Farking Chinese script kiddies!
Massive DDoS Attack – Resolved/Monitoring
Posted In: Other Issues — Oct 07th, 2010 at 3:59 am EST by trevor
Incident Description:
Customers are experiencing intermittent slowness, poor connectivity, unresolved name servers, and FTP denial. This is caused by a DDoS attack. (Denial of Service) Our system administration department is blocking the offending IP addresses now. This attack is very large. After several attempts to isolate the source we had to temporarily block a large IP range from China, which is the source of the attack. This is a temporary block.
Which Customers are Impacted?
Customers with accounts located on Control panels 8, 9, and 10.
How are Customers Impacted?
Domain name not resolving, Site Slowness, Poor FTP connectivity.
How often will we be updated?
Hourly
Time to Resolution (ETA)
unknown
Incident Updates
* We are blocking offending IP addresses now.
* 6am Update: After several attempts to isolate the source we had to temporarily block a large IP range from China, which is the source of the attack.
*7am Update: We are still working to resolve the DDoS attack on our servers. This attack has resulted in several IP ranges being blocked.
* 8:30am Update: Unfortunately, we have no new information to share at this time. A large amount of incoming IP addresses from one of our providers had to be blocked.
* 10:04am Update At this time this is not an average DDoS attack, this is a large scale and professional attack from a large network with very high resources. We are having to block almost all of Asia IP addresses, as this targeted attack is very sophisticated and is rerouting as we block individual IPs. This is a seriously difficult attack, and all network and system engineers are working to restore the issue. Currently the attack is targeting our DNS servers, and even adjusting as we move IPs and reroute them. This is why some site are becoming available by IP but not DNS. Also some customers will have DNS Caching that will have to clear or expire before sites are visible. We apologize for the problems and promise we are doing all we can. Lisa Grice - Director of Customer Service
* 11:06am Update: Just a clarification point, this is mostly affecting cps: 8,9,&10 (which for those of you that are curious is why ixwebhosting.com is still up--we are in the same datacenter, but not the same CPs). Also, we are making some progress, so some sites are coming back. Please also check your site by IP, if IP works, then DNS caching will just have to clear for you to see your sites.
* 12:02pm Update: Ok, we have a fix in (phew!). We are hopeful and monitoring at this point. Its not the type of situation like a hardware or software problem that we can say 'fixed' and its done, we have to watch a while and make sure there are no other cracks or holes that the attackers can get through. Please try your sites by IP and DNS and our support folks are standing by if you still need help. (our network engineers have collapsed and may be face down on their desks, though). Lisa Grice - Director of Customer Service
* 1:30pm Update: We have made some networking changes for our Name Servers. We have also taken steps to improve the network connection to those servers. We are still experiencing some problems and are continuing to work on it and monitor services.
* 2:44pm Update: As of around 2:00 PM EST the DoS attack has ended. There are still some customers located in China that will be unable to view their sites at this time.
