DDOS on win39 Shared IP

[Pratik]

There was DDOS on 173.0.141.20 which is the shared IP for win39 we have for now null routed for time being.

We are working with parallels to shift to a new shared IP for the sites, however DNS changes will need to happen and we are working to find the target site to ensure it is not switched and just move the bad traffic along with the IP change.

 

[akshay]

Still waiting for Parallels reply.

 

[Stephen]

We are still working with Parallels to get a solution to move the IP, we also are watching progress on the null route, and last update was a lot of attacks still incoming. So we have to be very careful about any move of all as DNS may follow it. We have tracked down 4 possible sites that are being attacked, but cannot be sure as we weren't even getting all the traffic of normal, much less the full force of the attack if logs on our side are accurate to determine the domain that was target on the shared IP.

We are at this time gathering up some dedicated IPs for people to switch over to dedicated for a temporary basis while we work on the shared IP. We won't be able to get all online in this manner, but can help to get some. We can also make a temporary workaround with a manual DNS change and IP change for those needing up quickly, but any change on it within Hsphere will reset the changes we make and cause the site to be down.

 

[Stephen]

We've done workaround on DNS for quite a few at this point. The original IP is still null routed, we are monitoring it closely to see if it can be lifted.

 

[Stephen]

There is still a large amount of traffic hitting the shared IP and it cannot be routed at this time.

 

[Stephen]

Finally we've got the null route lifted!

With this if we changed your DNS to bring you up, you can leave it all be and it will work 100% or you can edit settings in the control panel. If the site does go down on editing control panel settings go into your DNS Editor on Custom DNS records and as long as you have not made your own custom DNS, you can 'reset to Default' on the DNS and it will move your IP back to the Control Panel listed IP address.