Jump to content
MDDHosting Forums

Jasmine Server - DDoS on

Recommended Posts

Update 8:52 PM ET

All accounts have been shifted to alternate IP addresses.



We saw a rather large DDoS attack hit the IP on our Jasmine server just now. Our networking team acted quickly to drop this IP to keep everybody else online.


We're going to work to shift everybody on this IP to a small subset of new IPs to bring people back online as well as to hopefully narrow down who is actually under attack.


It's unfortunate that the internet is such a hostile place these days.

Link to comment
Share on other sites

Can you give an approximate estimation of when will we be back online?

The only estimate I can give you is 'as quickly as possible' and, while I understand this is not helpful, it's the best I can provide.


We're changing the IP of every affected account at this time to bring them back online and it takes several seconds (15~20 seconds) per account just for it to process once somebody has manually selected the account and the new IP. If you're using external DNS, you'll need to check your cPanel to watch for the IP to change from .150 to something new.


Bear in mind that this isn't something that is a result of anything we've done and that we aren't under attack but simply one of our clients is. This attack, unfortunately, is just a port flood with a lot of garbage data and, as such, doesn't in and of itself identify any target beyond simply the IP address. We're working to bring everybody back online as quickly as possible as well as working to identify the target of the attack so that they can be isolated.

Link to comment
Share on other sites

Ok, thanks, I'll keep an eye out for IP changes.

Bear in mind this is only necessary if you are not using our nameservers or if you simply wish to know once your account has been moved (if you are using our nameservers).


Will this be a permanent IP change, or just temporary while you track down the problem?

It's usually permanent, however, if you are moved to the IP that the attack shifts to, your IP will change again (as we bisect the accounts on that IP to 2 or more new IPs to identify the target).


In short it's likely to be permanent but could be temporary. Nobody will be going back to the original IP, that is for sure.

Link to comment
Share on other sites

Hmm, my IP was mvoed but the site is still inaccessible. Is this normal, i.e. should I just wait a little bit longer?

Your site loads fine for me - any time an IP change takes place it can take 1 or 2 hours for your local cache to drop. The reason I am able to load your site (and anybody else who hasn't been to it before the IP change today) is because I don't have a prior cache and, as such, pulled the new record immediately.
Link to comment
Share on other sites

Update: A correction to my earlier comments. Fresco was not targetted by a DDoS attack but was participating in one. This flooded our networking gear for a short time and caused issues on other servers until we blocked the traffic. We are still identifying the specific account responsible for this.


Is Jasmine being DDOSed again? I can only connect intermittently and the uptime reports show it as responding in some places but not others.


There was a new attack targetting coming from our fresco server which was large enough to flood our networking equipment. There was also an issue with /tmp in jasmine that caused some issues.


Our site is also down again. It did come back for a short period of time few hours ago.


Please open a support ticket if you haven't already.


The Fresco server is also down or so it seems. My site is online, but I cannot access the control panel or retrieve mail. I can also not log into my FTP account - it keeps telling me 'wrong password'


Fresco was targetted participating in a new DDoS attack. We've null routed the affected IP. Please open a support ticket regarding your FTP account.

Edited by Scott S
Correction. Fresco not targetted by DDoS, but participating in one.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...