Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.
Hi guys, a quick update:
The datacentre sent the information upstream and had the server IP blocked and have said they are going to move me to another subnet away from other clients which will make it easier for them to traffic manage if it restarts so in the meantime although I have had a weekend of downtime I am not totally dead in the water as yet. The server is my own box housed in their facility and not a rented unit or VPS, I don't rent racks worth, just a single 1u rack so in terms of financial gain for them vs risk I can see this has caused a lot of work - perhaps though it has highlighted to them where their own network could be susceptible though as an attack could be directed at any of their clients.
I had been looking at the likes of Cloudflare free but was under the impression that the free service sisnt do anything to mitigate DDoS, however if it is the case that it does I will set each client site up with the free service once I am back online and obviously my main priority is to see if I can find the target on the server or if it was directed at the server IP in general. If there is a specific target or application it will need to be dealt with to stop the same happening again.
Over the weekend I did a lot more reading and saw that older versions of Joomla have been targeted by people, I know of at least one client still using an outdated version so will need to keep that one offline in the first instance while I see if it could be the cause - would mod security help in this type of instance though? I do not want to be adding tons of modules if they are just going to be eating resources although the server is vastly overpowered for the resources I need anyway (ironically to try and keep a good service level and uptime)
Why not suggest they update Joomla to the latest version? Running outdated software on a server exposed to the internet is a very bad idea.
I don't know if the free version of cloudflare handles DDoS, but you can always contact them and ask.
EDIT: Here you go:
Last edited by CharlesA; May 20th, 2013 at 11:35 AM.
Charles, one of the sites running and old joomla is actually mid process of being migrated anyway, I was working on it as the DDoS occured, although the site is not 100% finished it is in a position where I can switch off the old site and work on it live so that is fine, the other that is possibly out of date is just going to be left offline unless they want me to upgrade it as I have warned them twice that they are using out of date software.
The datacentre got back to me just now and confirmed that they tested a new approach yesterday in a lab environment and are happy with how it works in theory so they will push me on to it this afternoon or tomorrow so we can see how it goes full time. They have actually been quite reassuring that the idea may help them mitigate DDoS attacks in future and it would seem it may help them for other customers if something similar happens, it is an approach they wanted to put in place in the past but never had a need so I guess my attack has helped in some way to realise their action needed looking at.
So now it is a case of waiting for them to call and let me know I have to ride over and change the IP address on the physical machine and with any luck it will work and stay up.