Jump to content


Photo

Jasmine Server - DDoS on 173.248.188.150

Current

  • Please log in to reply
20 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 06:40 PM

Update 8:52 PM ET
All accounts have been shifted to alternate IP addresses.
============

We saw a rather large DDoS attack hit the IP 173.248.188.150 on our Jasmine server just now. Our networking team acted quickly to drop this IP to keep everybody else online.

We're going to work to shift everybody on this IP to a small subset of new IPs to bring people back online as well as to hopefully narrow down who is actually under attack.

It's unfortunate that the internet is such a hostile place these days.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 PGR

PGR

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 19 February 2013 - 07:05 PM

Can you give an approximate estimation of when will we be back online?
  • 0

#3 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 07:09 PM

Can you give an approximate estimation of when will we be back online?

The only estimate I can give you is 'as quickly as possible' and, while I understand this is not helpful, it's the best I can provide.

We're changing the IP of every affected account at this time to bring them back online and it takes several seconds (15~20 seconds) per account just for it to process once somebody has manually selected the account and the new IP. If you're using external DNS, you'll need to check your cPanel to watch for the IP to change from .150 to something new.

Bear in mind that this isn't something that is a result of anything we've done and that we aren't under attack but simply one of our clients is. This attack, unfortunately, is just a port flood with a lot of garbage data and, as such, doesn't in and of itself identify any target beyond simply the IP address. We're working to bring everybody back online as quickly as possible as well as working to identify the target of the attack so that they can be isolated.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#4 PGR

PGR

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 19 February 2013 - 07:15 PM

Ok, thanks, I'll keep an eye out for IP changes.
  • 0

#5 ahnlak

ahnlak

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 07:15 PM

Will this be a permanent IP change, or just temporary while you track down the problem?
  • 0

#6 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 07:15 PM

Ok, thanks, I'll keep an eye out for IP changes.

Bear in mind this is only necessary if you are not using our nameservers or if you simply wish to know once your account has been moved (if you are using our nameservers).

Will this be a permanent IP change, or just temporary while you track down the problem?

It's usually permanent, however, if you are moved to the IP that the attack shifts to, your IP will change again (as we bisect the accounts on that IP to 2 or more new IPs to identify the target).

In short it's likely to be permanent but could be temporary. Nobody will be going back to the original IP, that is for sure.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#7 ahnlak

ahnlak

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 07:20 PM

Cool - I'll keep an eye open and update my DNS then (and will finally get around to switching my DNS to your servers at some stage so I don't need to worry about it again :)
  • 0

#8 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 08:16 PM

Most customers have been moved to new IPs - there are still a few that are being moved. I estimate 10 to 15 minutes until everybody is on a new IP.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#9 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 08:33 PM

The last few are taking a little longer than I expected, I'll update this thread once *all* are moved.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#10 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 08:52 PM

All accounts are now on new IP addresses.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#11 Arunner26

Arunner26

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 08:54 PM

If our shared IP on our CPANEL is not 150 and our site is not running does that mean the new DNS entry has not propagated yet?
  • 0

#12 PGR

PGR

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 19 February 2013 - 08:57 PM

Hmm, my IP was mvoed but the site is still inaccessible. Is this normal, i.e. should I just wait a little bit longer?
  • 0

#13 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 08:59 PM

Hmm, my IP was mvoed but the site is still inaccessible. Is this normal, i.e. should I just wait a little bit longer?

Your site loads fine for me - any time an IP change takes place it can take 1 or 2 hours for your local cache to drop. The reason I am able to load your site (and anybody else who hasn't been to it before the IP change today) is because I don't have a prior cache and, as such, pulled the new record immediately.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#14 Arunner26

Arunner26

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 09:06 PM

Are you able to access mine too: <redacted for privacy>
  • 0

#15 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 19 February 2013 - 09:10 PM

Are you able to access mine too: <redacted for privacy>

Yes, a good way to test is http://www.host-tracker.com/
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#16 Arunner26

Arunner26

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 09:14 PM

Thanks for the tip on the site. Nice!!
  • 0

#17 chrised

chrised

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 20 February 2013 - 05:33 AM

Is Jasmine being DDOSed again? I can only connect intermittently and the uptime reports show it as responding in some places but not others.
  • 0

#18 Jas

Jas

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 20 February 2013 - 05:40 AM

Our site is also down again. It did come back for a short period of time few hours ago.
  • 0

#19 Darren

Darren

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 20 February 2013 - 07:18 AM

The Fresco server is also down or so it seems. My site is online, but I cannot access the control panel or retrieve mail. I can also not log into my FTP account - it keeps telling me 'wrong password'
  • 0

#20 Scott

Scott

    MDDHosting Staff

  • Staff Administrator
  • PipPipPipPip
  • 421 posts
  • Gender:Male

Posted 20 February 2013 - 08:14 AM

Update: A correction to my earlier comments. Fresco was not targetted by a DDoS attack but was participating in one. This flooded our networking gear for a short time and caused issues on other servers until we blocked the traffic. We are still identifying the specific account responsible for this.

Is Jasmine being DDOSed again? I can only connect intermittently and the uptime reports show it as responding in some places but not others.


There was a new attack targetting coming from our fresco server which was large enough to flood our networking equipment. There was also an issue with /tmp in jasmine that caused some issues.

Our site is also down again. It did come back for a short period of time few hours ago.


Please open a support ticket if you haven't already.

The Fresco server is also down or so it seems. My site is online, but I cannot access the control panel or retrieve mail. I can also not log into my FTP account - it keeps telling me 'wrong password'


Fresco was targetted participating in a new DDoS attack. We've null routed the affected IP. Please open a support ticket regarding your FTP account.

Edited by Scott S, 20 February 2013 - 08:22 AM.
Correction. Fresco not targetted by DDoS, but participating in one.

  • 0
Scott S - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users