Frequently Asked Questions (FAQ)

Here, you will find answers to the most common questions our clients ask.

What is the difference between protection plans with and without moving?

We can protect your website both by moving your data to our infrastructure and by proxying your traffic (your website stays on the same server). For instance, when proxying is used, you get an IP address you need to specify in the A record of your website’s DNS. Here, all traffic to your website will go through our filtering system and will be scrubbed before it reaches you.

Do the server prices include protection?

Our dedicated server plans do not include protection. You are welcome to order protection of your dedicated server as an extra. After the payment is completed, it takes 10 minutes to enable the protection on your server.

Where is your equipment located?

Our stateless filtering equipment is located all over the World (in Europe, Asia and Americas), stateful filtering equipment - in the US, Germany and Russia, dedicated servers and VDS - in France and Germany.

What is your IP address so I can check the delay?

You can use the following IP addresses to check delay:

Washington - was.stormwall.pro
Frankfurt - fra.stormwall.pro
Moscow - msk.stormwall.pro

Can I protect my server that is not hosted with you?

You can use our protection to safeguard any server on the web. You can use protection preserving your IP addresses (using IPIP tunneling or GRE), or use proxying, a simpler option that involves an IP change.

What is a VDS?

VDS stands for virtual dedicated server. A powerful physical server is divided into multiple virtual server instances. We use advanced VMware virtualization, this is why for you as a client our VDS solutions are exactly the same as using a physical server. You get full root access for Linux-based VDS servers, or administrator access with Windows-powered servers. You can use 100% of the allocated server resources.

What is the difference between VDS and dedicated servers?

VDS stands for virtual dedicated server. A powerful physical server is divided into multiple virtual server instances. We use advanced VMware virtualization, this is why for you as a client our VDS solutions are exactly the same as using a physical server. You get full root access for Linux-based VDS servers, or administrator access with Windows-powered servers. You can use 100% of the allocated server resources.

Can I use more/less resources on my VDS?

Resources are adjusted without restarting your VDS if you want to use more resources. If you want to use less resources, a brief restart will be necessary.

Can I use more/less resources on my dedicated server?

Unfortunately, this is not available right now. However, we constantly upgrade our server park, so you can just migrate to a more powerful server later on.

Can I change my pricing plan?

Please create a Sales ticket in the support area,. We will change your pricing plan and recalculate the charges.

Can we sign a contract? Can I pay via bank transfer (wire transfer)?

We are an officially registered company in the Slovakia, EU. You are welcome to sign a contract with us and pay via bank transfer.

What kind of guarantee do you offer?

We guarantee that under our protection your website will be up and running. Moneyback is offered in case your website is down because the protection cannot handle an attack. These conditions are part of the contract between you and us.

What payment methods I can use to pay you?

You are welcome to pay via VISA/MasterCard cards, with WebMoney, Yandex.Money, Qiwi, PayPal, TeleMoney, cash payments in Svyaznok, Evroset’ and VTB24 offices, as well as with Elexnet, Kassira.net, Mobil Element and Pin Pay terminals. You can also use Alpha Bank and Handybank online banking, and bank transfers.

After I installed your protection, all visitors of my forum/website have the same IP address. Why?

When protection is enabled, actual visitor IP addresses are sent in HTTP headers such as X-Real-IP and X-Forwarded-For. Please configure mod_rpaf for Apache or http_real_up for Nginx in such a way that your web server processes these headers correctly. You are welcome to contact our support department for assistance.

Can I protect a HTTPS website?

Sure. You will need to provide us with the SSL certificate with a private key. Our experts will help you with setting up SSL-enabled protection.

Are search engine bots, e.g. Google, blocked by the protection system?

No, they are not. We continually monitor search bot activity and adjust our filters so that they don’t prevent the bots from crawling your website. Currently these legal search engine bots have full access to pages of websites protected by StormWall™: Google, Yandex, Bing, Yahoo, Facebook, Yandex Metric, Yandex Market, Google Image, Google AdsBot, Google AdsBot Mobile, Mail.RU, LiveInternet, SeoPult, Promo-Reklama, l2top.ru, mmotop.ru.

My website has payment gateway integration. Can your protection block them?

Popular payment gateways are whitelisted and are never blocked. Currently these payment systems can work with your website directly with no HTTP traffic scrubbing involved: WebMoney Transfer, RBK Money, Robokassa, SMS Deluxe, PayPal, Payanyway.ru, Sprvpay, NextPay, Way2Pay, PaymentWall, SMS Coin. We can whitelist your custom payment system by request.

How do I know my website is under attack and I need protection?

Extremely and unusually high CPU and RAM load is a common first sign of a DDoS attack in progress, as well as a suspiciously high amount of connections or semi-open connections. Depending on the attack type, unusually high amounts of bandwidth may be consumed, or the number of service processes is abnormally high.

For webwebsites, this usually results in 502 Bad Gateway errors as well as Request Timeout errors. Pages load slower or do not load at all.

Most common attack types:

SYN Flood

To detect this attack, all you need to do is check the queue of half-open connections using this command:

netstat -n -t | grep SYN_RECV | wc -l

On average, if this value exceeds 50, your server may be under attack. Depending on your server load and website features this value may be different.

HTTP Flood

Usually attacks of this type mean a surge in web server connection as attacking bots send more and more requests. As a result, RAM load increases rapidly as does the number of web server processes. If your website is built with PHP, Ruby, or other server-side languages, often CPU and database loads increase as well.

You can check the number of processes using this command:

ps aux | grep apache | wc –l
or
ps aux | grep httpd | wc –l

For low-load websites, this value should not exceed 20-40. When the value exceeds that limit, it may be time to get protected.

Next step is analyzing server logs. Here is how you can see how many website requests were made from each IP:

cat /var/log/apache/access.log | awk '{print $1}' | sort | uniq -c

Resulting data output will look like this:

              1 109.163.234.4
              1 140.113.110.11
              1 176.10.100.226
             73 176.113.5.243
             37 176.116.192.251
             73 176.51.204.97
             72 178.124.207.210
             12 178.125.19.19
             72 178.187.11.57
             73 178.215.83.33
              2 178.32.181.107
             12 178.45.16.46
              1 185.8.239.238
              2 188.138.1.229
             44 188.163.83.192
             70 188.186.75.65
             73 188.235.0.113
             73 188.254.110.17
              2 195.154.226.66
             72 195.238.116.21

The more requests come from a particular IP, the more likely we are dealing with an attacking bot. Run this command a few times and watch how the values change. If certain IPs keep sending more and more requests and the numbers grow fast, you are being attacked.

UDP Flood

This attack usually aims to oversaturate the bandwidth of your server. Much more bandwidth and CPU time are consumed. Use the vnstat utility to see your server’s network load. This utility shows network stats in real time.

Here is one of the ways you can use this utility:
vnstat -l -i eth0

This is the picture you will get:

Monitoring eth0... (press CTRL-C to stop)
rx: 75.25 Mbit/s 11678 p/s tx: 38.14 Mbit/s 9816 p/s

If the rx value is high, your server is likely to be under a DDoS attack.

Here, we described only a few DDoS attack types and attack detection methods. If you need expert advice on anything related to DDoS attacks and securing your website against them, never hesitate to contact our support department.

Did not find an answer to the questions you have?