Server Down

[pawlus]

Today the server hosting my reseller package was down for over 6 hours, so much for 99.5% availability.
As there was no notice of the outage on this forum it's been left to me to do.
Apparently there was a DOS attack in progress and so the server was taken down. Funny they didn't bother to attack the UKWebhosting server and save others from this farce.
I'll be requesting my refund and taking my business elsewhere.

[Administrator]

One of our Windows server was under severe DDoS attack early morning and we tried everything possible to filter this attack. Cisco Hardware Firewall was unable to filter this attack as it was an inbound DDoS attack of over 100 Mbps volume and the only option to get rid of the attack was to null route the server for some time.

All services are back to normal now and our network engineers have managed to block the attacking source on our network.

[jon123]

I think pawlus you are being a little unfair. You don't mention any other problems with your hosting so must assume from your post that the DDOS attack is the only problem you suffered.
A DDOS attack is severe and that is why extreme measures are needed to rid the server of this threat. I may agree that an email could have been sent to inform you of this problem, but your response is a little extreme is it not?

I would like to know though why it is a problem to send emails admin! I mean even an automated email is within the realms of most hosting providers these days surely.

I have a 'dirt cheap' hosting account in the US and they inform me very quickly if the server has problems, straight away an auto message but then soon after a details analysis of what the problem was.
Doesn't matter if the message is bullshit, it just matters that I know....they know...there is a problem.

[Administrator]

Quote:

Originally Posted by jon123

I think pawlus you are being a little unfair. You don't mention any other problems with your hosting so must assume from your post that the DDOS attack is the only problem you suffered.
A DDOS attack is severe and that is why extreme measures are needed to rid the server of this threat. I may agree that an email could have been sent to inform you of this problem, but your response is a little extreme is it not?

I would like to know though why it is a problem to send emails admin! I mean even an automated email is within the realms of most hosting providers these days surely.

I have a 'dirt cheap' hosting account in the US and they inform me very quickly if the server has problems, straight away an auto message but then soon after a details analysis of what the problem was.
Doesn't matter if the message is bullshit, it just matters that I know....they know...there is a problem.

This problem started at 4 AM in the morning and we have only support staff in office at that time. This staff members are focussed on technical support only and they have to sort technical problems with first priority.

Only customer service staff and management members are focussed on informing customers while support staff informs only if you open a ticket or come on livechat. Our support staff managed to troubleshoot this problem efficiently and for your information DDoS attack of over 100 Mbps can never get filtered no matter what you do. Our guys managed to reverse the attack to frustrate the DDoS'ers and everything was back to normal by 11 AM.

[jon123]

Very nice to know admin, but sometimes I think we are talking a different language.

My post represented my agreement with you! I was trying to defend you !
The only stipulation i made was the fact that you should let everyone know if a problem arises. By this i mean an automasted email to those who maybe affected. Common practice these days i think

[kev woodman]

I'd pretty much second Jon's comments here.

It is a bit harsh to attack Webhosting.uk.com over a DDoS, they are essentially impossible to stop and most of the time the only response is to just take the server offline and wait it out.

But its worth noting Admin that people regularly complain about a lack of information. I understand that the tech guys may have been under pressure but could you not have just a simple email list of all your customers and a few standard emails pre-written to cover the most likely reasons for outage? Then all the engineers would have to do is send one of these to your mailing list and that should keep everyone informed until a CS bod can send out a more detailed/targeted mailshot later.

[Administrator]

Our System Admins know how to reverse DDoS if it is domain specific but to do so they need to know the domain name which is under attack. As the attack was over 100 Mbps so they had to null route server for some time.

They managed to login and check all logs on the server and they got 2 domains which were under attack. This process took some time as the volume of attack was high enough for anyone to take any risk of getting server online immediately.

A records of those 2 domains were changed and they were pointed to 127.0.0.1 which reversed this attack on source.


I will take your suggestion and we will train our support staff working in night shift to send notification to customers for respective server.