Win31 shared IP being attack with massive WordPress brute force/DDOS attack

Stephen

Stephen

US Operations
Staff member
The Win31 shared IP is being attacked by this DDOS that was impacting earlier, and we modified DNS and hoped to stop the attack without null route, but it is very overwhelming amounts of data (many gigabit) and causing major packetloss. We are having to keep the null route in place to prevent the rest of the network down. I am going to be adding a couple dozen dedicated IP addresses and we'll move those that need to be up asap. We will need to move you back to shared IP at a later time but we understand not wanting to be down without question.
 
The win31 shared IP null route is back in place and the rest of the network is working properly now.
 
This is a repost from earlier with link to how to prevent YOUR wordpress site from attacking others, we'll be adding this to anyone's config that we have reports of being involved in DDOS, or see on our logs as being a part as well:
We've found it being a massive wordpress pingback attack, and interestingly even a few of those pingbacks from within our network and being checked to stop this.

We will be disabling the XML-RPC on domains that are attacking from within our control, as they are but a minor fraction of all of them but we must do what we can to stop ours from participating in such against others as well.

If you have a WordPress site you may want to take action as well:
http://www.blogaid.net/disable-xml-rpc-in-wordpress-to-prevent-ddos-attack

_______________

Win31 has numerous IPs added and we are switching to dedicated IP for anyone that needs now, without the demand for justification for temporary basis. We will do this on ticket request, and note when this happens you may not see the site live immediately on the new IP as you will likely have DNS cache to the old, but new visitors, search engines will see it on the new IP and be able to view the site. You will be able to after clearing DNS cache, or changing DNS servers to move off your ISP dns cache.
 
The DDOS attack is still incoming at this point, we are working to formulate any potential options but still having IPs available and moving anyone that needs.
 
Im joining conference call to get this unblocked now, but have ready to block again if the DDOS continues.
 
Sorry there was a delay due to phone issues in the datacenter (lots of Radio frequency around here) making the call and changes not occur till about 10 minutes ago. As of now the null route is lifted, AND the network is stable.
 
You must log in or register to reply here.
Back
Top