WebFaction
Community site: login faq

I've noticed that several WF servers have been hit by DDoS attacks lately, and it's becoming more common in general across the web.

CloudFlare offers free CDN service with basic DDoS protection for non-commercial websites. So I was wondering, why doesn't WF become a CloudFlare certified partner and offer their service via the Control Panel? Is there some downside to it that I'm not aware of?

I understand we can use CloudFlare without Control Panel integration, but I didn't really even know about their service until recently.

asked 15 Jul '14, 14:54

PeterA
10431224
accept rate: 14%

edited 15 Jul '14, 14:55


Hello,

When a customer gets hit by a DDOS we do recommend that they enable CloudFlare. However, it doesn't always help because:

  • sometimes the attacker will figure out the IP address of our server and they will still attack our server directly

  • we can have hundreds of sites running on some IPs and it's sometimes impossible to tell which site ia being targeted so we don't know which site(s) we should enable CloudFlare for.

We are working on our own mini-CloudFlare system which we'll be able to turn on when a server gets DDOS'd. It will make it impossible for attackers to keep attacking the server directly because the server will only run on the private network and the sites will only be available to the public network via proxies in front of the main server.

Remi

permanent link

answered 17 Jul '14, 09:15

remi
1973
accept rate: 26%

I see. Would there be any advantage/disadvantage in encouraging everyone to activate CloudFlare for their sites in advance (before any attack actually happens) as a preventative measure? That's why I was suggesting you could integrate it into the control panel.

(17 Jul '14, 13:41) PeterA

We don't want to force people to use CloudFlare and from experience only a small percentage of people will use it if we don't force them to. And if only a small percentage of people use it then it won't be enough to prevent DDOS attacks. There's also the issue of the attacker figuring out the IPs of our servers and attacking the server directly. We have actually designed our own mini-CloudFlare and it seemed to work really well in yesterday's attack. It has the advantage of being on the same private network as our other servers so it can still talk to the servers even if their public IPs are being attacked.

(18 Jul '14, 10:55) remi

What is current status of DDOS protection on WF? I am going to move my client who is often targetted by DDOS to WF, but I am not sure what will happen then.

(04 Mar '15, 18:08) ibobik

Around half of our servers (including the newer machines that we put new customers on) are located in a data center that provides automatic DDoS mitigation. Many older machines are in a different DC that does not provide DDoS mitigation.

We also have our own procedure for managing a large DDoS, to help spread the traffic and isolate the actual target of the attack.

(04 Mar '15, 18:22) seanf

I would like to add a link in this conversation which points to an article that expresses a negative point of view towards the CDNs which provide security services acting like proxies.

The article is called "CloudFlare, We Have A Problem" and claims that these services are by themselves a MitM, no matter what and whatever -may or may not- that mean.

Personally, I do not consider this as a problem except for by using this service someone agrees that:

"for your own safety ... you have to ..."

I am sorry to admit that the above quoting and whatever springs from that, initiates allergic reactions to my systems.

This is the reason I wonder why force someone to use such a service, instead of a pure CDN -for example- which solves the same problems without extravagant compromisations given that WebFaction itself has developed -or uses- mechanisms for mitigating issues like DDOS attacks.

This is the reason I wonder why encouraging someone to use such a service would be advantageous.

All that matters -according to my perception- is the fact that WebFaction itself has developed -or uses- mechanisms for mitigating DDOS attacks relieving its users of this burdain.

permanent link

answered 18 Aug '16, 14:58

raratiru
41111
accept rate: 33%

edited 18 Aug '16, 22:55

We don't force anybody to use CloudFlare and other CDNs.

(18 Aug '16, 18:17) seanf

Indeed, I would not at all imply that. My intention was to summarize what I have found during my effort to understand how WebFaction deals with the issue of DDos attacks.

Although it is not directly clear from the list of services provided, it is very relieving that "things really work" as anyone would expect when reading the "fully managed" quote.

Relieving ... like fewww! :-D

(18 Aug '16, 22:21) raratiru
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×7
×3
×1

question asked: 15 Jul '14, 14:54

question was seen: 3,099 times

last updated: 18 Aug '16, 22:55

                              
WEBFACTION
REACH US
SUPPORT
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM