cpanel33 downtime (sort of)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    cpanel33 downtime (sort of)

    cpanel33 is currently being DoS'ed and we're working to correct this as soon as possible. It should be resolved within the next couple of hours max. Currently only port 80 (Apache/HTTP) is affected by this unless your IP has been temporarily blocked (and right now it is very temporary so that we can gave proper access).
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    For the time being we've had to block 210.* and 211.*, both of which appear to be foreign IP address blocks which are the source of thousands of attacking IPs at this point. If you are legitimately in this block, I apologize, obviously we will lift this block as soon as possible.

    Our software is now continuing to sort through the remaining attackers and block them accordingly but it can take a while to pick them up.

    If you do have an IP that is not in 210.* or 211.* and is unable to access the server (not just HTTP), please submit a trouble ticket with the IP and we can remove it from the block list. A few legitimate IPs are bound to get blocked at one point or another.

    In the future, this should never be an issue. Unfortunately we had plans to setup our FloodGuard hardware (albeit into learn mode) this week. After several days of "learning" traffic patterns we put it into normal operation which can prevent most of this from ever occuring but right now this is not of much help.

    Comment

    • AndrewT
      Administrator
      • Mar 2004
      • 3653

      #3
      At this point we've now got this under control and HTTP is accessible. However, there will likely be spikes throughout the next hours and even possibly days as new sources start up until they are automatically blocked by our software. So far there are roughly 85 IP addresses blocked on top of the 210.* and 211.* blocks.

      I will continue to update this thread as the situation changes.

      Comment

      • AndrewT
        Administrator
        • Mar 2004
        • 3653

        #4
        As I had figured, the attack has started up once again. The 210.* and 211.* blocks were removed several hours ago but we may have to add them once again to resolve this for everyone else. I'm going to give our software a bit though to see if it can catch them all and take care of it.

        Comment

        • AndrewT
          Administrator
          • Mar 2004
          • 3653

          #5
          I did just have to block 210.* and 211.* which removed over 2,000 sources. The software is still working on clearing up the rest.

          Comment

          Working...