Tonight there will be a planned outage of servers vorlon-h9 (22.214.171.124) and vorlon-w3 (126.96.36.199).
These are the 2 servers which are primarily being affected by the DDOS attack, to further mitigate the effect this attack is having on our network we are moving them to another network where the traffic can be isolated.
Please note that this will not reduce the affect the attack is having on these servers, we are simply taking this action to remove the traffic from our core network where it is affecting other customers.
As we have explained in our previous blog posts, the end result of a DDOS attack causes the network to be flooded so that legitimate traffic cannot get through, we realise that most customers are having a hard time understanding what this means and why this is not our fault, so we found this video which makes DDOS easier to understand: https://www.youtube.com/watch?v=OhA9PAfkJ10
Why is my website slow or not responding ?
Our DDOS mitigation has to filter every single request for every single webpage on every single website that is pointing to the attacked IP address to determine if it is a malicious request or not, and if so, the source IP address of the attacker is blocked.
Scanning thousands of requests per second takes a lot of processing power, but this attack is worse than a regular DDOS attack as it has a morphing signature, this means that the pattern of the attack is constantly changing, so that our blocking filters ncan suddenly stop working and we have to keep trying new ones each time the attack changes.
As a result this also slows down all legitimate traffic as well and sometimes legitimate traffic can get flagged as malicious and your IP address gets blocked, which means some people may not be able to view your own website.
This unfortunately is unavoidable, we either loosen the blocking and filtering and allow more malicious traffic through, which will cripple more servers and websites so will not help you, or we tighten the filtering and live with the false positives, but at least things are working for some people.
This filtering has to stay in place until the attack stops, again we have no choice in this matter, if we turn off the DDOS mitigation then everything stops working for all customers.
It is also important to understand that if YOUR website is under attack then it does not matter where your website is hosted as the attack is directly against your domain, so changing hosts will not help you, it will simply transfer the problem to the new host and affect their systems and their customers instead.
Is there any solution?
There is no way to stop a DDOS attack, all you can do is perform DDOS mitigation to try and reject as much of the malicious traffic as possible and then wait until the attack stops.
We do however have a couple of solutions that can help to reduce the impact on your website.
1. Get a dedicated IP address.
If you have your own dedicated IP address then this will isolate you from attacks against other customers who are on the shared IP address.
Any mitigation being done against the website/IP address being attacked will therefore have no affect on your website, so even If the attacked IP added is completely blocked then traffic to your website will continue as normal.
You will however still be subject to any general network overload/latency problems that occurs as a result of DDOS attacks getting through while mitigation is being performed, and this will not stop your own website being attacked.
If your own website is attacked, your IP address can then be blocked to avoid problems for other websites and customers on the same server, or mitigation can be performed directly on your IP address alone.
The cost for a dedicated IP is £3.99 per month or £39 per year.
2. Use a 3rd party DDOS protection service.
Using such a service will filter all traffic through cloudflare before it reaches the server and they monitor for DDOS attacks and automatically start blocking and filtering any malicious requests.
We are in the process of signing up as a partner with CloudFlare so that we can supply this service to customers directly, but you are of course welcome to signup with CloudFlare or similar provider directly.
This will also require a dedicated IP address.