Don't Use Knownhost.

Read the rest of the review here

http://admin-talk.com/resources/32/

 

I've heard a few horror stories about both KnownHost and Blue Host. I tend to go with hosting companies my friends recommend. Word of mouth is the best advertising there is.

@cpvr check out http://tmzvps.com they've been generally awesome for me and I haven't been able to find decent hosting any cheaper.

 

YOU WENT WITH LIQUIDWEB! Welcome to the clan, brother!

PS. I can give horror stories with blue host

 

When all this was going on, Knownhost took literally 6-8 hours to respond to me. Liquidweb is a lot faster when their support. I actually love the fact that they have 24/7 phone support as well.

I also feel that they were overcharging on the server specs. Especially for the hybrid server.

You should make a topic about Blue Host as well. Bring the situation to the light!

@Dan Hutter Those prices are pretty nice. I'll keep them in mind for the next time I'm in need of another server but I think it'll be a long time from now because I'm quite pleased with Liquidweb.

 

LIQUIDWEB! I love them so much. It takes 28 seconds for them to pick up the phone. Everyone is so nice. I rock their gear. They are just awesome!

 

FYI cloudflare free or $20/month paid won't DDOS protect you completely, for that you need cloudflare's US$200/month business plan. I haven't used it but from what I have read cloudflare's business plan is on another level entirely for DDOS protection etc.

Staminus another DDOS provider has WHT permanent discount url accessed via www.staminus.net/WHT for upto 50% off some of their plans. Here's their pricings accessed via the WHT link

ADVANCED DDoS FIREWALLING:
Basic protection does not offer guaranteed security. SecurePort advanced mitigation provides protection for TCP and UDP services, including, but not limited to HTTP, DNS, Mail, and game hosting.
0.5 Gbps or 50,000 PPS 100.00 100.00
1 Gbps or 100,000 PPS 200.00 200.00
2 Gbps or 200,000 PPS 400.00 400.00
3 Gbps or 300,000 PPS 550.00 550.00
4 Gbps or 400,000 PPS 700.00 700.00
5 Gbps or 500,000 PPS 900.00 900.00
6 Gbps or 600,000 PPS 1050.00 1050.00
7 Gbps or 700,000 PPS 1250.00 1250.00
8 Gbps or 800,000 PPS 1500.00 1500.00
9 Gbps or 900,000 PPS 1750.00 1750.00
10 Gbps or 1,000,000 PPS 2000.00 2000.00


Both are on top of my shortlist if i ever need DDOS protection.

 

I agree. I have a 4GB VPS with them..
@eva2000

Thank you for posting that. Knownhost did send me a link to a company that has DDos Protection but their prices weren't exactly in my range. I guess it pays to have good protection on your server, right?

It's funny because when I was with Knownhost, they kept my server offline where Liquidweb had my server back up in minutes after we received a DDos attack. They even got on the phone with me and let me know what was going on. They also called me back when the server was back on. Knownhost didn't do any of that.

 

I guess that's one of the reasons LW calls it Heroic Support.

 

I'd rather just get a dedicated service for $39 more dollars a month. I agree with them.

Abso-GODDAMN-lutely.

 

I know this post is old and all, but DDOS attacks are not simple things to overcome. You usually need someone sitting down and sifting through the data that is coming to your website (IP addresses) and banning those IPs as they come through. Or monitoring automated processes doing that job.

It's why large websites like Reddit, YouTube, DigitalPoint can be brought down by DDOS attacks and they pay large sums of money for DDOS protection to mitigate that false traffic.

While it's strange KnownHost booted you for affecting their network and "other clients", I'm glad you switched to LiquidWeb as they do provide pro-active DDOS protection. (I was with them for a year, 3 years ago, lol.)

 

Hi Cpvr. I think that you fail to understand much of details of the situation that you were in.

For the sake of clarity to anyone who does not understand, under a DDOS attack it is common practice to "null route" the inbound traffic of the target. This keeps any other server sharing the same link from being affected. This is done for a true DDOS attack, where the attack has the potential or already is saturating the link. This is not the same thing as shutting down a server altogether as the OS is not shut down, although it does make the interface inaccessible from that IP address.

While iptables is a powerful mechanism on Linux machines, it does have its limitations. Most of the attacks that happen in the hosting world are not ddos attacks, but far smaller scale intrusions of less than 10k addresses. Most of the time the intention of the attack is not to take the server offline, but to spam forums and blogs or brute force logins to popular CMS's. They often have effects to a true DDOS attack from the VPS owner's perspective, especially against a VPS vs a dedicated server due to the fact that VPS's normally don't have the same amount of resources as what you get when you purchase a dedicated server. When dealing with, for instance, a bot attack of 5k addresses against a server it is not difficult to make blocks in iptables based on matching traffic in the domlogs with an RBL or using something like modsec to automate the process. These attacks generally are low bandwidth and only raise the load average of the server due to the high number of hits to scripts. If you have a poorly written site then it may cause high io wait due to mysql queries writing temp tables to disk in rapid succession or cause memory shortages. But this is a very small scale attack compared to the one that you wrote about suffering. Basically the amount of iptables rules that you have the resources to support vs the number of unique ip addresses used in the attack dictates the ability of your server firewall to negate this. While a good firewall such as CSF can be used to make these blocks, a server is not a firewall appliance and is not designed to handle the kind of traffic involved in a 2G DDOS attack at the packet rate mentioned. The appliances that are designed to do this focus strictly on network traffic and not the many other services that a server runs. Firewall appliances also run hardware that is designed for the maximum throughput of this sort of data and handle data on the lowest level possible vs a firewall like CSF that relies heavily on scripts. If you pay attention to the specifics that Paul mentioned, you will notice that the attack was not only high bandwidth, but high packets per second.

No manual sifting through data or even a well written script is going to keep up with this. I have tools that make firewall blocks based on matching domlog entries with RBL's and can tell you that an average VPS is going to flake out at around 5-6k iptables rules. In the scenario that you are receiving 200k-300k packets per second, how many individual IP addresses do you suppose that is? You would hit iptables limits pretty quickly and start seeing errors such as "iptables: too many levels of sybolic links" or just hit OOM limits. If the hostnode's OOM manager didn't kill the process then you would eventually just panic.

So even though KH was able to block an "attack" on your server previously, that attack may have been, and probably was a totally different situation than the true DDOS that you suffered. For some reason everyone calls high traffic situations DDOS attacks these days. The term gets thrown around very loosely and most of the time is used inaccurately.

What motivation could a hosting provider possibly have to refuse to stop an attack on their own network? This statement makes absolutely no sense and seems more like an exclamation of emotion than a statement of fact to me.

See previous statement.

Following this statement you provided only part of the conversation with your provider, obviously skipping parts of the conversation. Why?

I see in the conversation that you posted with Paul that he encouraged you to get in touch with a host that provides the sort of service that you needed at that moment, even at his own financial detriment. That to me seems like they value their customers more than their customer's money. The fact that you cannot afford the type of service that he suggested is not really something that you can complain is KnownHost's fault. That is like saying that it is Ford's fault that your '93 escort can't tow your boat, but you can't afford their F250 truck. He gave you the solution, but you don't like the answer.

The root-servers.net domain is part of the top-level DNS system. The servers in this domain directly answer requests for records in the root zone and answers other requests by returning a list of the SOA for the appropriate TLD. See http://en.wikipedia.org/wiki/Root_name_server for more info. To be semantically correct if these were blocked it would actually be the IP address that resolves to these hosts that were blocked, not the domain's themselves as iptables/kernel firewall does not perform DNS lookpups. This is an insignificant detail though and just there for reference.

This statement is also misguided. A hybrid server is a VPS and a VPS is a private server, not network. In any case both Liquid Web's VPS's and KH's Hybrid VPS's are containers in a virtualized environment meaning that a large scale attack on a VPS will affect other customers on that host node. To say anything different is an outright lie.

I have not doubt that many hosting companies will gladly block the addresses of a common flood of 5k or so addresses and call it a ddos attack, but this is far from what you unfortunately suffered. I feel very secure in saying (and challenge anyone to find an actual TOS agreement that defies this) that no hosting company at the price of $25-$120 a month for a VPS is going to be able to provide protection in the case of 100k+requests per second and/or 2G+ traffic that is intended as an attack. Unless this is the specific service that they are offering they will not have the equipment to, nor would it make sense for them to. Why would a hosting company provide a service that is commonly sold for hundreds per month for the price of a basic VPS? The bottom line is that if you need/want true DDOS protection then you will have to pay for it. It is not fair nor ethical to attempt to drag the name of any provider through the mud because they did not provide a service that their TOS/Service Agreement/etc specifically states is not on the menu and you cannot afford the solutions that they recommend.

 

I know man i had knownhost a long time ago and ddosing affected us... sadly they did nothing about it so i changed to x10hosting and there support is fantastic for things like this i would recommend changing to them.

 

I wound up with KnownHost a few months ago after a whole bunch of BS with TMZVPS. I have been really satisfied over all but haven't gotten DDOS'ed either. :-/

Sorry for your headache @cpvr

Edit: and I just realized this is an old thread. My bad.

 

It's all good. I hope you have better experience with them than I did. I've been getting DDOsed a few times but Liquidweb has handled it pretty professional wise. So, that's a plus for me. Old threads are allowed to be bumped.

 

Whoa... I did not know this. I guess I really dodged a bullet with my decision not to use Knownhost. I literally flipped a coin because I couldn't decide on my own.

 

I actually used them for about the month. It was a pleasant experience for me and I'd recommend them.