Date: 11/22/11
Time: 2:26 AM CST - 3:26 AM CST
Impact: This affected ns1, cpanel75, cpanel76, cpanel77, cpanel78, and our forums. This did not affect our website, portal, billing system, or ns2.
At 2:26 AM CST this morning our network was the target of a very large distributed denial of service attack. This lasted exactly one hour, ending at 3:26 AM CST. Our data center engineers have reported that this was a 1.9Gbit/sec attack with more than 3 million packets per second. This easily saturated the uplink to our cabinet resulting in downtime for the full duration of the attack. The attack did not last long enough for us to perform any kind of deep inspection of the traffic but it did appear to be UDP traffic and was targeting cpanel78's shared hosting IP address. Both of these aspects prevent us from being able to identify any possible target domain that might be hosted on the server.
Unfortunately with an attack of this size there's not much that can be done to defend against it. Typically it results in the target IP address having to be temporarily null routed at the data center core or even at upstream network providers, thereby at least reducing the impact to a single IP / server. The attack did not last long enough for such actions to be taken. We will continue to monitor for any further attacks and apologize for any inconvenience this caused.
Time: 2:26 AM CST - 3:26 AM CST
Impact: This affected ns1, cpanel75, cpanel76, cpanel77, cpanel78, and our forums. This did not affect our website, portal, billing system, or ns2.
At 2:26 AM CST this morning our network was the target of a very large distributed denial of service attack. This lasted exactly one hour, ending at 3:26 AM CST. Our data center engineers have reported that this was a 1.9Gbit/sec attack with more than 3 million packets per second. This easily saturated the uplink to our cabinet resulting in downtime for the full duration of the attack. The attack did not last long enough for us to perform any kind of deep inspection of the traffic but it did appear to be UDP traffic and was targeting cpanel78's shared hosting IP address. Both of these aspects prevent us from being able to identify any possible target domain that might be hosted on the server.
Unfortunately with an attack of this size there's not much that can be done to defend against it. Typically it results in the target IP address having to be temporarily null routed at the data center core or even at upstream network providers, thereby at least reducing the impact to a single IP / server. The attack did not last long enough for such actions to be taken. We will continue to monitor for any further attacks and apologize for any inconvenience this caused.