Jump to content
MDDHosting Forums

IP on S5 Server Null-Routed by Up-Stream due to DDoS


Recommended Posts

Hello,

 

Our upstream provider, Handy Networks, has null-routed the IP 162.244.254.212 for 24 hours due to an inbound DDoS attack. While I do not have the details of the attack currently I have requested them. It appears, from what they provided, to be a UDP flood.

 

We are working to move all affected accounts off to alternate IP addresses.

Link to comment
Share on other sites

All accounts on the affected IP have been migrated to new IP addresses. If you are using our DNS there is nothing you need to do. If you are using third party DNS you will need to sign in to your cPanel [ https://s5.supportedns.com/cpanel] and go to ' Server Information ' and then update your DNS to the 'Shared IP Address' shown there.

Link to comment
Share on other sites

This attack was a 6 GBPS DNS Amplification Attack according to the data I was provided. This was the size of the attack at the point it was null-routed and very well may have grown larger if not null routed.

 

We will be keeping an eye on the new IPs to see if the attack shifts.

Link to comment
Share on other sites

Guest AskMDD

Many users are seeing the default web page ("SORRY") when visiting their sites. This is due to the IP address change and DNS propagation.

 

If you use our DNS servers:

- No further action is required.

- The site will be accessible soon, when DNS propagation completes.

- New visitors should see the site immediately.

- You can follow the on screen directions, or visit https://go.cpanel.net/cleardnscachefor directions to restore your own access without delay.

 

If you are using third party DNS servers:

- Follow Michaels directions from earlier: https://forums.mddhosting.com/topic/1514-ip-on-s5-server-null-routed-by-up-stream-due-to-ddos/?p=6778&do=findComment&comment=6778

- Once the DNS change has been completed, no further action is required.

- The site will be accessible soon, when DNS propagation completes.

- New visitors should see the site immediately.

- You can follow the on screen directions, or visit https://go.cpanel.net/cleardnscachefor directions to restore your own access without delay.

 

---

 

In any case, continue to monitor this forum thread for any updates.

 

Link to comment
Share on other sites

If you are using CloudFlare you will need to update the IP for your domain(s) at CloudFlare if you are on the affected IP.

 

I do wish we could email only those affected and let them know - but only a tiny percentage of the server was affected and there is no way for us to email only those affected without it being entirely manual. While it is a small percentage of accounts on the server - it's enough accounts that manually notifying one by one would take a fairly substantial amount of time.

 

If you aren't subscribed to this section of the forums, I do suggest it -> https://forums.mddhosting.com/topic/307-stay-updated-about-server-and-network-issues-and-events/

  • Upvote 1
Link to comment
Share on other sites

If we tell you you were the target, then you are. Otherwise, you are not.

It is worth noting that attacks like these can be compared to carpet bombs with a lot of collateral damage.

 

While the attacker did likely take their target offline - they took others offline in the process. In cases where we are able to identify the target we will segregate them and contact them - but in this case we have not been able to identify a specific target.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...