Website connectivity issues

Quicksearch

Entry's Links

Referring links

easyDNS Main Links

» easyDNS Home
» Create Member Account
» Register A Domain Name
» Transfer Domain to Us
» Get DNS Service
» easyDNS Support

Syndicate This Blog

RSS 0.91 feed

RSS 1.0 feed

RSS 2.0 feed

ATOM 0.3 feed

ATOM 1.0 feed

RSS 2.0 Comments

Staff Weblogs

» Under The Radar (Mark Jeftovic's personal weblog)
» HookerBlog (The Parkdale Hookers band)

easyDNS Member Blogs

» SelfEmployment.ca
» Jim Carroll
» Efficient Market Canada
» CEO Blog - Time Leadership by Jim Estill
» Caught In Between by Lawrence Greene

Thursday, November 10. 2005

Website connectivity issues

At 2:30pm today the EasyDNS members interface was attacked with large volumes of bogus web requests, causing brief periods of intermittent connectivity. The first attack lasted roughly an hour. The easyDNS administration team worked closely with our hosting provider to repel the attack, and capture as much data as possible for law enforcement purposes.

During this period accessing the members site would have been difficult,
and dynamic DNS updates would have been impacted and may not have updated
in a timely manner.

All other services were unaffected, as we have actively endeavored
to improve our network security and capacity.

Update 5:45pm EST

As of 5pm EST the flood traffic on the web interface itself is continuing on a sporadic basis and we are working on mitigation.

DNS service, email forwarding and URL forwarding services continue to function normally.

Posted by Mark Jeftovic in Status at 17:48 | Comments (9) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

unfortunately this is not entirely true.. Forwarding is now not working for already more then 8 hours.
I hope this gets fixed.

#1 johanc on 2005-11-11 00:14 (Reply)

as far as I can see there is from holland still no option to update the DNS setting.
my mailserver, webspace etc is not available for several hours already.

it is as far as I can see more then 12 hours ongoing now

#2 Pieter on 2005-11-11 03:42 (Reply)

I just tried to log in from Berlin, Germany and also have no access. In fact, I tried to access the home page and also received no reply... Sure would like to update our DNS settings...

Good luck in getting it fixed.

#3 Chad (Homepage) on 2005-11-11 04:44 (Reply)

The three comments were posted from users coming off of addresses where large amounts of the attack traffic were coming from, so I think the three of you have been caught up in the ACLs that were implemented to mitigate the attack.

Someone from support will be contacting you regarding getting any changes you need made, and systems is checking into whether its safe to remove or narrow the ACLs.

#4 Mark Jeftovic on 2005-11-11 09:44 (Reply)

It does appear that I now have access. I don't know if you freed up our IP address, but we have a fixed IP address that is only used by us. Hope things get better.

#5 Chad (Homepage) on 2005-11-11 11:06 (Reply)

Hi Mark,

Is there any particular reason why you guys seem to be the moving target of these DDoS people? Seems strange how you guys keep on having issues on a regular basis

#6 Jacques Marneweck (Homepage) on 2005-11-11 16:47 (Reply)

DOS attacks are one of the hazards of the trade in the DNS industry. Because we have a zero tolerance policy towards spammers and botnets, every time we terminate an offender (especially the botnets) we run the risk of facing retaliation.

Our upgraded systems performed very well yesterday. Before the upgrade the intensity of yesterday's attack would have caused more disruption.

#6.1 Mark Jeftovic on 2005-11-11 17:08 (Reply)

I keep forgetting about your zero tolerance policy. IRC networks have also been a moving target for DDoS attacks for years now.

#6.1.1 Jacques Marneweck (Homepage) on 2005-11-12 03:17 (Reply)

I although i was unfortunately affected by the full blocks (i am on a eureopan (belgium) very large and known ISP, i still wonder why such wide ACL was needed) i must say that this kind of Dos attack happens to any other DNS provider and regulary sometimes against IRC (remember dalnet), websites etc... Easydns has done alot of effort to get everything back up and working (in a srprisingly fast amount of time). This happens to many companies and not just easydns. I must commend them with their fast reaction and how well their systems stayed up. I would like however to see a website hosted somewhere else (so its not affected by DOS attacks ) with a status of the Easydns systems so at least we know whats going on.

#6.2 johanc on 2005-11-11 20:56 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry