Blog
Forum
StatusIncident: Network infrastructure (DDoS) [Resolved]
The situation is now stabilized and no further attack was observed since Friday evening. Several mitigation measures and a number of filters have been configured with our suppliers to circumvent such attacks. We are confident that we can lower the level of alert to green and now consider the incident is closed.
We are finalizing our analysis and details about the circumstances of these DDoS attacks will be published in the near future.
We remind you that we are determined to meet all our guarantees and our service level agreements. We invite you to contact our customer service agents that will support your requests ( http://www.iweb.com/contacts/ ).
We sincerely apologize for any inconvenience this may have caused. Thank you greatly for your patience and understanding in this matter.
The iWeb Team
Comments
Promotion
Highest Rated
- Securing Wordpress against hackers
- An overview of RAID technology
- The Control Center, Our Next Generation Customer Hub
- iWeb launches its new website
- Top 9 Reasons why Web Hosting is Awesome
- A new logo for iWeb
- Smart Group: Optimizing Local Security
- Who has the coolest costume?
- 4 Tools to Create A Website Quickly & Easily
- Season’s Greetings from iWeb!
November 7th, 2011 11:02 am
[...] Latest and final update available here: http://blog.iweb.com/en/2011/11/incident-network-infrastructure-ddos-resolved/8953.html [...]
November 7th, 2011 11:13 am
[...] Latest and final update available here: http://blog.iweb.com/en/2011/11/incident-network-infrastructure-ddos-resolved/8953.html [...]
November 7th, 2011 3:34 pm
My clients are still impacted by several random drops. Is Iweb still getting DDOS’d ?
November 7th, 2011 3:47 pm
Martin, your website looks down for me actually. However, my servers seem OK for the moment.
When I tracert Iweb, I got 204 ms for gi1-5.ccr01.ymq01.atlas.cogentco.com [38.104.152.93] and limited delay passed after te8-4.cl-core06.cogent.mtl.iweb.com [38.104.154.02].
1 2 ms 2 ms 2 ms 10.10.1.200
2 5 ms 5 ms 5 ms 1.0.0.237
3 5 ms 7 ms 5 ms gi3-6.core1.cx2.zerofail.net [74.123.95.133]
4 7 ms 4 ms 5 ms gi2-15.bgp1.cx2.zerofail.net [74.123.95.33]
5 90 ms 204 ms 202 ms gi1-5.ccr01.ymq01.atlas.cogentco.com [38.104.152.93]
6 5 ms 5 ms 5 ms te0-2-0-0.ccr21.ymq02.atlas.cogentco.com [154.54.0.22]
7 5 ms 6 ms 5 ms te8-4.cl-core06.cogent.mtl.iweb.com [38.104.154.02]
8 * * * Délai d’attente de la demande dépassé.
9 * * * Délai d’attente de la demande dépassé.
10 * * * Délai d’attente de la demande dépassé.
11 * * * Délai d’attente de la demande dépassé.
12 * * * Délai d’attente de la demande dépassé.
13 * * * Délai d’attente de la demande dépassé.
14 * * * Délai d’attente de la demande dépassé.
15 * *
November 7th, 2011 4:01 pm
Finally my smart server’s getting slow to reach too… 1284 ms of trace root…
1 2 ms 7 ms 3 ms 10.10.1.200
2 6 ms 5 ms 5 ms 1.0.0.237
3 5 ms 6 ms 5 ms gi3-6.core1.cx2.zerofail.net [74.123.95.133]
4 8 ms 5 ms 9 ms gi2-15.bgp1.cx2.zerofail.net [74.123.95.33]
5 5 ms 5 ms 5 ms gi1-5.ccr01.ymq01.atlas.cogentco.com [38.104.152.93]
6 5 ms 5 ms 5 ms te0-2-0-0.ccr22.ymq02.atlas.cogentco.com [154.54.0.18]
7 13 ms 13 ms 13 ms te0-2-0-5.ccr21.yyz02.atlas.cogentco.com [154.54.44.98]
8 28 ms 27 ms 27 ms te0-1-0-3.ccr21.ord01.atlas.cogentco.com [154.54.27.181]
9 39 ms 41 ms 41 ms te0-4-0-5.ccr21.mci01.atlas.cogentco.com [154.54.45.145]
10 51 ms 51 ms 50 ms te0-2-0-2.ccr21.dfw01.atlas.cogentco.com [154.54.5.221]
11 186 ms 210 ms 204 ms te3-3.mpd01.dfw03.atlas.cogentco.com [154.54.6.94]
12 55 ms 49 ms 56 ms teleglobe.dfw03.atlas.cogentco.com [154.54.13.134]
13 78 ms 77 ms 77 ms if-7-2.tcore1.AEQ-Ashburn.as6453.net [66.110.56.34]
14 62 ms 117 ms 61 ms if-2-2.tcore2.AEQ-Ashburn.as6453.net [216.6.87.1]
15 113 ms 139 ms 79 ms if-4-16.tcore1.NYY-NewYork.as6453.net [216.6.90.13]
16 151 ms 139 ms 78 ms if-11-2.tcore2.NYY-NewYork.as6453.net [216.6.99.1]
17 152 ms 140 ms 78 ms if-5-0-0.mcore3.MTT-Montreal.as6453.net [216.6.99.6]
18 91 ms 89 ms 89 ms Vlan19.icore1.MTT-Montreal.as6453.net [216.6.114.14]
19 88 ms 88 ms 91 ms te6-2.cl-core04.tata.mtl.iweb.com [206.82.135.30]
20 90 ms 88 ms 161 ms te9-1.v4041.ne-core01.mtl.iweb.com [67.205.127.209]
21 91 ms 90 ms 89 ms 20g.po11.v4044.ne-wan-dist01.mtl.iweb.com [myserver]
22 84 ms 86 ms 84 ms [myserver]
November 7th, 2011 4:03 pm
Finally, my smart server looks slow to reach too… 1284 ms of tracert is quite long.
1 2 ms 7 ms 3 ms 10.10.1.200
2 6 ms 5 ms 5 ms 1.0.0.237
3 5 ms 6 ms 5 ms gi3-6.core1.cx2.zerofail.net [74.123.95.133]
4 8 ms 5 ms 9 ms gi2-15.bgp1.cx2.zerofail.net [74.123.95.33]
5 5 ms 5 ms 5 ms gi1-5.ccr01.ymq01.atlas.cogentco.com [38.104.152.93]
6 5 ms 5 ms 5 ms te0-2-0-0.ccr22.ymq02.atlas.cogentco.com [154.54.0.18]
7 13 ms 13 ms 13 ms te0-2-0-5.ccr21.yyz02.atlas.cogentco.com [154.54.44.98]
8 28 ms 27 ms 27 ms te0-1-0-3.ccr21.ord01.atlas.cogentco.com [154.54.27.181]
9 39 ms 41 ms 41 ms te0-4-0-5.ccr21.mci01.atlas.cogentco.com [154.54.45.145]
10 51 ms 51 ms 50 ms te0-2-0-2.ccr21.dfw01.atlas.cogentco.com [154.54.5.221]
11 186 ms 210 ms 204 ms te3-3.mpd01.dfw03.atlas.cogentco.com [154.54.6.94]
12 55 ms 49 ms 56 ms teleglobe.dfw03.atlas.cogentco.com [154.54.13.134]
13 78 ms 77 ms 77 ms if-7-2.tcore1.AEQ-Ashburn.as6453.net [66.110.56.34]
14 62 ms 117 ms 61 ms if-2-2.tcore2.AEQ-Ashburn.as6453.net [216.6.87.1]
15 113 ms 139 ms 79 ms if-4-16.tcore1.NYY-NewYork.as6453.net [216.6.90.13]
16 151 ms 139 ms 78 ms if-11-2.tcore2.NYY-NewYork.as6453.net [216.6.99.1]
17 152 ms 140 ms 78 ms if-5-0-0.mcore3.MTT-Montreal.as6453.net [216.6.99.6]
18 91 ms 89 ms 89 ms Vlan19.icore1.MTT-Montreal.as6453.net [216.6.114.14]
19 88 ms 88 ms 91 ms te6-2.cl-core04.tata.mtl.iweb.com [206.82.135.30]
20 90 ms 88 ms 161 ms te9-1.v4041.ne-core01.mtl.iweb.com [67.205.127.209]
21 91 ms 90 ms 89 ms 20g.po11.v4044.ne-wan-dist01.mtl.iweb.com [myserver]
22 84 ms 86 ms 84 ms [myserver]
November 7th, 2011 4:09 pm
Uhhmm.. is there any reason why my comment is automatically deleted on the blog and why is it written “duplicated comments” when I try to repost it ?
November 7th, 2011 4:24 pm
No other option than leave from iweb and choose another hosting company, losting money and clients with the attacks
November 7th, 2011 4:48 pm
@PL I see both of your comments.
November 7th, 2011 4:50 pm
@Martin : Your issues might not be related with the attacks, please open a ticket in order for the issue to be investigated. @PL : I will verify for our web site.
November 7th, 2011 5:26 pm
These attacks are costing me far more than what I pay for hosting. Guess it is time to find a new provider.
November 7th, 2011 5:34 pm
getting 25% loss for the last 15 min..
November 7th, 2011 5:34 pm
hi
again problem
64 bytes from 70.3x.7x.xx9 icmp_seq=58 ttl=50 time=72.3 ms
64 bytes from 70.3x.7x.xx9 icmp_seq=59 ttl=50 time=70.0 ms
64 bytes from 70.3x.7x.xx9 icmp_seq=60 ttl=50 time=70.6 ms
64 bytes from 70.3x.7x.xx9 icmp_seq=61 ttl=50 time=72.3 ms
— 70.3x.7x.xx9 ping statistics —
61 packets transmitted, 42 received, 31% packet loss, time 60001ms
rtt min/avg/max/mdev = 66.160/75.233/78.786/2.849 ms
November 7th, 2011 7:34 pm
Hi to iWeb,
Wow! I was in the middle of ordering process, of SmartServer, have to wait a couple of minutes for my business co-owner, and then I’ve just started to read your blog. I was just surprised by up-to date post about Thailand and then > boom, all these posts about issues and 10’s of comments. Well, I’ve stacked, little bit frustrated and read almost the whole story:).
What is your opinion, co-commenters:). Should I order a server at iWeb now?, is it safe? and iWeb, is this situation FULLY resolved?, repeated, FULLY?
Migrating my live e-shop with 100s of visitors per day to iWeb server and then lose connection repeatedly won’t be an oustanding deal, what do you think?
Kind regards,
Peter
November 7th, 2011 8:58 pm
At this moment, yes is true… Iweb are receiving repeated DDoS Attacks but, at this time this company has the best problem answer and IT to resolve this problems ASAP! i really Recommend IWeb because they prove that their clients matters A LOT!, i’m really Satisfied of their services!
Best Regards
Marco Pirrongelli
November 7th, 2011 10:47 pm
Guys, it seems that iWeb might not be the reason of the down… Check this out: http://www.dslreports.com/shownews/Level3-Suffers-Brief-But-Massive-Outage-116933
November 7th, 2011 10:51 pm
Another article here: http://m.zdnet.co.uk/blogs/mapping-babel-10017967/juniper-fail-seen-as-culprit-in-site-outages-10024743
November 7th, 2011 10:52 pm
@PL : Our site does not answer ICMP requests so pings or traceroutes to our site will not work but it should be up in your browser.
@Marco : Thank you.
@Matt & @George : we had a new attack around 5h30pm that caused a Cogent link to saturate. It was fixed quickly. For some reason, the latest solution we had put in place failed, we will be fine tuning it. We are confident it is a viable solution to fully resolve the issue.
@Peter : I understand that having these status posts about issues is not the best sales tool ! But it shows that we are transparent and is a good example on how we communicate. Going with a provider that does not communicate or publish a status blog does not mean there is no problem or that there never will be. Let me know if you have any other question and I hope you will join iWeb soon.
November 8th, 2011 3:28 am
Dear Martin,
I still have a packet loss while trace 184.107.112.X IPs, do you have any idea when this problem resolves?
November 8th, 2011 4:20 am
@Martin I hope, my decision was right. Thank you for your soon reply. iWeb seem to have best services, solutions and support available out there, so I’ll be monitoring the situation and join iWeb probably in few weeks. In more stable times.
November 8th, 2011 9:17 am
@Peter I would still recommend iWeb. I have grown from 1 server to several over the last 3 years and have never had connectivity problems until this latest and exceptional DDoS. Even with this DDoS our downtime has been relatively minimized, although still frustrating, to be sure. They take a no-BS and personal approach with their status updates and support which is a huge plus. I think you will be satisfied with making the move to iWeb.
November 8th, 2011 12:33 pm
I echo Matt’s comments. We were with several ISPs prior to iweb and I must say, working with those other companies was a nightnare, Iweb is one of the most transparent and hard working out there. We were also affected only minimally several days ago – and given the size of the attack, that is saying a lot in favor of iweb. I sympathize with people who depend on iweb for money-making web sites. I’m in the same boat here -but again, considering what else is out there, iweb is likely one of the best, if not thee best, and we’ve decided to stick with them.
November 8th, 2011 12:57 pm
@sapsin : Can you create a ticket and post the ticket number here so I can follow up? We have been playing a lot with routes and routing since the attacks you might be using a new route to get to our network and maybe there is some kind of problem on the route but it is probably not related to the attacks.
@Matt @rob : Thank you.
@Everyone : Again, our network should be back as one of the most reliable shortly. We applied some fixes to our solution and the next attack should have minimal effects on the network. Thank you for your comments and your patience.
November 8th, 2011 1:13 pm
I agree with the previous comments…we have been using iweb for the past 4 years and they are by far the best hosting provider we have used. Even with these DDoS attacks, our total downtime over the past 4 years has been minimal and iweb are always prompt at fixing problems. I’m confident that they will resolve this DDoS problem shortly.
November 8th, 2011 6:34 pm
100% of my revenues are coming from a server hosted in iWeb. It has been impacted several times during peak hours in the past 7 days. Outages caused by DDoS lasting more than 15 mins are very damaging and I really feel helpless because I cannot reach my server to fix or investigate anything. My down time in the last 7 days exceed by far everything else occurring in the last year.
Is there a way to insulate critical computers, which are not explicitly targeted by these attacks?
November 8th, 2011 8:38 pm
Our servers are still having a lot of problems. Each time we contact support they say it is our connection, but time and time again we provide them with explicit proof including but not limited to: tracerts from multiple ISP in multiple locations and countries, Customer’s tracerts, Pings from around the world. Even their own network graphs show outages and they have the audacity to say I am the only person having this problem. Even now, they are ignoring our tickets.
if you are having problems with the network just admit to them when we talk to you don’t deny them. Iweb probably is seeing more complaints now that the issue is closed than when they had the DDoS problems going.
Having problems with the network is understandable, but lying to us about them is not.
November 8th, 2011 10:21 pm
Stop removing my comments. Censoring your client’s comments is a sure sign of a dishonest company.
November 8th, 2011 10:22 pm
3rd post that will be censored by iweb
November 8th, 2011 10:28 pm
It is sad to see iWeb censoring its clients comments. I have seen 2 so far that were removed.
November 8th, 2011 11:00 pm
@David @Thomas: I am not sure why you say that we are censoring comments. We do not erase any comments (except comment spams and gratuitous vulgarity). Comments are also automatically closed on a topic after a while. Every now and then our antispam plug-in might catch false positives but I reapprove such comments when I notice them in the quarantine (even if they are negative comments). It also happens occasionnaly that wordpress do not display comments right away (probably a delay due to the browser cache or a database connexion lag). Maybe that is what you experienced.