That engagement is a double-edge sword: It’s good because we hear the concerns people have. It’s bad because the post was meant to be a celebration of the continuous work that the abuse department does, and uninitiated visitors seem to consider it a unilateral claim that we’ve beaten spam once and for all. In the course of responding to comments on that post, I shared an analogy to convey what it’s like to run abuse for a large hosting provider:

Given that illustration, the abuse team deserves a LOT of credit for the work they do behind the scenes. They are constantly investigating reports and working with customers to get remove any and all content that violate SoftLayer’s MSA, and too often, that can be a thankless job. Fighting abuse is an ongoing process, and while the nature of the beast might suggest the overall war will never be won, we’re always getting faster and stronger, so the individual battles are easier and easier to win.

-@khazard

DDoS Protection: Do you need it?

In the last couple of years, you’ve probably seen a references to denial-of-service attacks in the news and how the fallout from those attacks can leave businesses ‘picking up pieces’ for weeks or months after they occur. Think about the helplessness you’d feel if the business you poured your heart and soul into is shut down by some malicious person or group’s attack on your web presence. Worse yet, those attacks are usually for that person’s or group’s own monetary gain or to satisfy some ego-driven urge to punish you for being successful in either your business or a cause you believe in.

It happens all too often, and most people don’t realize that it can actually happen to them. On a weekly basis, I speak to at least one person that tells me, “We’re small, and we really don’t have any competitors … Our website is down. If we can’t stop this attack, I am going to have to send all of my employees home and close down!”

The truth is that denial-of-service protection providers normally sell “fear.” They do this because people don’t have answers to a few key questions about DDoS protection:

• What are the real statistics?
• What is the probability that my website will be hit with an attack?
• What is the real cost of impact?
• What about my data center? I’m sure they already have protection, right?
• We’ve never been hit before, so why should we consider it a priority?

Many of the causes for hesitation regarding the purchase of denial-of-service protection revolve around the lack of education and valid, statistical data. Most know about Distributed-Denial-of-Service (DDoS), but the details are hard to come by. Most people don’t have experience with attacks, so many assume it’s only the big companies or governments that need to worry.

The untold truth is that DDoS attacks occur on a daily basis, and as many as 2500 attacks occur every 24-hour period throughout the world. In the first 6 months of 2011, ServerOrigin saw 2.3 times the number of attacks we observed and mitigated over the course of the 2010 calendar year.

Let’s say you’re considering protection, and you want to ensure that you remain in control and your business continues operating even if you’re the target of extortion or a collective political or religious movement … and that’s assuming there is a reason behind the attack. Over 86% of attacks occur with no explanation! Considering that statistical tidbit, maybe fear isn’t just a manufactured, marketing gimmick to get you buying.

One of the biggest roadblocks in proactive DDoS mitigation in the past has been cost. The average cost for 12 months of a DDoS mitigation appliance or service to protect 1000Mbps is $78,942.00 – just for the equipment/service. Then you have to factor in the variable cost of the bandwidth USED during an attack.

ServerOrigin created ethProxy as a service that overlays your current server platform at an affordable price point. SoftLayer provides one of the best dedicated hosting environments, and we’ve built our reputation on DDoS protection, not hosting, so we bring our service to you.

How do I get protected? How time consuming is this process?
Contrary to the belief that DDoS mitigation is some mystical technology that is painful to implement, our ethProxy mitigation service works on the same premise as a Global Load Balancer or reverse-proxy. Setup is as simple as changing your website’s DNS record to a protected IP in our ethProxy filtering cloud, and once that is done, inbound connections are filtered so only clean traffic is sent to your web server. Transition to the ethProxy service is transparent for the end-user and requires no downtime to implement.

The average deployment time is less than 1-hour and the ethProxy protected IP becomes your public interface to the world. Not only does our service pass rigorous PCI certifications, it guarantees your hosted infrastructure is no longer vulnerable to attack, it allows for upgrading your bandwidth/protection in seconds, and it removes the need for additional web application firewalls or accelerators. On average, customers save around 71% by going with ethProxy when they compare us against the cost of traditional filtering methods.

Our ethProxy service is the combination of many different features or services that you may already pay for separately. This allows businesses to transition to our protection service by replacing one of their current providers which would be prove redundant with the ethProxy subscription. Why go through a budgeting process again when you can simply use a different provider that offers you DDoS protection in addition to the service you’re already paying for?

Included in Every ethProxy DDoS Mitigation Package

• Global Load Balancing
• DDoS Protected AnyCast DNS Services
• Multiple US locations / Complete Datacenter Redundancy
• Instant Scalability – Powered by ServerOrigin’s Cloud Network
• Global Content Delivery Network (CDN)

The options and overall value of these services provide protection that no website should be without, while saving you a ton of money … Especially when you consider that running all of these services separately could cost as much as $10,000/mo.

ServerOrigin Communications services more than 1,200,000 million domains worldwide. Our ethProxy service is the single largest globally deployed mitigation service worldwide, and we protect everyone from non-profit organizations to entire governments and some of Wall Street’s largest online providers (No, we’re not allowed to tell you which ones).

Let us show you why our expertise has saved hundreds of businesses and how we can ensure you never have to ‘pick up the pieces.’

- Kevin Hatfield, ServerOrigin Communications

A lot of the session was focused on end user security regarding spyware, rogue anti-virus, malware and other general badware. But part of the discussion was in regards to the security efforts of the hosting industry in general and SoftLayer specifically. Some of the things we deal with in the hosting industry are second nature to those of us that have been here for a while. But when you start talking about it in front of a different crowd, you begin to appreciate the different perspectives that are out there.

For instance, one common perception (held by some, but obviously not by all) is that once we are made aware of a server that has malware on it, all we have to do is pull the plug on the server and the problem is resolved. However, sometimes the consequences of doing so are high enough to be worthy of a second look. For instance, consider the scenario where SoftLayer rents a server to a customer. That customer slices the server into virtuals using Parallel’s Virtuozzo product and rents a virtual to another customer. That customer puts Cpanel on it to sell shared hosting accounts. Now SoftLayer is 2 layers removed from the actual end user. If that end user’s website gets compromised and begins to distribute malware, how do we at SoftLayer deal with the problem. Ideally, we tell our customer and they tell their customer and they tell the end user about the problem. The end user reacts quickly and cleans up the site. That’s not anywhere close to “best case scenario”, but I would call that a reasonable real-world response.

The problem is, if any of the individuals in that chain of communication fails to react quickly, then the response time for that issue is drastically impacted and more people are potentially victimized by the malware. At what point do we pull the plug on the server? At what point do we decide that all of the other customers on the server have to suffer because of the one bad apple or because of a slow response time from one customers in the chain of communication? Websense did a study that showed in the second half of 2007, over half of all sites distributing malware were themselves compromised sites so the scenario described above is actually a very common problem. It also highlights that there is one more victim in the incident; the web site owner.

We tend to deal with each case as prudently and expeditiously as possible in every abuse report that we receive. In some cases, we pull the plug immediately. In others, we try very hard to work with the customer to resolve the issue. But in all cases, we are constantly working to act as quickly as possible on each individual case.

This is just one of the many scenarios that we have to deal with and it highlights why having a good relationship with your provider is such an important factor when choosing someone to help supply or service your IT needs.

-SamF