OVH Community, your new community space.

Massive DDoS attack. French support wont help. Server offline in rescue pro 12+ hours


Andy
06-03-2011, 14:12
No, but it is application throttled 24/7, like the other tiers (just not as bad at night).
AdamD
06-03-2011, 13:43
Their traffic management policy doesn't (currently) apply to the 50mb and 100mb tier
gerhard
06-03-2011, 09:09
I meant throttling. On the 10Mb package, after the first 2GB, you get throttled to about 2Mbps-3Mbps. the bigger the plan, the higher this allowance. This only occurs during peak times, no throttling after midnight.
Winit
06-03-2011, 08:41
Encrypt traffic & use port 443 = no shaping.
Andy
05-03-2011, 21:30
The stability of the speed has increases, but the addition of STM and throttling doesn't make it appealing to many people now. Only the speed and the bragging rights it brings. I'd much rather have a truly unlimited connection at 10Mbps than a potentially throttled on that sometimes runs at 50Mbps.
AdamD
05-03-2011, 12:29
Aye it does, but for the money you pay, it is a great service (When it works, heh)

It has improved quite considerably in recent years though.
gerhard
05-03-2011, 09:13
Virgin does traffic ---shaping--- throttling across all its offers, the allowances are more generous the more you pay. I think it's a good system, it prevents filesharers bringing the network to its knees.
AdamD
05-03-2011, 04:29
I don't think I'd ever go with ADSL or Fibre, if the current offerings are anything to go by.

I know people knock Virgin, but you can't really beat 50mb down, 5mb up for £38 a month.

And their 100mb down, 10mb up offering looks nice to, it's just a shame they cut the upload speed if you upload XGB in a short period.
gerhard
04-03-2011, 23:16
I somehow missed that fiber optic page on thinkbroadband, good one Winit.

I've been with Be for years now, you're right Andy, they are very decent. Virgin 10Mb doubles up for long rsyncs and the "just in case" scenario. Be has been down twice in the past 9 months, Virgin always there to pick up the slack.
Andy
04-03-2011, 19:47
I have Be* at the moment. Best ADSL provider you can get when you can get the sync speed. I get 10,500Kbps sync, good enough for me.
Winit
04-03-2011, 19:47
Quote Originally Posted by gerhard
BT Infinity otherwise, when it becomes available in your area.
Infinity is awful.

Best to select a decent provider: http://www.thinkbroadband.com/guide/...broadband.html
Andy
03-03-2011, 13:35
Yeah far too pricey for just some ports for me unfortunately. It's cheaper to upgrade the drives to bigger ones instead! I wish more motherboards supported port splitting a bit like USB + a hub works. Sadly not many do.
gerhard
03-03-2011, 13:20
Yes, sorry, was rushing it. You're right, I meant PCI-E. I got this Startech. No RAID, just plain SATA controller adapter. Expensive, but I can see keeping it for years on end regardless of other upgrades.
Andy
03-03-2011, 13:12
Problem is there are no cheap 4 port PCI or PCI-E cards either (PCI-eX is a completely different slot by the way). The cheapest 4 port I found was £50, as costly as the motherboard itself.

Also JBOD doesn't separate the disks, it basically makes them all appear as 1 drive and adds data to one, then switches to the next when it's full, unlike RAID0 which splits data evenly between the drives.
gerhard
03-03-2011, 13:08
Get a decent 775 with 4 SATAs + another RAID PCIeX card for an extra 4 SATAs. You can set them in JBOD if you don't want the RAID.
Andy
03-03-2011, 13:05
Correct. I've looked online in my usual places but they don't do many motherboards with 6 SATA's and those they do are the crap brands you'd expect in a cheap low end PC.
gerhard
03-03-2011, 12:24
Oh, ok, so you want to replace the motherboard only. Quiet a few of the bargain online stores still have the old stock, you might get lucky. Google Products is always great for this kind of research.
Andy
03-03-2011, 11:24
They're dynamic but don't change often People call them "Sticky".

Even KVM uses the same IP I think, but never used it, only vKVM which certainly does.

Problem is socket 775 boards are increasingly hard to get hold of now that the Core i series is out.
gerhard
03-03-2011, 11:22
I've had the same "dynamic" Virgin IP for 9 months now...

Yeah, that's not great then ab rescue mode. KVM?

Some things are just worth getting new. A mobo is one of those things. Same for women.
Andy
03-03-2011, 11:04
No Virgin in my area, plus their dynamic IP's and lack of rDNS isn't helpful.

Rescue mode uses the same IP actually.

I use separate externally hosted e-mail for OVH for this very reason

I need the new motherboard because mine is dying, not because of the ports I have 7TB as it is, plenty for now as I have 4.1TB filled, so quite a bit to go!
gerhard
03-03-2011, 10:51
Look at Virgin's new packages, they have a very decent speed. BT Infinity otherwise, when it becomes available in your area.

When server goes down / becomes unresponsive, reboot in rescue mode and disable all IPs but the one that you're using exclusively yourself. The rescue mode gives you a different, temporary IP, right? Might be getting the providers confused...

If the DNS is down, e-mails are down. E-mails should not be on the same server as the websites, period. Keep all 3 in separate locations (including DCs). The fanatical support guys do hosted Exchange accounts if you're the Windows guy. They used to sell for £1 a piece, came with 1GB storage.

Sorry, no spare motherboard, just my old and trustworthy M2NPV-MX. Get a PCIeX RAID card with 4 ports and you get extra SATA capacity if that's what's missing. I did the same, now have the potential to go all the way to 8 x 3TB .
Andy
03-03-2011, 10:39
My home server runs everything I have just fine except for the downloads, which I don't have the bandwidth for. For everything else it's got plenty.

The problem was my server was hit with up to 50Gbps from first reports, so it went offline instantly. All of the ports were used and nothing could get through, not even pings. Using another IP wouldn't have helped in the slightest as the system hit 100% bandwidth usage as well as resource usage.

I keep DNS on the same server because if the server is down, the sites are, so DNS serves no purpose anyway I will be setting up my home server with 2k8 Standard at some point so I can set up secondary DNS again, but until then it's staying on one server.

I need a new motherboard for my home server first anyway Got a socket 775 motherboard with 6 SATA's spare?
gerhard
03-03-2011, 10:36
A home server is ok for secondary and historical backup, but nothing more. It should be used as a last resort.

Was the DDoS targeting a specific site or the server IP? You can keep 1 IP for admin stuff only, disable all other IPs when DDoSed.

Keeping DNS, e-mails and web all in separate locations will help greatly in situations like these. Good luck DDoSing Google Apps or a decent DNS provider with a robust multicast network .
Andy
03-03-2011, 10:29
Oh believe me I have a fail over in place in the shape of a home server. But during a DDoS attack the last thing I wanted was to move to my second server and have that hit as well. The best thing you can do is shut down and wait for it to pass.
gerhard
03-03-2011, 10:18
I understand what you're complaining about Andy. I'm having the random reboot problem with two of the newer AMD servers, support is inexistent. People that have been in a DC know that random reboots with all hardware tests passing is a sign of cheap hardware, poor ventilation or both. Support cannot help me with this (tried a few times) because that's how OVH runs their ship: cheap & unmanaged. I'm not complaining, we all know what to expect when the pubes hit the fan.

You seem to have a lot of experience Andy, I'll assume that you're just laid back. Having a single point of failure is the first big no no in the sysadmin's book. I myself have been guilty in the past, but now I know better.

1. Use a multicast DNS provider, ~$50 per year for 35 domains and 10 mil queries.
2. Use Google Apps or pay for managed e-mail, it will save you at least 50% of your current hassle.
3. Use automation (Chef or Puppet) so that you can move servers in hours.
4. Use offsite backups, S3 or Cloud Files are dirt cheap.

I've worked my way to number 4 in the past few years. I was nutty as a walnut for not doing it earlier - and super lucky for not burning myself with my "shack on the beach" setup
Winit
01-03-2011, 20:16
You get what you pay for.
AdamD
01-03-2011, 17:24
The problem with OVH, from my own experience, is the hardware, automation and network are great, when they work

If you ever need assistance due to a network, or hardware issue, it seems almost impossible to get service and even when you do get a response, it's usually days later, rather than hours/minutes that other providers are able to manage.

It's just a shame, I would be more than willing to pay extra per month for proper service, but even so, it doesn't help that you usually get a mixed french/english reply which doesn't make much sense.

I find European hosting in general rather weird though, after being hosted by companies like Liquidweb and wiredtree in the USA, who, despite being more expensive, offer alot more in terms of support.

I did find it unusual to wait 2-3 days for a reply to a ticket with OVH, whereas it's minutes with the USA based LQWeb & Wiredtree
Andy
01-03-2011, 16:32
^ +1 with applause.
Myatu
01-03-2011, 16:31
Quote Originally Posted by Neil
These things are managed from France since that is where our datacentres are and these are network related issues so they naturally will be managed from there
If I can manage a server in France from a moving train in the Midlands, surely it would not be much harder to do remote management from one OVH's affiliates? If Oles puts some more trust into the capabilities and competence of you and colleagues, rather than tying your hands and keeping you to scripts, then things would probably get done instead of having to give a run-around.

btw Heathrow, Stansted, Luton and City Airport are managed from a central location, is called 'London Terminal Control Centre'
I did say "from Moscow", not "from London"

Anyway, you did say you wish to reduce server churn rates by enticing customers to keep their servers for longer. Well, I guess you can put this in the suggestion box as well then: there's too little communication from OVH and often too late.
Andy
01-03-2011, 12:14
Thanks for the clarification and continued support Neil. I guess I was just unlucky to be hit by two problems at once.
Neil
01-03-2011, 10:18
Quote Originally Posted by Andy
Hi Neil,

I appreciate the reply.

I would like to point out however that there was complete lack of communication here. I was told that "Protection" would be put on the server. I was not told what sort of protection, but the first time it was put on for 1 hour the server responded perfectly. The second time for the 8 hour period, it was put into rescue mode and locked there so I couldn't change it.

I tried calling the 24 hour tech line and the person who answered didn't seem to understand that servers are there to do a job, if you take it offline they can't do their job. Some people rely on their servers for lots of things. That includes me as well. It hosts my e-mail, DNS, websites, databases, storage and VPN network. You can't just take it offline because it has the potential to hurt the switch. At least if you do it would be nice to tell the customer and give them some options on what to do next.

None of that was explained to me. I was very annoyed with the lack of support and consideration all round. Only you have actually redeemed this for me because you listen and understand issues rather than stick to a script like the French tech's seem to do.

I will say this, OVH have some very impractical methods compared to other data centers. Other DC's would put a firewall on for you temporarily, or null-route the bad requests. OVH just disconnects the server. Fat load of good that does when you rely on it.

What happens if that was being used for a business? A business that by taking it offline could lose potentially large sums of money? Forget it's a Kimsufi for a minute, imagine you treat all servers the same. What would happen? You'd take that offline too I'm guessing.

There is likely nothing I can say that will make you change your ways but I'd like to hope I'd influence new ways of thinking about it if nothing else, and coming up with a solution that is more suitable. I've been with OVH for over 3 years now and this weekend gone was the worst experience in that entire time that I've had. I think the amount of money some customers spend/have spent with OVH deserves a bit more attention.

I'll stop there as I think enough has been said.

Neil, if you could make sure all of my IP's, base and IP Failovers, are unbanned properly that would be great.

Thanks.

As for everyone else, what are your opinions on the way this was handled?
Hi, the protection was the the first thing for 1 hour and then 8 hour. This is where we protect the server and switch, this is the interests of everyone this done, when we do this it is because your server cannot handle the requests anyway, and to keep the switch stable and make sure no other servers encounter any problems.

The reason it was put into rescue mode was because of https://status.ovh.net/?do=details&id=1176 So it was not taken offline because it hurt the switch, it was taken offline, along with 300 servers because its ip was spoofed and appear to be performing hacks.

The protection is like dropping packets and null routing the server, as stated two thing affected your server this weekend. Businesses generally now opt for the vrack and firewall/load balancer in these situations.

Quote Originally Posted by Myatu
Piss poor sums it up nicely. It is why I've said before that OVH is not suitable for business critical things, more for "off the side" projects that don't have a significant impact if the server dies.

I was reading the English version of the OVH Magazine, and I had a bit of a chuckle about the support "techniques" and "everything managed from France" methodologies. It's akin to running Heathrow, Stansted, Luton and City Airport from a "central" location, like say, Moscow. It ain't gonna work.
These things are managed from France since that is where our datacentres are and these are network related issues so they naturally will be managed from there, btw Heathrow, Stansted, Luton and City Airport are managed from a central location, is called 'London Terminal Control Centre' see http://en.wikipedia.org/wiki/London_...Control_Centre

Anyway to sum up, the real issue that affected your server was the spoof issue which is was unfortunate issue, that has now been fixed.
Myatu
01-03-2011, 00:14
Quote Originally Posted by Andy
As for everyone else, what are your opinions on the way this was handled?
Piss poor sums it up nicely. It is why I've said before that OVH is not suitable for business critical things, more for "off the side" projects that don't have a significant impact if the server dies.

I was reading the English version of the OVH Magazine, and I had a bit of a chuckle about the support "techniques" and "everything managed from France" methodologies. It's akin to running Heathrow, Stansted, Luton and City Airport from a "central" location, like say, Moscow. It ain't gonna work.
Andy
28-02-2011, 18:01
Hi Neil,

I appreciate the reply.

I would like to point out however that there was complete lack of communication here. I was told that "Protection" would be put on the server. I was not told what sort of protection, but the first time it was put on for 1 hour the server responded perfectly. The second time for the 8 hour period, it was put into rescue mode and locked there so I couldn't change it.

I tried calling the 24 hour tech line and the person who answered didn't seem to understand that servers are there to do a job, if you take it offline they can't do their job. Some people rely on their servers for lots of things. That includes me as well. It hosts my e-mail, DNS, websites, databases, storage and VPN network. You can't just take it offline because it has the potential to hurt the switch. At least if you do it would be nice to tell the customer and give them some options on what to do next.

None of that was explained to me. I was very annoyed with the lack of support and consideration all round. Only you have actually redeemed this for me because you listen and understand issues rather than stick to a script like the French tech's seem to do.

I will say this, OVH have some very impractical methods compared to other data centers. Other DC's would put a firewall on for you temporarily, or null-route the bad requests. OVH just disconnects the server. Fat load of good that does when you rely on it.

What happens if that was being used for a business? A business that by taking it offline could lose potentially large sums of money? Forget it's a Kimsufi for a minute, imagine you treat all servers the same. What would happen? You'd take that offline too I'm guessing.

There is likely nothing I can say that will make you change your ways but I'd like to hope I'd influence new ways of thinking about it if nothing else, and coming up with a solution that is more suitable. I've been with OVH for over 3 years now and this weekend gone was the worst experience in that entire time that I've had. I think the amount of money some customers spend/have spent with OVH deserves a bit more attention.

I'll stop there as I think enough has been said.

Neil, if you could make sure all of my IP's, base and IP Failovers, are unbanned properly that would be great.

Thanks.

As for everyone else, what are your opinions on the way this was handled?
Neil
28-02-2011, 17:25
Hi

So your server was affected by https://status.ovh.net/?do=details&id=1176 and a DOS. We of course have DOS protection for our own network of switches and routers. But if you have critical applications that you think may get DOS then you can get a firewall, what a lot of our clients do is get the vRack and a Firewall, so then you only need 1 firewall and route it all through this to all your web servers.

But I guess in these cases money is this issue, unfortunately we cannot just provide DOS protection out of the blue and for nothing, what we do do is place your server in protection so the switch and server do not get overloaded with pointless requests,
Andy
28-02-2011, 10:03
I didn't provoke any attack.

And no I'm not running shoutcast.

Neil, or one of the other CS staff, can you look into my connectivity issue please?
yonatan
28-02-2011, 02:51
andy ,are you running shoutcast on one you server ?
RapidSeeds
27-02-2011, 22:49
who did you piss off to warrant such an attack?
Andy
27-02-2011, 21:01
Yeah, well I am as disappointed with OVH support as you are.
AdamD
27-02-2011, 20:06
Sorry to hear that man, I know how ya feel though, I've had my new server since the 20th and it's still unuseable.
Andy
27-02-2011, 19:39
Flat out doesn't work.
AdamD
27-02-2011, 19:38
Andy, when you say they can't access it, is it just incredibly slow? Or does it flat out not work?

I'm wondering if my issue in another thread is related to this problem you have...who knows.
Andy
27-02-2011, 19:11
Yeah. It's stopping in similar places for everyone which is not a routing issue, more a block from the inside by OVH.
mattyribbo
27-02-2011, 19:10
From looks of things, I just seem to stall just before I get to the OVH doors. (Mine was the first one in the traceroutes). Must be something OVH are doing/blocking.

Thankfully I can still access my kimsufi, though me and Andy are in different blocks.

It will be interesting to see what they say when everyone's back in the office on Monday.
Andy
27-02-2011, 18:52
Right, although my server is back online, random people still can't access it. It's not just in the UK either.

Trace Routes from half a dozen people from multiple countries, including Sweden, UK and USA. Hopefully they will help solve the problem.


1 192.168.0.1 (192.168.0.1) 1.952 ms 1.454 ms 1.418 ms
2 92.21.64.1 (92.21.64.1) 38.109 ms 32.943 ms 51.014 ms
3 92.31.246.99 (92.31.246.99) 31.811 ms 32.379 ms 31.801 ms
4 92.31.246.98 (92.31.246.98) 33.293 ms
92.31.246.106 (92.31.246.106) 35.223 ms
92.31.246.90 (92.31.246.90) 85.039 ms
5 xe-10-3-0-scr001.log.as13285.net (78.144.2.135) 36.672 ms 35.018 ms 34.948 ms
6 xe-11-0-0-scr010.sov.as13285.net (78.144.0.226) 35.249 ms 34.448 ms
xe-11-0-0-scr010.thn.as13285.net (78.144.1.0) 37.176 ms
7 * * *
8 * * *
9 * * *

----------------------

1 99 ms 96 ms 99 ms BThomehub.home [192.168.1.254]
2 28 ms 27 ms 27 ms 217.32.99.250
3 23 ms 22 ms 23 ms 213.123.109.161
4 32 ms 29 ms 71 ms 213.1.69.42
5 33 ms 29 ms 29 ms 217.32.25.26
6 39 ms 44 ms 43 ms 217.32.25.178
7 36 ms 36 ms 37 ms 109.159.251.107
8 35 ms 38 ms 37 ms core1-te0-2-4-0.ealing.ukcore.bt.net
mattarnster says (18:48):
9 40 ms 40 ms 41 ms core4te-0-3-0-0.telehouse.ukcore.bt.net [62.172.
02.17]
10 43 ms * 38 ms 195.66.226.220
11 * * *
12 * * *
13 * * *

-----------------------

1 <1 ms <1 ms <1 ms router [192.168.0.254]
2 <1 ms <1 ms <1 ms ua-213-114-160-***.cust.bredbandsbolaget.se [213.114.160.***]
3 1 ms 1 ms 1 ms ti3089d320-ge4-1-0.ti.telenor.net [146.172.107.137]
4 52 ms 54 ms 55 ms ti3001c310-ae7-0.ti.telenor.net [146.172.99.201]
5 51 ms 51 ms 51 ms ti3004c310-ae6-0.ti.telenor.net [146.172.99.194]
6 48 ms 49 ms 49 ms ti9000b300-ae0-0.ti.telenor.net [146.172.105.54]
7 111 ms 222 ms 247 ms amsix.routers.ovh.net [195.69.145.231]
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.

-----------------------

1 dd-wrt (192.168.1.1) 4.572 ms 1.386 ms 1.242 ms
2 * * *
3 ge-3-4-ur01.groveland.ma.boston.comcast.net (68.87.151.129) 15.713 ms 12.216 ms 9.800 ms
4 te-0-6-0-1-ar01.needham.ma.boston.comcast.net (68.85.69.69) 15.309 ms 11.663 ms 13.630 ms
5 68.86.93.33 (68.86.93.33) 88.847 ms 49.221 ms 50.743 ms
6 67.17.193.41 (67.17.193.41) 50.088 ms 48.244 ms 49.283 ms
7 ldn-1-6k.uk.eu (213.251.130.53) 158.200 ms 151.920 ms 152.147 ms
8 * * *
9 * * *
10 * * *
11 * * *

-----------------------

1 49 ms 26 ms <1 ms 192.168.0.1
2 447 ms 319 ms 449 ms bras7-l0.rcsntx.sbcglobal.net [151.164.182.22]
3 517 ms 310 ms 485 ms dist1-vlan130.rcsntx.sbcglobal.net [151.164.162.130]
4 478 ms 459 ms 622 ms 151.164.101.142
5 601 ms 485 ms 644 ms 151.164.101.78
6 546 ms 200 ms 153 ms 151.164.251.150
7 484 ms 652 ms 657 ms ldn-1-6k.uk.eu [213.251.130.53]
8 * *
9 * *
10 * *

------------------------

1 bthomehub (192.168.1.254) 82.377 ms 85.837 ms 99.160 ms
2 213.123.107.250 (213.123.107.250) 20.588 ms 21.980 ms 22.232 ms
3 213.123.107.161 (213.123.107.161) 21.497 ms 22.443 ms 24.297 ms
4 213.1.69.146 (213.1.69.146) 22.301 ms 24.019 ms 20.844 ms
5 217.32.24.78 (217.32.24.78) 21.555 ms 21.503 ms 20.897 ms
6 217.32.24.178 (217.32.24.178) 20.639 ms 20.891 ms 21.798 ms
7 acc1-10gige-0-2-0-6.l-far.21cn-ipp.bt.net (109.159.249.101) 22.330 ms
acc1-10gige-0-1-0-4.l-far.21cn-ipp.bt.net (109.159.249.70) 21.615 ms
acc1-10gige-0-0-0-4.l-far.21cn-ipp.bt.net (109.159.249.66) 20.914 ms
8 core2-te0-13-0-6.ilford.ukcore.bt.net (109.159.249.15) 22.530 ms
core1-te0-13-0-6.ealing.ukcore.bt.net (109.159.249.9) 23.634 ms
core2-te0-13-0-6.ilford.ukcore.bt.net (109.159.249.15) 23.957 ms
9 core2-pos9-1.telehouse.ukcore.bt.net (194.74.65.118) 26.796 ms 26.929 ms 34.708 ms
10 195.66.226.220 (195.66.226.220) 29.316 ms * 25.630 ms
11 * * *
12 * * *
13 * * *

------------------------

1 <1 ms <1 ms <1 ms 192.168.1.1
2 19 ms 19 ms 19 ms 92.25.48.1
3 20 ms 20 ms 20 ms 62.24.254.224
4 20 ms 20 ms 20 ms gig-14-3-4004-rtr002.bre.opaltelecom.net [62.24.254.201]
5 21 ms 21 ms 21 ms xe-10-0-0-rt001.bir.as13285.net [78.151.225.71]
6 26 ms 25 ms 24 ms xe-10-1-0-rt002.bre.as13285.net [62.24.240.19]
7 26 ms 25 ms 26 ms xe-11-2-0-rt001.sov.as13285.net [62.24.240.5]
8 27 ms 26 ms 26 ms xe-10-2-0-scr001.sov.as13285.net [78.144.1.128]
9 26 ms 26 ms 28 ms host-78-144-0-202.as13285.net [78.144.0.202]
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.

-------------------------

1 1 ms <1 ms <1 ms 192.168.2.1
2 107 ms 67 ms 60 ms 85-211-48-1.dynamic.dsl.as9105.com [85.211.48.1]
3 175 ms 235 ms 85 ms xe-4-0-0.ner001.the.as13285.net [80.40.155.102]
4 148 ms 152 ms 178 ms 80.40.155.111
5 88 ms 94 ms 98 ms xe-9-3-0.bragg001.log.as13285.net [80.40.155.37]
6 53 ms 39 ms 89 ms xe-7-0-0.scr001.loh.as13285.net [80.40.155.62]
7 54 ms 120 ms 116 ms xe-11-0-0-scr010.sov.as13285.net [78.144.0.226]
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.

Andy
27-02-2011, 14:23
Yeah well, now OVH are trying to blame it on http://status.ovh.co.uk/?do=details&id=1176 which is a coincidence, since I am told by external sources that it was a DDoS attack.
Thelen
27-02-2011, 13:08
On a more serious note, it frightens me that there is very little protection against DDoS if you have some moderately powerful enemies, beyond a ten thousand dollar a month setup (AWS etc). Clearly we don't have the money for that, what we are we supposed to do?
Thelen
27-02-2011, 13:06
First reaction: LOL @ using OVH for mission critical >_>

Second reaction: LOL @ stupid OVH techs who can't comprehend anything except the script they have in front of them.

Third reaction: At least it is back online now, now perhaps invest some money in redundant DNS, a backup web/mail server (reeeaaaallly simple to do), and NOT on the OVH network >_>
Andy
27-02-2011, 12:45
OVH have actually come through for me, the server is back up. Disabled all services being hit by the attack.
Andy
27-02-2011, 12:08
OK, called again.

*regular stuff, explained how unacceptable this level of service was*
"You will receive answer in 10 minutes"
"OK but if I haven't I will be calling back"
We shall wait.
Andy
27-02-2011, 11:59
Over 2 hours on from my phone call, still no action taken.
Andy
27-02-2011, 10:25
OK here's the story. I suffered a massive DDoS attack last night. My sources indicate it could be up to 50Gbps piling onto my tiny 100Mbps pipe. As you would expect the server went down and I had to call OVH 24/7 tech support in France to try and get it sorted out.

As it happens Oles was there and the technician spoke to him and got my server "protected". However protected doesn't mean protected, it means turned off and put into rescue mode. So there my server sat ALL NIGHT in rescue mode with me unable to do anything about it because it was locked into rescue mode. I couldn't change the netboot to HD.

I submitted numerous tickets, and by this morning none of them had a reply. So I phoned tech support again twice. The first time around they said they would look into it and I would have a reply within 2 hours. I did get a reply.

Following to hack problem, please proceed to the
correction of the problem with rescue mode so we can
unblock the access.

If not you can also proceed to a backup of your data
and proceed to the OS reinstallation.
ARE THEY ****TING ME?!?!?!?! Seriously, I'm hacked? You never even looked at the server. It did not come online at ANY point during those 2 hours. It was still in rescue pro so how that could possibly be determined I have no idea. I can guarantee it is NOT hacked, it is being DDoS'ed. Do you know what that means? It certainly seems like you don't.

There is nothing wrong with my server. That I can guarantee because some IRC networks and other sites that deal along the same lines as my site were being hit as well by the same group with the same botnet. I'm not stupid, I do know what I'm talking about when it comes to servers. I'm not some 15 year old who got mummy and daddy to pay for his server.

OVH support has really pissed me off this time, and I sure as hell don't care about voicing my opinion this time. You don't check the real story. Hell your French technicians can barely speak English let alone understand it. They also go by a script.

"I see you have a ticket open. I get technician to look at it for you."
"There is nothing wrong with it, it's only been DDoS'ed."
"I try to contact technician for you..."
"Can you put it into hd mode not rescue pro?"
"I try to contact technician for you..."
*Hangs up*
Now do you see what I mean? My server has been offline about 12 hours now. It is a mission critical server, hosting DNS, e-mail and my clients websites as well as my own. How do you expect me to explain what is going on?

"Oh the datacenter said it was hacked because they're incompetent at their jobs and couldn't be bothered helping me with the issue. They took the easy route and wanted me to reinstall it all"

Fat load of good that looks doesn't it?

Neil, and the rest of the UK support, you're good guys, you get the job done. For christ sake please sort this out. Up until now I have had very little problems hosting with OVH but now when I have an issue, you all refuse to do your part and help out. It's not acceptable.

Unless this is sorted quickly I'll be moving host because I just can't deal with the unprofessional approach that OVH supplies. You're trying to blame me for a problem that does not exist, and penalise me for the attack against my server. Sorry but that's just not right.

Get it sorted.

NIC: AW1188-OVH
Server: KS307731