Michael D. Posted April 1, 2018 Report Share Posted April 1, 2018 Hello, Our upstream provider, Handy Networks, has null-routed the IP 162.244.254.212 for 24 hours due to an inbound DDoS attack. While I do not have the details of the attack currently I have requested them. It appears, from what they provided, to be a UDP flood. We are working to move all affected accounts off to alternate IP addresses. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted April 1, 2018 Author Report Share Posted April 1, 2018 All accounts on the affected IP have been migrated to new IP addresses. If you are using our DNS there is nothing you need to do. If you are using third party DNS you will need to sign in to your cPanel [ https://s5.supportedns.com/cpanel] and go to ' Server Information ' and then update your DNS to the 'Shared IP Address' shown there. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted April 1, 2018 Author Report Share Posted April 1, 2018 This attack was a 6 GBPS DNS Amplification Attack according to the data I was provided. This was the size of the attack at the point it was null-routed and very well may have grown larger if not null routed. We will be keeping an eye on the new IPs to see if the attack shifts. Quote Link to comment Share on other sites More sharing options...
Guest AskMDD Posted April 1, 2018 Report Share Posted April 1, 2018 Many users are seeing the default web page ("SORRY") when visiting their sites. This is due to the IP address change and DNS propagation. If you use our DNS servers:- No further action is required.- The site will be accessible soon, when DNS propagation completes.- New visitors should see the site immediately.- You can follow the on screen directions, or visit https://go.cpanel.net/cleardnscachefor directions to restore your own access without delay. If you are using third party DNS servers:- Follow Michaels directions from earlier: https://forums.mddhosting.com/topic/1514-ip-on-s5-server-null-routed-by-up-stream-due-to-ddos/?p=6778&do=findComment&comment=6778- Once the DNS change has been completed, no further action is required.- The site will be accessible soon, when DNS propagation completes.- New visitors should see the site immediately.- You can follow the on screen directions, or visit https://go.cpanel.net/cleardnscachefor directions to restore your own access without delay. --- In any case, continue to monitor this forum thread for any updates. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted April 1, 2018 Author Report Share Posted April 1, 2018 If you are using CloudFlare you will need to update the IP for your domain(s) at CloudFlare if you are on the affected IP. I do wish we could email only those affected and let them know - but only a tiny percentage of the server was affected and there is no way for us to email only those affected without it being entirely manual. While it is a small percentage of accounts on the server - it's enough accounts that manually notifying one by one would take a fairly substantial amount of time. If you aren't subscribed to this section of the forums, I do suggest it -> https://forums.mddhosting.com/topic/307-stay-updated-about-server-and-network-issues-and-events/ 1 Quote Link to comment Share on other sites More sharing options...
SarisIsop Posted April 1, 2018 Report Share Posted April 1, 2018 Thank you I subscribe to the Announcements and find it very helpful. Probably a dumb question, but are these types of attack aimed at a particular website or is just a random thing? Quote Link to comment Share on other sites More sharing options...
Scott Posted April 1, 2018 Report Share Posted April 1, 2018 are these types of attack aimed at a particular website or is just a random thing?They are typically targeting a specific website or entity. Quote Link to comment Share on other sites More sharing options...
SarisIsop Posted April 1, 2018 Report Share Posted April 1, 2018 They are typically targeting a specific website or entity. Thank you Scott. I'm guessing there is nothing we can do form our side? And is there anyway of telling if I was a target. Quote Link to comment Share on other sites More sharing options...
Scott Posted April 1, 2018 Report Share Posted April 1, 2018 I'm guessing there is nothing we can do form our side? Correct. And is there anyway of telling if I was a target. If we tell you you were the target, then you are. Otherwise, you are not. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted April 1, 2018 Author Report Share Posted April 1, 2018 If we tell you you were the target, then you are. Otherwise, you are not.It is worth noting that attacks like these can be compared to carpet bombs with a lot of collateral damage. While the attacker did likely take their target offline - they took others offline in the process. In cases where we are able to identify the target we will segregate them and contact them - but in this case we have not been able to identify a specific target. Quote Link to comment Share on other sites More sharing options...
SarisIsop Posted April 2, 2018 Report Share Posted April 2, 2018 Thank you both for clarifying. It's one of those things I've never fully understood, but now I know you will contact me if you knew for certain that I was a target I will leave it in your capable hands. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.