Jump to content


Photo

[Ended] Fresco server - DDoS attack


  • Please log in to reply
27 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 26 September 2010 - 06:53 PM

Hello,

One of our clients on the Fresco server has come under DDoS attack which has caused connection speeds to be a bit slower than usual for about the last hour due to maxing out the port on the server. We're upgrading the port on the server to 1,000 megabit from the current 100 megabit which only takes moments and we're engaging our Cisco Guard anti-DDoS on the site.

We've contacted the client in question so you don't have to ask here if it's you or not (if it is you, then you already know that).

If you have any questions at all, feel free to post in this thread or to open a support ticket.

Bandwidth Graph:
http://www.screen-sh...-09-26_1940.png

Thank you!
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 jrotunda85

jrotunda85

    Newbie

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Alexandria, VA

Posted 26 September 2010 - 07:06 PM

Mike,

Is the person that is getting attacked now the same one that was targeted on the previous outage? It would seem to me if they are indeed the same person, their account should be suspended immediately.
  • 0

#3 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 26 September 2010 - 07:11 PM

Mike,

Is the person that is getting attacked now the same one that was targeted on the previous outage? It would seem to me if they are indeed the same person, their account should be suspended immediately.

Different server, different client, entirely different type of attack.

Unfortunately this is part of the industry - of the dozen or so other providers I speak with on a daily basis at least two of them are dealing with a type of DDoS attack at any given time. We're just letting you know what is happening and what we're doing about it. The server has been put behind CiscoGuard and the client has been contacted so that we can work with them on this issue.

If you have any questions, let us know.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#4 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 26 September 2010 - 08:38 PM

The attack at this point is being fully mitigated so you shouldn't notice any impact on any services. If you do have any issues or questions feel free to post them in this thread or to open a support ticket.
Posted Image
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#5 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 12:02 AM

We did some math and the site under attack was facing upwards of 43,200,000 requests per hour, 720,000 per minute, and 12,000 per second. That's a LOT of requests! This type of attack wasn't aimed at flooding our pipes with incoming data but by overworking the web server (i.e. crashing it) or simply causing bandwidth usage to be too high/expensive to keep the site online.

We did manage to mitigate a good portion of the attack and things are definitely back to normal. If you do have any questions at all, let us know.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#6 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 09:41 AM

The attack is still ongoing, we're seeing upwards of 2,000 distinct systems hitting the server and upwards of 15 to 20 thousand requests per second. Things may be a *little* sluggish but we're doing our best to keep the server responsive.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#7 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 10:58 AM

We're having a null-route applied to the IP address that is being hit by the attack and we're moving all sites that aren't targets of the attack (if your site was the target, you were already notified and responded) to new IP addresses.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#8 dimples

dimples

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 27 September 2010 - 11:34 AM

oh this is why my site so slow..and can't connect sftp
which account or site getting attack?
hope that issues taking care soon..
thank you
  • 0

#9 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 11:44 AM

oh this is why my site so slow..and can't connect sftp

Yes - DDoS attacks tend to have that effect. We've managed to mitigate enough of the attack that at least sites are online (although sluggish) but we're still working to fully mitigate the attack.

which account or site getting attack?

I can't say due to our privacy policies - you can be sure it's not you though as we've already contacted and discussed the issue with the client whose site is the target.

hope that issues taking care soon..
thank you

We're working on it!
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#10 dimples

dimples

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 27 September 2010 - 11:49 AM

thank you mike
  • 0

#11 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 11:53 AM

Here's a copy of the mass email that we sent out to all affected clients (just in case you didn't get the email)

The DDoS attack is still ongoing and is causing a fair amount of packet loss - to the point of sites being sluggish. We're moving any sites that share the same IP address with the site under attack to new IP addresses so that we can null-route the attack and bring performance back to it's normal levels. As with any IP change your site may appear offline for up to 2 hours to anybody who has accessed the site recently (within the last hour or so) however anybody who hasn't been to your site in the last hour or so won't see your site as offline, and this is a majority of the world.

If your site is currently on a Dedicated IP that means that it's on an IP all it's own, and wouldn't be affected by the IP changes. If you do have any questions at all feel free to respond to this email or to post in the topic on our forums about this issue at http://forums.mddhos...er-ddos-attack/

As always, we're doing our best to keep things online through this attack. The attack is not targeting MDDHosting, but instead one of our customers - we've already contacted the customer who is the target of the attack and discussed the details with them so you don't have to worry about whether you're the target or not, as you would already know.


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#12 alans73

alans73

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 September 2010 - 12:05 PM

I was wondering why our site was sluggish and eventually went offline...thanks for the info
  • 0

#13 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 27 September 2010 - 12:05 PM

I was wondering why our site was sluggish and eventually went offline...thanks for the info

No problem, if anything changes we'll post it here.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#14 BrickMaster

BrickMaster

    Newbie

  • Clients
  • Pip
  • 10 posts
  • Gender:Male

Posted 27 September 2010 - 03:39 PM

Hi there, quick question Mr. Denney. My website is currently offline, am I one of those affected by this?
  • 0

#15 Scott

Scott

    MDDHosting Staff

  • Staff Administrator
  • PipPipPipPip
  • 421 posts
  • Gender:Male

Posted 27 September 2010 - 03:40 PM

Hi there, quick question Mr. Denney. My website is currently offline, am I one of those affected by this?


Please open a support ticket so that we may look into your account directly. Thank you.
  • 0
Scott S - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#16 BrickMaster

BrickMaster

    Newbie

  • Clients
  • Pip
  • 10 posts
  • Gender:Male

Posted 27 September 2010 - 03:42 PM

Please open a support ticket so that we may look into your account directly. Thank you.


All right. Will do sir. :)
  • 0

#17 Scott

Scott

    MDDHosting Staff

  • Staff Administrator
  • PipPipPipPip
  • 421 posts
  • Gender:Male

Posted 27 September 2010 - 03:51 PM

Hi there, quick question Mr. Denney. My website is currently offline, am I one of those affected by this?


Some notes for those who are interested:
  • If you're account is not located on the fresco server, then this issue does not apply to you.
  • We have just completed moving all sites on the old fresco IP address to the new IP address. If you're DNS is hosted with us, then it may take a few hours for the changes to propagate to anyone who has visited your site recently.
  • If you're DNS is not hosted with us, you will need to update your DNS records.
  • If you have a dedicated IP, there should be no changes to the IP address of your account and the DNS changes do not apply to you.
  • A few hours from now, if you still notice any problems, please let us know.

  • 0
Scott S - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#18 Bluesplayer

Bluesplayer

    Member

  • Clients
  • PipPip
  • 62 posts

Posted 28 September 2010 - 03:16 AM

Is this the reason why my traffic has collapsed?

Posted Image

Do I need to do anything or just wait for the propagation to take effect?
  • 0

#19 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 28 September 2010 - 03:22 AM

Propagation is already completed as of several hours ago, I couldn't speculate about your traffic levels.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#20 Bluesplayer

Bluesplayer

    Member

  • Clients
  • PipPip
  • 62 posts

Posted 28 September 2010 - 03:38 AM

Well it must be linked surely. As you can see the drop in traffic started about 5-6 hours ago. These changes must impact on the search engines really badly. No doubt traffic will recover again but if my site was a viable commercial one earning lots of money I don't think I would be too happy about it. There would be considerable loss of earnings.

What exactly is a DDos attack?
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users