We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

VAC Support


Crashuncle
15-11-2013, 01:20
A rather big problem are still infected OVH servers, they are being ignored by VAC. I got a few days ago a big attack of hacked OVH servers and had no chance to block them, also firewall settings got ignored.

I forwarded all IPs to OVH but they didn't take them down yet, all seem to use a stock install cause all of them run Apache with the default testpage.

K-Xander
21-10-2013, 10:49
Thanks for the answer Trapper, appreciated.

Trapper
21-10-2013, 01:09
Quote Originally Posted by K-Xander
Should I open a ticket to remove the PRO option and get a refund or is there an automated option for that?
I did this recently, had to be done by email...

Quote Originally Posted by K-Xander
PS: Do I need a PRO subscription to use my current 3 Additional IP Addresses + USB Key for backup (32 GB) (I have these two already added to my server)
It depends on the IP's and the server.

For non-2013 KS's you can have 3 Fail Over IP's, without Pro.

You need Pro however if the IP's are part of a Ripe Block.

~Trap

K-Xander
20-10-2013, 12:01
Funny, so some of us pay a PRO subscription for no reason. (referring to those that want to get more VAC options).

Should I open a ticket to remove the PRO option and get a refund or is there an automated option for that?


PS: Do I need a PRO subscription to use my current 3 Additional IP Addresses + USB Key for backup (32 GB) (I have these two already added to my server)

Trapper
20-10-2013, 01:05
Quote Originally Posted by K-Xander
Do you have any server in your OVH manager account that has a PRO subscription? Maybe that's why you can access the PRO features on your KS server...
No - None of my servers currently have Pro. The only "Pro" I had was on one of my KS's, but I had that removed and refunded when I stopped getting extra support on that box, which is all I was using Pro for.

~Trap

K-Xander
19-10-2013, 14:45
Quote Originally Posted by Trapper
I have have a 2013 KS2G, and have access to Firewall and an option for "Forced Mode" on VAC.

Check the list for the differences here:
http://www.ovh.co.uk/anti-ddos/ ... although I have access to two things the list says I shouldn't...

~Trap

I know the differences.
Do you have any server in your OVH manager account that has a PRO subscription? Maybe that's why you can access the PRO features on your KS server (just like me - got a pro subscription on a OVH server and non-pro on KS but I can use the firewall network and full api on both of them), otherwise we're paying the PRO and get the same thing as a normal client which is pretty lame.

Trapper
19-10-2013, 13:57
Quote Originally Posted by wii89
Can anyone ping OVH server to another OVH server? Any way to disable VAC system?
Ping OVH to OVH... Yes...!

AFAIK - There is no way to disable VAC completely, your choices are "Always On", or "On During Attack".

There are settings somewhere (API?) which allow you to set the "Time From End of Attack to Removal From VAC". But that is all.

~Trap

wii89
19-10-2013, 12:47
Can anyone ping OVH server to another OVH server? Any way to disable VAC system?

Trapper
19-10-2013, 00:30
Quote Originally Posted by K-Xander
So you have a new KS, non-pro and you can access the manager and control firewall and VAC? I wonder why I'm paying an extra of +15 EUR (+VAT) then ...
I have have a 2013 KS2G, and have access to Firewall and an option for "Forced Mode" on VAC.

Check the list for the differences here:
http://www.ovh.co.uk/anti-ddos/ ... although I have access to two things the list says I shouldn't...

~Trap

K-Xander
18-10-2013, 20:03
So you have a new KS, non-pro and you can access the manager and control firewall and VAC? I wonder why I'm paying an extra of +15 EUR (+VAT) then ...

Trapper
18-10-2013, 19:08
Quote Originally Posted by K-Xander
Actually this is how you should use VAC:

1. Start with rule 0,1,2 etc and allow only ports that you use (tcp/udp)
2. Rule 99 Block all IPv4.

Thats all.


Now, I am curious, is there any normal user that doesn't pay the PRO option and still has access to API/manager v6 that can add rules and turn on/off firewall? I'm curious if this is indeed enabled just for PRO users or it's still a feature available for everyone.
Yes - Me.

First, and apologies to the Crashuncle for not stating this before...

There is a distinct difference between "VAC" and "Firewall". Although the question you posed was clearly about "Firewall", so that is the way I answered. I think it is quite important to realise there is a difference.

Firewall:
I have tested some of the functions of on my oldest KS, and not always got the results I hoped for. I think this may have been related to the fact that traffic-in from OVH does not go through the Firewall.

So to answer you question K-Xander, Yes - KS (no pro) with full access to "Manager" control of the firewall.

VAC (Mitigation):
Same old KS - no-pro, has no chance of changing the status of VAC, that (I think) is what you get extra as "pro".

~Trap

Crashuncle
18-10-2013, 19:04
Now I get it, thank you

Well for example on my non-PRO mSP server I have the same options as I have on my PRO EG/HG server, there is no visible difference?

K-Xander
18-10-2013, 16:26
Actually this is how you should use VAC:

1. Start with rule 0,1,2 etc and allow only ports that you use (tcp/udp)
2. Rule 99 Block all IPv4.

Thats all.


Now, I am curious, is there any normal user that doesn't pay the PRO option and still has access to API/manager v6 that can add rules and turn on/off firewall? I'm curious if this is indeed enabled just for PRO users or it's still a feature available for everyone.

Trapper
18-10-2013, 01:10
Quote Originally Posted by Crashuncle
I see, thank you for your help Trapper

I guess there is no option yet like "Deny all" to whitelist only specific ports/IPs?
UNTESTED - Use at your own risk - no warranty - etc

0 / Allow / IPv4 / your.IP.add.ress
1 / Allow / TCP / 80 / Whi.te.Lis.ted
2 / Deny / IPv4 / LeaveIPFieldBlank

Or something like that...

~Trap

Crashuncle
17-10-2013, 19:01
I see, thank you for your help Trapper

I guess there is no option yet like "Deny all" to whitelist only specific ports/IPs?

Trapper
17-10-2013, 18:37
Quote Originally Posted by Crashuncle
Is there any manual for the rule settings, e.g how the priority work exactly (I see I can set number 0-99).
I have never found any manual for this, I even offered to write it if they would tell me how it works... Never got anywhere with that..!

0 is your most important rule.
99 is your least important rule.

Probably best to start with your own fixed IP address on "0", with IPv4 Allow All. This will then override any later rules, such as "Block Port 22 ALL".

HTH

~Trap

PS, sometimes it asks for an IP address, and will seemingly reject any IP you put in. If this happens enter it as xxx.xxx.xxx.xxx/32 - then it will accept it.

Crashuncle
17-10-2013, 17:16
Quote Originally Posted by alex
yes, you do have control per IP address, ether auto mode or enabled via control panel:
https://www.ovh.com/manager/dedicated/login.html
Oh thank you, the support didn't give me that link and only said I should subscribe to this mailing list, at least the v3 manager had no related option.

Is there any manual for the rule settings, e.g how the priority work exactly (I see I can set number 0-99).

alex
17-10-2013, 11:13
Quote Originally Posted by Crashuncle
Be happy that you have extended controls, I have the PRO subscription and still no control over the VAC features or at least a basic "On/Off switch".
yes, you do have control per IP address, ether auto mode or enabled via control panel:
https://www.ovh.com/manager/dedicated/login.html

wii89
17-10-2013, 11:11
I think VAC is just a waste of time and they efforts need to be on selling servers again, What good is a server company if they don't sell servers and provide support to there customers!

Crashuncle
16-10-2013, 22:53
Quote Originally Posted by K-Xander
Well, I joined OVH and I'm paying the PRO subscription mainly for a better VAC experience and currently I have it disabled due to lots of problems we had so far. I'm afraid that if I turn it back on, there will be again random issues with people not being able to access our servers, random disconnects, etc.
Be happy that you have extended controls, I have the PRO subscription and still no control over the VAC features or at least a basic "On/Off switch".

K-Xander
16-10-2013, 19:08
Well, I joined OVH and I'm paying the PRO subscription mainly for a better VAC experience and currently I have it disabled due to lots of problems we had so far. I'm afraid that if I turn it back on, there will be again random issues with people not being able to access our servers, random disconnects, etc.

LawsHosting
15-10-2013, 18:25
I think it got closed? As you say, no activity - usually there's lots of complaints if nothing else!!!!!

K-Xander
15-10-2013, 13:19
I'm already subscribed there, Oles left the group a week ago so only us, the members were left there to talk. So far I haven't seen a new post for days in the ML

marks
15-10-2013, 12:56
at the moment, the support for the anti-DDoS is done through mailing list. You can subscribe here: ddos-subscribe@ml.ovh.net

Post your issue there, with proofs of the problem you're having. Mind that's not a help, it's to post problem to be fixed.

Thanks

LawsHosting
15-10-2013, 00:08
Your guess is like 90% of OVH's staff's.

K-Xander
14-10-2013, 22:17
Anyone knows where did VAC support moved? Someone shared a link on the ML which was posted on the french forum but I see it's gone.