[Solved] Tommy down

[dl5ark1]

Tommy is down since more than 2 hours: http://heliohost.grd.net.pl/monitor/

What´s wrong?

 

[wolstech]

The ddos that was hitting Johnny for the past 3 weeks is now hitting tommy instead since Johnny was taken down for maintenance.

[smartmc]

The ddos that was hitting Johnny for the past 3 weeks is now hitting tommy instead since Johnny was taken down for maintenance.

Wow. That must suck. Surely you guys have some form of mitigation?

[wolstech]

I think there's some stuff Krydos can try, but we're gonna see if it subsides first most likely. We're not even sure it's the same attacker, but it's reasonable to believe so considering the attack started within 24 hours of Johnny being pulled for maintenance.

 

Good news is that Tommy is beefy enough that he doesn't just collapse from the load caused by Apache and the firewall trying to block it. Apache is overwhelmed by the botnet, but everything else on him should be working just fine. cPanel, FTP, and email are up. Just the actual web server that isn't. Johnny on the other hand couldn't handle the load and basically folded under pressure.

[smartmc]

I think there's some stuff Krydos can try, but we're gonna see if it subsides first most likely. We're not even sure it's the same attacker, but it's reasonable to believe so considering the attack started within 24 hours of Johnny being pulled for maintenance.

 

Good news is that Tommy is beefy enough that he doesn't just collapse from the load caused by Apache and the firewall trying to block it. Apache is overwhelmed by the botnet, but everything else on him should be working just fine. cPanel, FTP, and email are up. Just the actual web server that isn't. Johnny on the other hand couldn't handle the load and basically folded under pressure.

Well, I wish you luck guys! I assume you can't use cloudflare because of the way domains are managed, but it would be good idea if possible

[wolstech]

Tommy has returned to normal.

 

The complete outage of Tommy's public-facing services was actually caused by a (much more drastic) mitigation used on Tommy, not the attack itself. Unlike Johnny, where we just allow the attack to subside (well...hope it subsides), Tommy shares the Eddie hardware with Cody, which is responsible for our website and forums, admin tools, and also provides a name server. To avoid the load from the attack bogging Cody down, we had our provider intentionally null route Tommy so the attack couldn't reach the server. The downside is all legitimate traffic also goes off into the void when this is done.

[unicorn1]

I don't think it has returned to normal. I still see the error message:

404 Not Found Please forward this error screen to www.unicorn1.heliohost.org's WebMaster.

The server can not find the requested page:

• www.unicorn1.heliohost.org/vocab/ox_dictionary_api.php?word=drag (port 80)

[wolstech]

@alein: I think the IP changes last night broke something. Your domain isn't even resolving, let alone working. I made you a topic here: https://www.helionet.org/index/topic/33852-cpanel-not-working-domain-not-resolving/