‘Supertuxy’ server affected by DDoS
30/09/09 Wednesday
10:10 The ‘supertuxy’ server is currently receiving a relatively large inbound DDOS (Distributed Denial of Service) attack which can affect network speed and latency, which means some sites may load slower than normal or time out.
The attackers have hijacked insecure computer systems and are using these systems to attack our network. We have blacklisted all the offending IP addresses and we will continue to monitor the network to ensure that we are blocking them all.
14:20 The attack is on-going but all the offending IPs are being blocked by our network firewall. There is still the occassional spike in traffic between new offending IPs appearing and us blocking them, but the server has been operating within normal loads since our post this morning and customers shouldn’t notice any interruptions to service.
19:30 This attack is still on-going. We are in the process of blocking more offending IP addresses. Network speed and latency may currently be affected.
20:50 The attack this evening over the past 80 minutes was much larger than this morning. We apologise for any inconvenience this is causing. We have now blocked all the offending traffic from our network, and these will also be blocked by our data carriers. We are continuing to monitor the network traffic and block any offending IP addresses as soon as they are identified. At present the server is operating at normal speed.
01/10/09 Thursday
11:50 The attack has been continuing over night, using several different DDOS methods, and targetting our mail and web services. The vast majority of these attacks are being blocked by our hardware firewall. A small amount is still getting through to the server and we are analysing log files to figure out why this is. All data traffic is being monitored and we are blocking any offensive IP addresses.
Since our last update, the server load has been within normal levels and we don’t believe the attack is currently affecting any customers. If you are experiencing problems, please contact our support helpdesk.
21:00 These attacks are continuing, but 96/97% are being blocked by the DDoS defense box on the network before they get anywhere near the server.
As a temporary measure, and on the ‘supertuxy’ server only, we have enabled HTTP connection throttling. This means that users who are visiting a website excessively will have their connection blocked for 5 minutes at a time. This shouldn’t affect any normal users unless they are running 50+ copies of the same website simultaneously, but it is helping identify and block out some HTTP flooding. We hope to be able to remove this shortly.
02/10/09 Friday
12:00 These attacks are continuing but we are blocking 99.9% of them at the network level. The server has been running smoothly largely un-affected by the attacks since Wednesday evening. The server load remained within normal levels throughout Thursday and this morning.
Tags: Denial of Service