[Solved] Tommy cPanel+webserver is down

[eggcite]

Hey guys,

 

I'm not sure if this problem is due to the DDoS that hit us today https://www.helionet.org/index/topic/33825-tommy-down/, but right now cPanel on Tommy is not online (see attached) and my website is down.

 

Could you look into this?

 

Thanks!

 

 

 

[wolstech]

We're aware. The attack is still ongoing. The old shared IP is intentionally down while we work to mitigate it.

 

See https://www.helionet.org/index/topic/33842-2018-08-07/ for more information...

[spandso]

We're aware. The attack is still ongoing. The old shared IP is intentionally down while we work to mitigate it.

 

See https://www.helionet.org/index/topic/33842-2018-08-07/ for more information...

 

I get the same error as calebt when I tried to access cPanel. Also when I try to access the website (http://spiritandsoap.com) I get a 403 Forbidden error. Is that due to the DDoS attack?

[alein]

wait guys root  admin  do best  to back all site  up 

[wolstech]

Can you create a separate topic for the forbidden error? You two the only ones I can find experiencing it. I picked 10 random websites on Tommy and they all loaded properly.

 

The server does have a few configuration issues though, for example the main tommy.heliohost.org is still pointed to my dedicated IP right now...(this was how we kept cPanel working during the outage).

[spandso]

Can you create a separate topic for the forbidden error? You two the only ones I can find experiencing it. I picked 10 random websites on Tommy and they all loaded properly.

 

The server does have a few configuration issues though, for example the main tommy.heliohost.org is still pointed to my dedicated IP right now...(this was how we kept cPanel working during the outage).

Yes of course. Thank you for all the efforts wolstech and the rest of the team!

[wolstech]

I figured out the 403 errors, now we need Krydos to fix them.

 

The issue is related to /home1 being unavailable on Tommy. For the unfamiliar, /home1 is an additional home partition that's stored on our NAS, it was added to increase disk capacity a while back. I picked several additional sites beyond the 10 I tried earlier...all users with a /home1/<username> home folder are affected.

[DmC]

WTF though.

 

Who could possibly consume resources to DDoS a free hosting.

 

What the actual f**K.

[wolstech]

The Johnny attack we believe was done as retaliation for ruining a phisher's opportunity to mass-phish on a brand new TLD. It started right after a week or two that involved banning 150+ very similar paypal phishing sites that kept being registered on the new .ooo TLD. We were getting 10+ new ones per day and I was banning them within hours of them being set up.

 

We have no motive for Tommy at the moment, though it could be retaliation for the very quick cleanup of AnonymousFox. We thought initially that it was the same attacker as Johnny, just moving targets after Johnny went out for maintenance, but the actual type of attack is different, so that's unlikely. In addition, the Tommy attack subsided, whereas Johnny's was nearly continuous for 3 weeks and ended with the server being put out for maintenance...

 

My last post on the first page of this topic is a good read: https://www.helionet.org/index/topic/33824-tommy-server-down/ (note that this was written during the attack, the Tommy attack has since subsided)

[thakurs]

i'm having the same issue as others. please fix it as soon as possible 

[eggcite]

Keep up the good fight guys; we all appreciate your proactiveness with the AnonymousFox incident. Let us know when cPanel is back up on Tommy!