23 comments

[ 60.9 ms ] story [ 1675 ms ] thread
You get what you pay for...
Actually OVH have very similar prices and are much more reliable.

As others have mentioned they've got DDOS protection on some of their newer plans.

You have two ISPs for any business-critical service that matters, and you switch between them either using BGP in your router or using DNS if you have not implemented BGP.

With a single provider, it's a gamble, although the expectation for any reasonable provider is that they just let you saturate your link speed with no questions asked, and block the offending traffic in their router if you can identify it for them.

Since this seems to be a problem for growing startups. Does anyone have any information on what other companies cater to the european market and will not hold you hostage if you get hit with a ddos attack? I'm looking specifically for servers in Germany, if anyone has any clue.
You should have a look at OVH, they include DDoS protection by default and their prices are the best available on the market:

http://www.ovh.com/us/dedicated-servers/enterprise/

Ha, what a joke. OVH's DDoS protection and prevention mechanisms suck
Care to elaborate? As a customer I'm curious.
Don't feed the troll, OVH's DDOS is state of the art. There is a LOT of reading about it on their blog.
Sorry. I was completely oblivious to that. Will check, thanks.
It's the first time I see prices comparable to Hetzner's - thanks for the info!
You can get a dedicated server with 128GB ECC RAM and 2 SSDs for $188 at Hetzner. 188 bucks. Wow.

I guess the original post perfectly explains how such low prices are attainable (no customer support, etc).

This raises an attack vector for Hetzner's business itself. By finding their larger clients and DDOSing them, Hetzner's business itself becomes at stake.
Yeah exactly, that's what I thought. If this is the way Hetzner deals with even such small attacks, some competitor that has enough power could potentially take out a lot of their clients and Hetzner would get the bash.
I have been a customer of Hetzner for several years now. Everything is fine and cheap if you have no problems, but their support is the worst.
I was also happy with Hetzner when I used them a few years back. But I didn't need their support other than for replacing hard drives, which they always handled quickly and without problems.

One of my servers were once used in a amplification attack (DNSSEC...) for a few days before I noticed. I guess Hetzner didn't detect this because just the uplink got saturated. Had to manually request a null route so I could SSH to another IP alias on the box. I wouldn't mind if they automatically did this for me since the offending IP would be unavailable either way. At least they don't charge you for DDoS traffic, like my current European budget provider does.

If you move to something like Cloudflare, make sure to at least firewall off everything but their IP addresses. Otherwise it will be trivial for the attacker to connect to all the port 80's in the IP allocation to the provider they know you were using, and compare the responses to what they get from Cloudflare, to obtain your service's origin.

http://www.youtube.com/watch?v=bmzHIB18XT8

I run a social network that does 30m pageview per month. I had a similar problem with a Large host provider which for the sake of good taste I wont mention. When I got attacked the provider gave me a warning and shut things down for a bit but the attacks kept coming and coming eventually I moved ( im not advertising) to Rack911 got attacked again but the guys there proactively helped me deal with the attacks until the attackers backed off.
No story here. No budget provider I've looked at says they will help you withstand a DDoS attack. [Thanks to the commenter who says OVH does, I will look into them closely.]

I did this due diligence for a 10-user app. These guys have no excuse for not planning for a DDoS with a serious business.

I'm trying to think of the economic way to run a robust small scale service. I think you need a way to rapidly spin up a replica service on an entirely different provider.

I'm picturing a setup where you run on a cheap Hetzner host or similar with the DB synced to a slave replica on EC2 or other cloud provider and a build system so that you can spin up a whole replacement infrastructure on EC2 if there is a severe outage or failure in commercial relationship and switchover by changing the DNS settings.

> I almost failed off chair, I could not believe that someone was able to find the ip.

cloudflare adds a direct.* subdomain that points to your actual IP.