DataCentre where Server-Admins.net is under attack

[Waste]

Hi guys,

Anyone else affected by server-admins.net infrastructure being offline (now)? They said that the datacentre is under DDoS attack. It has been offline since this morning. And it looks like the attack is not going away.

Does anyone know where their servers reside currently? They state "at Mweb" on their site, but I think that is old.

This is the second time that this happens, I guess, as it goes in DDoS world, the first attack is normally a "warning" and then there follows about a 24hour attack a week later if some demand is not met or just because they can.

I don't see any activity on Server-Admins Twitter feed, or any other place, they really need to get a PR officer in place to help out in these situations.

 

[chopsky]

Hi guys,

Anyone else affected by server-admins.net infrastructure being offline (now)? They said that the datacentre is under DDoS attack. It has been offline since this morning. And it looks like the attack is not going away.

Does anyone know where their servers reside currently? They state "at Mweb" on their site, but I think that is old.

This is the second time that this happens, I guess, as it goes in DDoS world, the first attack is normally a "warning" and then there follows about a 24hour attack a week later if some demand is not met or just because they can.

I don't see any activity on Server-Admins Twitter feed, or any other place, they really need to get a PR officer in place to help out in these situations.

Same company as ZADomains, which is also down...

 

[chopsky]

 

[jeskrist]

Yes Waste. We am also experiencing the down time from the Server-Admins.net DDOS attack from yesterday 01/06/2017.

Mail Server and HTTP servers down. They are still down this morning.

And what is mind-boggling, their telephonic support only operates from 08:00 - 17:00 in weekdays. Crazy for a Webhost company.

 

[Frogstar]

Yes, currently still down. Came back for a few minutes yesterday day and during the night but down currently.

 

[Frogstar]

And what is mind-boggling, their telephonic support only operates from 08:00 - 17:00 in weekdays. Crazy for a Webhost company.

Yes that's one of my biggest gripes with them. But has been like that since I started with them so im used to it. They respond to mail but when there is an attack like this mail doesn't get through.

Pointless calling anyway. They have a woman fielding the calls with a generic response.

Hope they get it sorted as we all loosing money right now.

Wonder if we will get a refund on the down time

 

[Waste]

For anyone following this post. Services were restored. I also called them this morning just after 8 am and the lady that answered the phone was helpful to explain what the situations was. You need to know something about what is happening and what can be done and what not to make it all sound sensible.

It is very little you can do with a DDoS attack. You either need access to very large hardware and network pipes to survive it. Or you have to implement some global sourced DDoS mitigation service. All in all it's very expensive and only available to mostly elite companies. All that said...

They did do a clever thing by changing IP address ranges, they stepped out under the attack. But unfortunately, it is not easy to update arrays of servers with new IPs in just one go. Then also they needed to do mass update of IPs on the DNS servers. Then lastly we as reseller customers had to update our Nameserver Glue Records, and if you are hosting some DNS offsite you had to manually update your own DNS records.

After all that we are back online now.

For the future, they said they will utilise a CloudFlare service that helps mitigate DDoS attacks.

I would just like them to also get an offsite secondary DNS server, last time when they were attack about 2 months ago, both the DNS servers was offline (which make sense if they are both in the same datacentre/IP range). We also have other services that we point to with DNS and because the DNS servers was offline all those services was also unreachable.

That said, if you do you ZaDomains and their cloud DNS, they actually do have 4 DNS servers and they are distributed to other countries. We have used that for one service and had no problem with DNS resolution when this attack was ongoing both times.

My last complained would be that they need a PR person that can just report back to customers what is going on. Because they go quiet we don't know what is going on, and then start hitting them with calls. The biggest issue is they host their own website, so we it is even impossible to see what their office number is, or if they use any other service to post updates (Facebook, Twitter, Telegram, so on).

 

[Jade @ Absolute Hosting]

Hi guys,

I'd like to say thanks to Waste for taking the time to hear Natasha had to say about the situation, what was being done and what we'll do in the future to mitigate and prevent these types of attacks.

A few years ago we were subjected to these on a weekly basis whilst hosting inside MWEB's data center. Engineers confirmed that one of the other hosting providers was the cause for their weekly DDOS attacks, so its not uncommon by any means - there is a thread on this forum, pages long, about another provider who is consistently down due to similar attacks.

DDOS attacks are ignored and largely misunderstood until you're the innocent victim of one, and there is no simple fix. We've done a little bit of reading in between migrating our environment and have read about how some of these attacks have reached hundreds of GB's per second, and have brought down entire networks for weeks on end.

To summarise we have learnt a bit in the past 36 hours and our data center provider have too learnt an equal amount, and yes we and our DC provider will be working together to ensure that they and we, our clients and other clients have the least chance of this situation reoccuring within the near future.

Thank you to all of our clients for being as patient and loyal as you are - we truly do appreciate it.

Mr Frogstar, we'll be sure to create a special coupon code for you when you decide to move your domain management over to us along with other awesome discounts for all of ZA Domains resellers when we launch our Cpanel hosting in the next few weeks.

Wonder if we will get a refund on the down time

Thanks for the advise regarding better PR, and we'll make a concerted effort to ensure that in the event that other issues arise that we are more transparent.

If I have missed anything or you have other questions please feel free to fire at will and I'll do my best to answer them all.

Regards

Jade

 

[Frogstar]

All my sites are still down.


@jade I'm already with server admins. Is zadomains a different company?

 

[mdkock]

Still down for us

None of my domains are accessible. Control panel, unable to check dns zone settings. At least let us know what to update or what to do to get it to work again.

2 days downtime after being down for days last month is not a joke.

 

[Thor]

Well at least ZA domains has a better response than elite host had so kudos there.

 

[Jade @ Absolute Hosting]

All my sites are still down.


@jade I'm already with server admins. Is zadomains a different company?

Hi Frogstar, two different companies with different business models, run by the same people

None of my domains are accessible. Control panel, unable to check dns zone settings. At least let us know what to update or what to do to get it to work again.

2 days downtime after being down for days last month is not a joke.

Hi mdkock, we are aware of this and are currently still busy with the migration of services to a new range. We anticipate this to be complete tomorrow at around mid day.

We prioritized service migrations to ensure that sensitive services such as mail and dns were migrated as quickly as possible.

As per one of the comments above, we have migrated secondary DNS services to two separate locations to ensure optimal uptime, and as with the introduction of our new hosting environment we'll leverage off the MyDnsCloud service that we have setup.

Once again, apologies for the inconvenience caused by this and we are working to get services back to normal as quickly as possible. A follow up email will be sent to all clients with a detailed incident report regarding the matter.

@Thor187, thanks for the kind words

 

[Frogstar]

Hi Frogstar, two different companies with different business models, run by the same people

Can't wait. Have been waiting patiently

 

[Frogstar]

Edit. As I posted the site's came online

 

[twmk]

We anticipate this to be complete tomorrow at around mid day.

Hi @Jade, has there been any update since Saturday afternoon? Certain services are still unavailable where custom nameservers using glue records are being used. I have tried sending emails to both your support addresses, but all attempts return deliverable.

 

[twmk]

... customers had to update our Nameserver Glue Records, and if you are hosting some DNS offsite you had to manually update your own DNS records.

@Waste, where did you get the appropriate replacement IP addresses from? This is the issue we're experiencing I believe, but unfortunately only realized this after 5pm on Friday.

 

[Papadi1715]

I am an end user who have 5 sites down for now the 4th day! I'm desperately trying to find out whats going on and eventually tracked this forum down. ZaDomains does not give me much confidence especially when I look at how poorly they keep clients updated especially the absolute minimum info on their FB and Twitter account.

 

[twmk]

@Papadi1715 try their Server-Admins.NET Facebook page instead. https://www.facebook.com/ServerAdmins.NET/ you may receive a faster response to your questions or DMs.

 

[Papadi1715]

Tx - lets try my luck there!

 

[twmk]

@Waste, where did you get the appropriate replacement IP addresses from? This is the issue we're experiencing I believe, but unfortunately only realized this after 5pm on Friday.

Never mind, found and updated accordingly.