Jump to content


Photo

[Resolved] Fresco Outage - DDoS


  • Please log in to reply
10 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 14 May 2011 - 11:10 AM

The Fresco server is currently seeing 95 to 98% packet loss due to a DDoS attack and our networking team is working on this. We expect to have it mitigated within 5 to 10 minutes however nothing is set-in-stone as this is preliminary.

If you have any questions, let us know.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 14 May 2011 - 11:15 AM

We've un-routed the targeted IP from the server temporarily while the networking team works on the issue to restore service to everybody else.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#3 Juan

Juan

    Newbie

  • Members
  • Pip
  • 9 posts
  • Gender:Male

Posted 14 May 2011 - 11:17 AM

Thanks! :)
  • 0

#4 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 14 May 2011 - 11:34 AM

The attack has been mitigated (as of a few minutes ago). Here are graphs for those who may be curious. These are our network-wide graphs and are not specific to the server but it's obvious when the attack starts and when it was resolved.


Posted Image
Posted Image
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#5 Juan

Juan

    Newbie

  • Members
  • Pip
  • 9 posts
  • Gender:Male

Posted 14 May 2011 - 11:39 AM

Very fast response time by MDD (10 mins maybe less?) Thank you, Mike!
  • 0

#6 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 17 May 2011 - 11:22 PM

We're now seeing another attack to the same server, however on a completely different/unrelated IP address. We're working with our networking team to mitigate this attack.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#7 Vilandra

Vilandra

    Newbie

  • Members
  • Pip
  • 23 posts
  • Gender:Female
  • Location:Pittsburgh, PA
  • Interests:Chelsea FC!

Posted 18 May 2011 - 01:13 AM

Mike I'm getting this error now - assuming it's part of this, but just in case it means something:

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.


  • 0

#8 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 18 May 2011 - 01:14 AM

Mike I'm getting this error now - assuming it's part of this, but just in case it means something:

That generally means that you're forcing GZIP compression, when the server already gzip compresses content on-demand. Do open a ticket as this would be unrelated.

On the subject of the attack - the IP that came under attack was null routed (i.e. routed to nowhere/black hole) and we're shifting accounts off of that IP as quickly as possible in small blocks to fresh IPs. This will not only be bringing sites affected back online but will also allow us to identify the target of the attack (should the attack shift with the account, which it usually does).

If you have any questions about the attack, let us know.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#9 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 18 May 2011 - 01:29 AM

All accounts that were on the affected IP have been shifted off of the IP so service should be fully restored to everybody. It is likely that the attack will shift to the new IP of whichever account was originally targeted at which point we will further isolate the target to fully mitigate the attack.
  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#10 Vilandra

Vilandra

    Newbie

  • Members
  • Pip
  • 23 posts
  • Gender:Female
  • Location:Pittsburgh, PA
  • Interests:Chelsea FC!

Posted 18 May 2011 - 12:49 PM

Thank you for your hard work, Mike :)
  • 0

#11 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 18 May 2011 - 12:55 PM

Thank you for your hard work, Mike :)

Absolutely, myself and our networking team :) I wish the internet wasn't such a hostile place.

Not that any of you have compromised computers (surely we all have secured systems!) but if you're not actively doing this, make sure you do it:
  • Make sure you have quality up-to-date virus scanning running.
  • Make sure that you do periodic scans for malware such as with malwarebytes.
  • Make sure that you keep your operating system up to date.
  • If you're not running a server or something that requires your computer to be on, do turn it off when you're not using it.

DDoS attacks come from compromised systems that are left online and do not have the necessary security patches, virus scanning, etc... If everybody followed these simple guidelines a vast majority of DDoS attacks wouldn't be possible as the computers that were a part of the botnets would be secured.
  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users