Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > SecureDragon down
SecureDragon down
Posted by OakHosting_James, 12-13-2012, 07:57 AM |
It seems that securedragon.net is down - both their WHMCS client area (my.securedragon.net), their Solus VM control panel, and the VPS on their network.
Went down at 9.34am this morning GMT (2 hours, 23 minutes ago). |
Posted by ZKuJoe, 12-13-2012, 08:27 AM |
This has been resolved. I had spent a good portion of the night mitigating multiple large DDOS attacks for a client who didn't want to use their DDOS Protected IP for some reason. I thought the coast was clear so I took a 3 hour nap only to wake up to both of our routers offline. After clearing some nullroutes I was able to restore the network. |
Posted by OakHosting_James, 12-13-2012, 08:32 AM |
Thanks Joe
I read this thread and wondered if it had anything to do with it.
I can confirm it's back up for me too.
Hopefully you can go back to bed now! |
Posted by ZKuJoe, 12-13-2012, 08:41 AM |
Quote:
Originally Posted by JamesOakley
Thanks Joe
I read this thread and wondered if it had anything to do with it.
I can confirm it's back up for me too.
Hopefully you can go back to bed now!
|
Thanks for pointing that thread out to me. The client will be dealt with. |
Posted by FragVPS, 12-13-2012, 09:22 AM |
Quote:
Originally Posted by ZKuJoe
Thanks for pointing that thread out to me. The client will be dealt with.
|
I'm the main owner of FragVPS.com. I apologize for my co-worker's moronic choice to use the wrong IP, however, it was very unprofessional of you to simply terminate both of our services, including the one we were using properly, without giving us any chance to back up our data. |
Posted by Serverfruit-Kris, 12-13-2012, 09:32 AM |
Quote:
Originally Posted by FragVPS
I'm the main owner of FragVPS.com. I apologize for my co-worker's moronic choice to use the wrong IP, however, it was very unprofessional of you to simply terminate both of our services, including the one we were using properly, without giving us any chance to back up our data.
|
Always maintain a backup of your things. |
Posted by FragVPS, 12-13-2012, 09:37 AM |
Quote:
Originally Posted by lakridserne
Always maintain a backup of your things.
|
We were only with them for a few days, so we do have a backup, but a fresh backup would have been nicer. |
Posted by ZKuJoe, 12-13-2012, 09:44 AM |
The DDOS attack is still on-going against our network so we're still dealing with the fallout now. There is nothing about this situation I am happy about and running on ~3 hours of sleep isn't helping the situation. |
Posted by FragVPS, 12-13-2012, 09:53 AM |
Quote:
Originally Posted by ZKuJoe
The DDOS attack is still on-going against our network so we're still dealing with the fallout now. There is nothing about this situation I am happy about and running on ~3 hours of sleep isn't helping the situation.
|
We were hosting our website on OVH for a while, and it went down to 70k packets from 800k after about 14 hours of them trying to nullroute/hoover, but OVH's server handled it for that long. I'm surprised someone attacking a new hosting company managed to take down SecureDragon though. |
Posted by ZKuJoe, 12-13-2012, 10:14 AM |
Quote:
Originally Posted by FragVPS
We were hosting our website on OVH for a while, and it went down to 70k packets from 800k after about 14 hours of them trying to nullroute/hoover, but OVH's server handled it for that long. I'm surprised someone attacking a new hosting company managed to take down SecureDragon though.
|
We only have a 1Gbps uplink so it doesn't take much to take our network offline and we can only nullroute so many IPs before something gives. |
Posted by Deroba, 12-14-2012, 01:56 PM |
Funny because I'm now hosting fragvps.com without an issue. |
Posted by BA-Corey, 12-14-2012, 04:03 PM |
Quote:
Originally Posted by Deroba
Funny because I'm now hosting fragvps.com without an issue.
|
Probably because they are using the ddos filtered ips this time? Kujoe's whole network was taken down because this guy didn't use the correct ip. They were terminated because they got nasty with Kujoe. Don't be that guy Deroba. |
Posted by ZKuJoe, 12-14-2012, 06:26 PM |
The attack size was only 1Gbps so it would not have been a big deal for our DDOS filtering, had the client used our DDOS protection. The problem was that the client chose not to use it and instead used our unprotected IPs to host his website. The DDOS attack finally stopped after 36+ hours and now I'm dealing with abuse reports because the client decided to do some probing of private networks from his VPS before the DDOS attacks occurred. |
Posted by FragVPS, 12-14-2012, 08:21 PM |
Quote:
Originally Posted by ZKuJoe
The attack size was only 1Gbps so it would not have been a big deal for our DDOS filtering, had the client used our DDOS protection. The problem was that the client chose not to use it and instead used our unprotected IPs to host his website. The DDOS attack finally stopped after 36+ hours and now I'm dealing with abuse reports because the client decided to do some probing of private networks from his VPS before the DDOS attacks occurred.
|
Probing of private networks?
Also, you provide non-protected hosting. So you're saying it's our fault for not using the DDoS protected IP instantly when you didn't give it to us instantly, and you're also saying your regular VPS costumers should expect to be hit offline in a matter of 2 minutes, and your server has no other protection otherwise if clients do not pay $4 additional for DDoS filtering. |
Posted by ZKuJoe, 12-14-2012, 09:17 PM |
Quote:
Originally Posted by FragVPS
Probing of private networks?
Also, you provide non-protected hosting. So you're saying it's our fault for not using the DDoS protected IP instantly when you didn't give it to us instantly, and you're also saying your regular VPS costumers should expect to be hit offline in a matter of 2 minutes, and your server has no other protection otherwise if clients do not pay $4 additional for DDoS filtering.
|
We received 2 abuse reports against the IP that we had to nullroute (with you being the only user of that IP since we got it from ARIN a few months ago) with logs showing the IP was performing SNMP probing prior to the DDOS attacks on a private network.
Yes, we have 2 networks, one with DDOS protection and one without. You purchased the DDOS protection which is an addon feature and not standard for all orders thus we need to process all addons manually. It is entirely your fault for using the non-protected network fully knowing you would receive a DDOS attack as soon as you went online with your domain. Here is the timeline of events:
12/12/2012 08:07 - Your order was placed and processed.
12/12/2012 09:46 - Your DDOS Protected IP was added and I opened a ticket and generated an e-mail for you.
12/13/2012 01:41 - You opened a ticket asking what IP to use for DDOS Protection.
12/13/2012 02:10 - The first DDOS attack against your unprotected IP began and I begin mitigating the attacks.
12/13/2012 04:34 - Your attacker begins targeting random IPs and our network bringing us offline.
12/13/2012 04:50 - You open a thread complaining about downtime for our network that you caused.
12/13/2012 07:56 - A full refund of all services were processed.
12/13/2012 17:09 - Tickets opened from multiple network providers with logs of your IP as the source of SNMP probes against their networks.
12/14/2012 12:10 - DDOS attack against your IP is still on-going.
12/14/2012 17:30 - DDOS attack against your IP stopped.
I was mitigating the attack for 2 hours prior to it bringing our network online. The attacker was hitting random IPs after I nullrouted your IP and began attacking our network infrastructure so there was absolutely nothing we could do to prevent the outage that you attracted. |
Posted by CNSERVERS, 12-14-2012, 10:00 PM |
The abuse reports are probably due to the reflected snmp attack.
Quote:
Originally Posted by ZKuJoe
We received 2 abuse reports against the IP that we had to nullroute (with you being the only user of that IP since we got it from ARIN a few months ago) with logs showing the IP was performing SNMP probing prior to the DDOS attacks on a private network.
Yes, we have 2 networks, one with DDOS protection and one without. You purchased the DDOS protection which is an addon feature and not standard for all orders thus we need to process all addons manually. It is entirely your fault for using the non-protected network fully knowing you would receive a DDOS attack as soon as you went online with your domain. Here is the timeline of events:
12/12/2012 08:07 - Your order was placed and processed.
12/12/2012 09:46 - Your DDOS Protected IP was added and I opened a ticket and generated an e-mail for you.
12/13/2012 01:41 - You opened a ticket asking what IP to use for DDOS Protection.
12/13/2012 02:10 - The first DDOS attack against your unprotected IP began and I begin mitigating the attacks.
12/13/2012 04:34 - Your attacker begins targeting random IPs and our network bringing us offline.
12/13/2012 04:50 - You open a thread complaining about downtime for our network that you caused.
12/13/2012 07:56 - A full refund of all services were processed.
12/13/2012 17:09 - Tickets opened from multiple network providers with logs of your IP as the source of SNMP probes against their networks.
12/14/2012 12:10 - DDOS attack against your IP is still on-going.
12/14/2012 17:30 - DDOS attack against your IP stopped.
I was mitigating the attack for 2 hours prior to it bringing our network online. The attacker was hitting random IPs after I nullrouted your IP and began attacking our network infrastructure so there was absolutely nothing we could do to prevent the outage that you attracted.
|
|
Posted by spencerocks, 12-14-2012, 11:48 PM |
Quote:
Originally Posted by FragVPS
Probing of private networks?
Also, you provide non-protected hosting. So you're saying it's our fault for not using the DDoS protected IP instantly when you didn't give it to us instantly, and you're also saying your regular VPS costumers should expect to be hit offline in a matter of 2 minutes, and your server has no other protection otherwise if clients do not pay $4 additional for DDoS filtering.
|
Do you know how ridiculous you sound? 99.999999999999999999999999% of all VPS providers will just nullroute your IP, they are not going to try and setup acl for a VPS. |
Posted by wrxdn, 12-15-2012, 05:48 AM |
Should be a network attack, hackers quantity. |
Posted by DeltaAnime, 12-15-2012, 06:40 AM |
Quote:
Originally Posted by spencerocks
Do you know how ridiculous you sound? 99.999999999999999999999999% of all VPS providers will just nullroute your IP, they are not going to try and setup acl for a VPS.
|
You hope they nullroute you.
Most datacenters have no form of 'auto nullroute' system in place and get their ass handed to them during floods.
Francisco |
Add to Favourites Print this Article
Also Read