ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
OPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZAB
CDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOP
QRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCD
EFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQR
STUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEF
GHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRST
UVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH
IJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUV
WXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJ
KLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWX
YZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKL
MNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
OPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZAB
CDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOC

DC1

DCO2

RBX

 

Current status

Webhosting Possible issue with WEB02 ( DIRECTADMIN HTTP POP )
Nameserver ALL OK
VPN ALL OK
Racks ALL OK
Datacenter DCO statuspage ALL OK
 
We have detected a possible issue, we are on it and received a notification about this, once we know more we wil update the status here.
 
 

Ticket history (45 days)

› 28 July 2021

 

› 27 July 2021 • 08:58:19

Issue

Seems like an attack,

Followup

• 2021-07-27 09:00:57 : Filtering active and learning
• 2021-07-27 09:04:35 : Filtering doing its work
• 2021-07-27 09:16:21 : Attack changed, filtering back learning how to mitigate
• 2021-07-27 09:22:12 : COLT working on it
• 2021-07-27 10:43:04 : Still mitigating the attack over 200Gbit, some services like ICMP are not working during attacks
• 2021-07-27 11:43:23 : Attack still holding on, constantly changing from tactics
• 2021-07-27 12:25:30 : Attack over 300Gbit, COLT adding extra people to solve this, also parts of there network have issues with these attacks
• 2021-07-27 12:46:46 : DCSTAR: Update - attack grown to 300g and climbing, colt is bussy mittigating it
• 2021-07-27 13:48:10 : Confirmed, this is blackmail, someone is asking money to stop these attacks. Informing the CERT; Colt dropped one of the IP ranges from there DDoS mitigation (IP Guardian), working hard to get it back and with right mitigation solution.
• 2021-07-27 14:21:27 : DCSTAR: Update - identified the target of the ddos and the cause (randsom attack), working hard with colt and the authority's to stop this attack
• 2021-07-27 15:31:59 : Impacted IP range 185.18.148.0/23, still working on getting everything online (mitigated)
• 2021-07-27 16:06:18 : Colt will give feedback in 30 minutes, CERT also working on this and investigating all the evidence (like bitcoin wallet from attacker). We will keep working on it with DCSTAR, COLT and CERT to push COLT to honor their IP GUARDIAN DDoS Mitigation (expensive) contract.
• 2021-07-27 16:22:29 : DCSTAR: Update - still no solution by colt, are polling them for updates
• 2021-07-27 16:39:32 : COLT removed the filtering , is now working to get correct filters in place before enabling this so next attacks will no go trough before fully enabling the IP access to these ranges. This all is unwanted and not what we paid for, this will be followed up, but now getting this back online, waiting on COLT. We can not enable other routes as the attack is still going on, otherwise all other customers and IP ranges will be down.
• 2021-07-27 17:38:09 : DCSTAR: Update - All possible routes are rerouted to clean networks. FUSA: 2 ranges still working on, COLT
• 2021-07-27 18:50:50 : Only one range still impacted 185.18.148.0/23
• 2021-07-27 19:03:59 : Recap: An attack started yesterday to us, auto mitigation failed due to COLT link (2) failure, solved and mitigation activated. Today mitigation started, was working but attacked kept changing tactics. Contacted colt to solve this, at this time the attack was over 300Gbps. COLT network ops started to mitigate this but the attack kept growing in size, this had impact on the COLT network on different pops. COLT auto network protection outside IP Guardian dropped our ranges now they are making and testing the new rules before enabling the last biggest targeted IP range. They are working on it, ATM there is no workaround to get traffic back in a timely manner to this IP range before COLT is done. We know this costs us all a lot of money, but we don't want to pay a criminal because they will just come back or other will do this. All information is shared with the Belgium CERT and they will investigate. After everything is over we will need to talk with COLT to find a solution that this never happens again, we pay a lot for it. There IP Guardian product is very expensive and was working great, but failed miserably now. All network traffic this month will be discared and I suggest everyone using IPv6
• 2021-07-27 20:59:56 : VPN back online so you can contact this IP range if you have a VPN (see CP)
• 2021-07-27 21:09:42 : Adding VPN and IPv6 to every customer that did not request this, will take around 1 hour.
• 2021-07-27 22:16:13 : All IPv6 and VPN's added, COLT will be ready within 2hours
• 2021-07-28 01:07:21 : Still nothing from COLT

 

› 26 July 2021 • 13:23:33

Issue

DCSTAR: All routes available now. Upstream providers are back onlline. Mittigation started but other upstream provider failed before we could move the routes. Scripts are to be changed to handle upstream failure during mittigation.

Followup

Closed

 

› 25 July 2021

 

› 24 July 2021

 

› 23 July 2021

 

› 22 July 2021

 

› 21 July 2021

 

› 20 July 2021

 

› 19 July 2021

 

› 18 July 2021

 

› 17 July 2021

 

› 16 July 2021

 

› 15 July 2021

 

› 14 July 2021

 

› 13 July 2021

 

› 12 July 2021

 

› 11 July 2021

 

› 10 July 2021

 

› 09 July 2021

 

› 08 July 2021

 

› 07 July 2021

 

› 06 July 2021

 

› 05 July 2021

 

› 04 July 2021

 

› 03 July 2021

 

› 02 July 2021

 

› 01 July 2021

 

› 30 June 2021

 

› 29 June 2021

 

› 28 June 2021

 

› 27 June 2021

 

› 26 June 2021

 

› 25 June 2021

 

› 24 June 2021

 

› 23 June 2021

 

› 22 June 2021

 

› 21 June 2021

 

› 20 June 2021

 

› 19 June 2021

 

› 18 June 2021

 

› 17 June 2021

 

› 16 June 2021

 

› 15 June 2021

 

› 14 June 2021

 

› 13 June 2021

 

› 12 June 2021

 
 
LOGIN

 
Follow @fusanoc