacks works it seems nothing can stop them, I saw your guide a while ago but I didn't read it because I was like TL;DR lol, but now I certainly gonna read to the end and see how you managed to obtain those attacks, one question though, how much do you pay monthly or annually?

 

[rdn]

@AzzidReign is just using the $9.99 per month plan on Sucuri.

 

[Cyb3r]

@AzzidReign is just using the $9.99 per month plan on Sucuri.

What do you think about BuyVM?

 

[rdn]

The only VPS I will recommend is Ramnode and Linode.

 

[Cyb3r]

The only VPS I will recommend is Ramnode and Linode.

Linode prices is very high, can you please provide some pro's and cons for each if I may ask?

Also What plan do you recommend?

 

[rdn]

Also What plan do you recommend?

Depends on your Forum size/traffic.

If not that very busy always choose Ramnode as they have much better/faster Disk/CPU than Linode.

 

[Cyb3r]

Depends on your Forum size/traffic.

If not that very busy always choose Ramnode as they have much better/faster Disk/CPU than Linode.

I just noticed something about Securi, they doesn't seem to support https/ssl on the basic plan?

 

[rdn]

I just noticed something about Securi, they doesn't seem to support https/ssl on the basic plan?

Yeah, if you require HTTPS like me choose the $19 plan.

 

[AzzidReign]

@AzzidReign is just using the $9.99 per month plan on Sucuri.

I actually use their $60 plan but I'm thinking about bumping it down to the $20/mo.

What do you think about BuyVM?

This is where I think you need to look at cost. I went with these guys due to having DDoS protection on a VPS. You don't need a very powerful server to be sending out emails. And I only wanted DDoS protection here due to this ip being the only one that skiddies will think is our actual ip lol I wanted to make sure more emails would be able to be sent out.

 

[rdn]

I actually use their $60 plan but I'm thinking about bumping it down to the $20/mo.

Aw, why is HTTPS not enabled on your domain?