Why a ddos attack at WHB?

[hinykicker]

Why in the world would a malicious group or individual dedicate valuable resources to attack WHB? What activity could possibly be attracting this sort of response? Just asking.

[Maxim M.]

As it's only a single server, most probably the reason of attack is a piece of content or a particular web site hosted on the server.

At the same time we would like to assure everyone hosted with our company that our policies against the malicious content are as strict as possible. All the complaints we get at abuse[at]webhostingbuzz.com are thoroughly investigated and processed in a timely manner.

We are sorry for the inconveniences caused by the recent DDoS attack.

[Matt R.]

Unfortunately the people behind DDoS attacks have little thought for innocent bystanders - us the hosting company, you the customers on the server...

[Tony]

If we're talking about a real botnet ddos attack, their botnet probably doesn't have anything better to do so it's no strain on their resources. Also you never know where some sites may be hosted. If you've read about the recent dos attacks by Anonymous, you may assume these are large corporate/government servers somewhere. But any department can open sites on any host and get caught up in something like that.

But if you want something worth actually worrying about, consider how the Americans are closing down entire servers until you can prove yourself innocent years later. And ACTA in Europe isn't completely dead yet either.

[wscholes]

As it's only a single server, most probably the reason of attack is a piece of content or a particular web site hosted on the server.

At the same time we would like to assure everyone hosted with our company that our policies against the malicious content are as strict as possible. All the complaints we get at abuse[at]webhostingbuzz.com are thoroughly investigated and processed in a timely manner.

We are sorry for the inconveniences caused by the recent DDoS attack.

My frustration comes less from who did what and more from how WHB handled it.

All of a sudden today I have no email access, people can't reach me, I start to get phone calls asking why my email is 'off'?

I don't like being in a position where I don't know an answer and so what do I need to do? I spend an hour finding out what the problem is. I have to wait for someone on 'chat' to 'help'. They take forever to answer any question (which is annoying in itself) and then they avoid any factual detail. So when I asked why my email wasn't working it took 5 minutes for her to come back and tell me, then she said they didn't know when it would be back up and I would just have to wait.

Perfect. Your server gets hacked and you have no idea how long it will take to get it up and running again?

What annoys me is this - you didn't tell me. I had to find out myself and take my time to find out. You could have sent out a notice to your customers to let us know what happened and warn us.

I asked for a credit given that you can't provide the service I rely on. She referred me to billing.

I asked how I change to a hosting company that can provide answers - she referred me to billing.

Avoidance at every step. So frustrating; if you know there is a problem empower your team to resolve the issues, make us feel better, talk to us.

To be fair I have liked WHB since day one and enjoyed my experiences with you and have recommended you on countless occasions but it is frustrating that such a simple thing like an email wasn't sent.

[Maxim M.]

Let me sincerely apologize for the lack of communication between you and the customer service. We as a team always do our best to explain the situation in details and be frank with our customers. It could be a lack of internal communication while senior technical staff were fighting the DDoS and simply out of their time to share details with the CS assisting you in the live chat. We have to bring our apologies for that.

Generally, not much can be done when hundreds of gigabytes of flood are sent to the server from different locations. Still our technicians did their best and the attack went down pretty quick. It took a while to investigate the origin of the attack and take appropriate measures to reduce the impact by locking out the IP subnetworks.

Once the DDoS attack had been confirmed, we opened a forum thread related to the issue. We believe it to be a better way of informing our customers about the ongoing server issues than sending out an email. First of all, some of our customers use their email hosted on the server to communicate with the company. Though we always ask to have an alternative communication channel, major part of the customers just don't get a notice as their email is down. Secondly, forum thread allows to post the regular updates and keep all the related information in one place, rather than send it in a bunch of emails. There's no guarantee that your anti-spam system won't spot our emails as fraud and move them to Junk. Finally, a long distribution list of addresses will cause that the last users on the list will get their notices some time later while a forum thread is available to everyone once opened.

Additionally, our vBulletin forum script allows to subscribe to a particular forum and be notified via email every time there's a new thread or reply to an existing one. We would highly recommend you doing so in order to be informed about the unlikely issues timely.

DDoS attack is always a pain for both the hosting company and its clients. We highly rely on your understanding and support when it happens. Rest assured the problem is never ignored here and is taken care of as fast as it's possible indeed.

Your complaint and opinion on customer service level are very important to us. This will be investigated and appropriate measures will be taken to improve where it's possible.

[wscholes]

I appreciate the quick reply.

I understand your reasons for the posts on forums but honestly I can't imagine that most people would even think to look here. The only reason I am here is because I was sufficiently annoyed that I wasted 47 minutes online with a CS person that wasn't so useful that I figured I wanted to express my frustration abut that somewhere. I think you need to look at your communication strategy again.

That said I understand that these things happen, it is just the world we live in and am not upset about the original hacking (although I do hope your security is being reviewed).

I did get a very quick reply from the billing team telling me that although I can't access email for an undetermined amount of time - and am losing business and credibility as a result - I will NOT be receiving any credit since I can still access my cPanel. Oh goody, cPanel, what fun. I will be sure and mention that to my customers as they try to email me.

"What? You couldn't reach me? Oh, that's totally weird because I was playing on my cPanel all afternoon".

It might have been a nice gesture to say "Hey here's a credit towards next month given the hassle and money the loss of 'partial' (albeit likely the most important part) service cost your business.

Very impressed by your quick reply though.

[srinivasan.ramprasad]

Hi,

A DDOS attack is definitely a serious enough reason for the servers to be inaccessible and to give headaches to the technical team;

Similarly so, to be informed by clients that the sites are not accessible is never a good thing.

The reasons in my case were in this URL
http://forum.webhostingbuzz.com/rs18-abstractdns-com-server-205-251-130-atlanta-nap/7327-file-system-check.html
which does not mention DDOS at all.

Small businesses like mine depend on a few good clients and if they are disgruntled we tend to lose a immediate and future revenue. However the same do easily understand a difficult situation if they are informed first. On the day and hour the server went down, day before yesterday, I was supposed to present a website for completion and payment. Imagine my loss if the site is down and I am unable to provide any explanation. Luckily this instance I was able to manage the customer. Would WHB, trying to manage its own issues, be able compensate the loss at all?

I was with a different host that seemed to have issues regularly but never did think it was good customer service to apologise, offer an extension or a small offer of compensation. It also repeatedly suspended sites that had single pages with nothing malicious in them without any reasons or warning. It is really frustrating to wake up every morning fire fighting issues that you are not responsible for when you already have your plate full.

I shifted to WHB after having coped with the problems for a long enough time hoping for them to come around.

When the sites went down, a simple email would go a lot way to help us and to enhance the value that we hope to get from WHB. I only got to know about this forum when I went to live chat. Luckily I did not have to wait a long time before being sent to the forum however without any valid reason or an ETA, I am in no better position.

thanks and regards

Btw, I was first told that the server was all ok and there seems to be no problems. It was only when I pointed out that it is inaccessible from different ISPS and even countries was I given the link to this forum.