Jump to content

[Solved] Tommy down

dl5ark1

By dl5ark1
in Customer Service

 Share

Recommended Posts

smartmc Newbie

smartmc

Posted
Posted

The ddos that was hitting Johnny for the past 3 weeks is now hitting tommy instead since Johnny was taken down for maintenance.

Wow. That must suck. Surely you guys have some form of mitigation?
Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

I think there's some stuff Krydos can try, but we're gonna see if it subsides first most likely. We're not even sure it's the same attacker, but it's reasonable to believe so considering the attack started within 24 hours of Johnny being pulled for maintenance.

 

Good news is that Tommy is beefy enough that he doesn't just collapse from the load caused by Apache and the firewall trying to block it. Apache is overwhelmed by the botnet, but everything else on him should be working just fine. cPanel, FTP, and email are up. Just the actual web server that isn't. Johnny on the other hand couldn't handle the load and basically folded under pressure.

Link to comment
Share on other sites
smartmc Newbie

smartmc

Posted
Posted

I think there's some stuff Krydos can try, but we're gonna see if it subsides first most likely. We're not even sure it's the same attacker, but it's reasonable to believe so considering the attack started within 24 hours of Johnny being pulled for maintenance.

 

Good news is that Tommy is beefy enough that he doesn't just collapse from the load caused by Apache and the firewall trying to block it. Apache is overwhelmed by the botnet, but everything else on him should be working just fine. cPanel, FTP, and email are up. Just the actual web server that isn't. Johnny on the other hand couldn't handle the load and basically folded under pressure.

Well, I wish you luck guys! I assume you can't use cloudflare because of the way domains are managed, but it would be good idea if possible
Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

Tommy has returned to normal.

 

The complete outage of Tommy's public-facing services was actually caused by a (much more drastic) mitigation used on Tommy, not the attack itself. Unlike Johnny, where we just allow the attack to subside (well...hope it subsides), Tommy shares the Eddie hardware with Cody, which is responsible for our website and forums, admin tools, and also provides a name server. To avoid the load from the attack bogging Cody down, we had our provider intentionally null route Tommy so the attack couldn't reach the server. The downside is all legitimate traffic also goes off into the void when this is done.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...