DDoS Protection


#1

Hello,

I really think that Dreamhost should improve their DDoS Protection methods. Even if it’s a addon service to our hosting.

Some Dreamhost Customers cant use third-party services like Cloudflare, etc.

As seen in previous events, Dreamhost has been attacked before. I spoke with some Dreamhost Staff about the protection and they said there is little to none protection for customers servers no matter if you have a VPS, Dedicated Server, or Shared Server. The only protection in place is one internally to protect Dreamhost itself.

I think there needs to be some sort of subscription or something for us to protect our sites with Dreamhost not a third-party.

Thanks,
Zach


#2

You can enable Cloudflare directly from DreamHost Control Panel: is that something that would address your concern?


#3

No, as stated above I want a protection service with Dreamhost not a third party.


#4

Got it… It’s a hard business proposal to make because DDoS are extremely expensive and there are good companies out there offering protection. Those companies enjoy economies of scale that I’m not sure a company the size of DreamHost would be able to reach.

That said, it’s always good to challenge assumptions and discuss new products… So my question to you is: what do you think would be the advantage for customers to have DDoS protection offered directly by DreamHost, as opposed to a partner like Cloudflare?


#5

Some customers of Dreamhost can’t use third parties like my company because we use lots of API’s for our services we offer and they block and limit us if what we can do. But a direct DDOS Protected Service from dreamhost wouldn’t have that issue.

API’s as in for our mobile app, desktop application, and more.


#6

I’m not sure I follow… What kind of services and APIs do you use that would allow you to buy DDoS protection from DreamHost but not from Cloudflare or someone else? Are these technical issues or procurement policies at your company? Did I misunderstand you?


#7

Cloudflare and some other protection providers prevent some of my companies core features. And I’ve already contacted their support teams about it and there is no fix for it.


#8

Thanks for explaining a bit more. Now I guess the next question is to understand more in details what sort ot DDoS protection DreamHost (or someone else, really) might offer that is effective and doesn’t suffer the same technical limitations of Cloudflare. Is that it? Are you able to share in more details what the issue with Cloudflare is (to see if someone has other suggestions)?


#9

The issue my company faces mainly with Cloudflare is that it blocks our developer API, mobile app API, and other API’s. Also Cloudflare can become expensive as we are a platform in which users upload content thousands of times a day that exceed 200MB per upload. (Uploaded to Amazon S3 But Cloudflare would block it.)

The only option I currently have is to use dedicated servers with full SSH/Sudo Access to add built-in protection. But I feel like Dreamhost should have some sort of mitigation service for atleast Dedicated Server customers. Maybe rate limiting, traffic mitigation, etc.

It would also be nice if something could atleast cover our servers IP addresses. I can’t count how many times my site has been attacked because our web servers dedicated IP’s are revealed publicly. Not covered by a Proxy.


#10

I don’t share the enthusiasm for product development, but I did want to speak to your question: no real advantage, but the panel does appear to endorse specific partners. And Cloudflare is problematic for many people, myself included. We won’t litigate that company here, but the fact is there is a substantial population of web producers that won’t use Cloudflare for technical, privacy and security reasons.

Over the years it seems like DH picked one good solution for a given ancillary service to hosting. Cloudflare for DDoS and whatever, Google for apps and mail, that kind of thing.

This is less a request and just feedback, I’d like to see more integrations with other services. Without specific knowledge, I imagine each provider in a given category has similar integration needs, and the majority of them are around DNS verification.

I don’t think DreamHost should themselves produce such a product. :slight_smile:


#11

I’ve seen Cloudfares “bad bot” security products and IMO they block with too wide a brush. Too many humans get blocked as well as a lot of beneficial agents.

Of course the best solution is to learn to use the server modules and write the code to filter who has access to your files.

My personal site is on shared hosting so I use an .htaccess file to block server farms, malicious user agents, scrapers, etc and at the same time allow my human visitors and beneficial agents access.

What many think is a DDoS is likely just heavy bot traffic or possibly a botnet. An actual DDoS is rare and expensive to launch so unless you are a very important web presence, you will never see a DDoS.


#12

I wish that were true, but I do not believe it has been for a couple of years. Compromised computers and open-source botnets have caused a proliferation of malicious traffic targeting companies for too many reasons to count. I don’t think the vast majority of DH users are being targeted individually, it is more likely DH’s infrastructure in general.


#13

Point being, botnets & heavy bot traffic hitting your account are not DDoS.

Most of your traffic is bots.


#14

I am not sure I understand your point. Botnets are by definition a DDoS. If there is a nuance I am missing, please spell it out.


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.