Win29 shared IP large DDOS, still happening as of Jan 24th 11:28am

Discussion in 'Network Outages and Updates' started by Stephen, Jan 18, 2017.

  1. Stephen

    Stephen US Operations Staff Member

    We're checking as there is a lot of packetloss coming right now.
  2. Stephen

    Stephen US Operations Staff Member

    We're seeing a large attack coming in on one IP, and checking this now.
  3. Stephen

    Stephen US Operations Staff Member

    The Win29 cluster1 shared IP is being hit, we're working on blocking it, it's taking a bit longer than expected, working to get done ASAP.
  4. Stephen

    Stephen US Operations Staff Member

    Win29 is the only thing impacted right now, we got it blocked from the rest.
  5. Stephen

    Stephen US Operations Staff Member

    Win29 is back up now for sites NOT on the shared IP address, we're still working to block the main attack.
  6. Stephen

    Stephen US Operations Staff Member

    ok nevermind on that, going to have to take it back down because it's killing the network again.
  7. Stephen

    Stephen US Operations Staff Member

    attacks are even worse now, I'm headed to the datacenter to unplug the node with win29 and work on getting it going because null routes are working to block it properly.
  8. Stephen

    Stephen US Operations Staff Member

    We're having the win29 IP blocked at upstream networks now due to the huge nature of them and it causing others to lose so many packets.
  9. Stephen

    Stephen US Operations Staff Member

    And down again, even with the win29 serve entirely down. We're still working on making sure the upstream networks have null routes in place.
  10. Stephen

    Stephen US Operations Staff Member

    I'm very sorry this is taking so long, I've made multiple phone calls and they are not understanding the words 'URGENT' and taking forever to put blocks in place.
  11. Stephen

    Stephen US Operations Staff Member

    ok, now again all is up but Win29, we are still awaiting confirmation that this is due to a null route in place, and then we will post further updates. I don't want any more false hope. :(
  12. Stephen

    Stephen US Operations Staff Member

    We're continuing to monitor the situation, at this time Win29 based sites will not be live, we are going to attempt to bring up the dedicated IP sites ASAP but taking in small steps here so that it does not return with more attacks.
  13. Stephen

    Stephen US Operations Staff Member

    We had the null route removed as it had not been hit since 9am, but now it is back after the null route, we're having it blocked back again.
  14. Stephen

    Stephen US Operations Staff Member

    We have lifted the null route and will be enabling the shared IP very soon.
  15. Stephen

    Stephen US Operations Staff Member

    The null route was put back in place and in fact extended all the way to further upstream peers because it is very huge in amount of data being pumped in, even after being down for over 72 hours. We will be moving accounts to other servers and dedicated IP addresses to work around this. As this was not an HTTP based attack, we're really not sure its target domain, so we are on guard for any return of attacks.
  16. Stephen

    Stephen US Operations Staff Member

    We've been actively making solutions for clients on Win29 shared IP to move their sites over to either dedicated IPs, or a single dediated IP that we manually move their DNS over to for their domains so that this doesn't keep their site down any longer.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services