CL2-WIN6 - DDOS - limited impact - php slow

Stephen

Stephen

US Operations
Staff member
There is a DDOs coming on Win6, it is not the typical high traffic or high packets type, but many many requests, we are working to block the bad requests.

If by any chance we should block a legitimate request we will unblock it with a ticket within 24 hours.
 
Re: CL2-WIN6 - DDOS - working to block

There are 100,000+ connections from quite a few IPs right now, we blocked the initial major ones but others coming to replace now.
 
Re: CL2-WIN6 - DDOS - working to block

We are stopping IIS for about 10 minutes while working to block additional IPs.
 
Re: CL2-WIN6 - DDOS - working to block

Target site found, going to work to minimizing damages and getting others up all possible now.
 
Re: CL2-WIN6 - DDOS - working to block

These attacks are getting really old :(

We are working to block IPs as fast as they come in, but still win6 is slow as we process all this.
 
Re: CL2-WIN6 - DDOS - working to block

not perfect yet, but much better now for sites other than the one being attacked. I have done some little tricks on the site being attacked.
 
Re: CL2-WIN6 - DDOS - working to block

Total Hits 3,082,438.....in 17 minutes and 32 seconds....this is after a lot of blocking done.

However MOST sites are responding better than anytime in the last 5 hours right now.
 
Re: CL2-WIN6 - DDOS - working to block

Attacks are still coming in, but we have it to a point it is limited now, only the website that is being attacked is down at this point.
 
Re: CL2-WIN6 - DDOS - working to block

With daytime coming we are seeing a bit of increase in the attacks again, and working to block more.
 
Re: CL2-WIN6 - DDOS - working to block

Win6 is running with a lot of network filtering right now which has a bit of impact, if I were basing on 100% scale I'd say it is around 85% 'healthy' now, however sometimes even with mitigation we have done the attacks do increase and hurt it some. We will continue to keep an eye on it today and block more as they come.
 
Re: CL2-WIN6 - DDOS - working to block

I have tweaked the filtering a bit to block some larger blocks, it means in a few regions of the US some major cable companies clients (about 1000 total) won't be able to visit.

We hope to be able to lift this ban within the week, but if required it will stay. The main cause of this is trojan infected computer networks that are used by 3rd parties to launch such attacks.
 
Re: CL2-WIN6 - DDOS - working to block

Still seeing some attacks coming in, so filtering is still in place, we are offering moves to the largest network users(3 users 4 domains) which will help with the filters, and we are offering moves to others that inquire as well.
 
Re: CL2-WIN6 - DDOS - working to block

We only got a reply from one of the users yesterday and that site was promptly moved, and some other clients that requested were moved. Attack is still coming in a bit(but is down some from yesterday) and filters still up at this time.
 
You must log in or register to reply here.
Back
Top