Recently, our IP was routed by a hosting company of famous resellers. The company has not provided any information in this regard and I was completely blamed. It's fair? I need your comments.
Review the help desk conversation:
Me: server not accessible. Problem loading the page, please help.
Reseller company: please explain. All server services run normally …
Me: No, check the sites on the server.
Reseller company: in reality, your dedicated IP address was routed null due to a massive attack of ddos to different domain names hosted on the IP.
We have removed the null route and the sites should be online in the next 10-15 minutes.
Me: I did not receive information about this. Please help. Let me know what should be done.
Reseller company: The use of cloudflare in all of your domain names would be a good start because the real server's IP will be hidden that way.
Me: It is not possible to immediately change the cloudfare to all domains. Also, domains are not registered with me. Customers are screaming, I can't find complaints in the domains of this server in the last 4 months. Please help in this.
Reseller Company: How to help you exactly? You realize that your domains are being attacked from outside, right? That is the policy of our company: we do not address the IP until the attack stops; otherwise, the entire server will fall, including its domains …
When the attack stops, we will eliminate the blockage, of course.
Me: Is a Ddos attack on your network? Can you tell me the cause of the problem? When will it be resolved? Almost 5 hours down. I can't handle calls!
Reseller company: That's not what I said … DON'T play shy with me … I told you that ONLY YOUR IP IS ATTACKED! The block was removed. If the attack starts again, your IP will be routed again.
Me: What kind of answer is this? How do I know that my IP is attacked and what can I do without any clues? The sites are down. I am trying to help my clients.
Reseller Company: How do I know what your IP is? You're laughing ? We have server logs that show that all DDoS attacks are attacking ONLY your IP address. That is one of the reasons we provide you with a dedicated IP address so we know who is attacking who in such cases.
To help your customers, you need a CDN, that's why I suggested cloudflare.
This is an answer to someone who is trying to blame our network for the fact that their clients' sites are under attack! And that is the ONLY type of response you will get!
Me: kindly provide the record.
Reseller company: WHM functions have been activated. If you have more questions, do not hesitate to contact us.
Me: All my clients' sites are still inactive. I am not happy with the kind of help. Please help.
Reseller company: I am not happy that some of your clients jeopardize the stability and security of the entire server where there are around 1500 accounts! I can guarantee that the next time this happens, your IP will be canceled without deletion. The attack seems to have stopped. The IP has been restored and the sites that include myclientwebsite.com are now operational.
Me: You haven't provided any records yet. How do you expect me to take action? You understand ? At least tell me what I need to do!
Reseller company: I told you on at least two occasions that you need to use cloudflare for your domain names so that this does not happen! I can only say it that way if you can't understand it, I'm sorry. We are not going to provide you with any records, since we eliminate them due to the fact that the attack causes the Apache log to swell in Gigabytes …