DDOS attack aimed at Absolute Hosting Networks

Jade @ Absolute Hosting said:
Yup, we're seeing way more ZA based IP's attacking than before
Click to expand...
I think ISPs should do vulnerability scans on their ranges and email subscribers with p@wned routers or infrastructure. Most ISPs in ZA provide little added value.

Search your IP on beta.shodan.io

Spare a thought for this bloke....
aa.png
 
r00igev@@r said:
I think ISPs should do vulnerability scans on their ranges and email subscribers with p@wned routers or infrastructure. Most ISPs in ZA provide little added value.

Search your IP on beta.shodan.io

Spare a thought for this bloke....
View attachment 1390362
Click to expand...
Ultimately if the client has no idea about security and they aren't posing as a threat then its a challenge to enforce.

Despite us recommending that clients not enable RDP from the outside and use firewall available to them, most of them ignore it...

Convenience vs security....
 
Jade @ Absolute Hosting said:
Ultimately if the client has no idea about security and they aren't posing as a threat then its a challenge to enforce.

Despite us recommending that clients not enable RDP from the outside and use firewall available to them, most of them ignore it...

Convenience vs security....
Click to expand...
There's other things that can be done.
Block spoofed packets, for a start. There's no reason whatsoever for a packet with a source IP outside your range to be permitted out of your customer networks
 
r00igev@@r said:
I think ISPs should do vulnerability scans on their ranges and email subscribers with p@wned routers or infrastructure. Most ISPs in ZA provide little added value.

Search your IP on beta.shodan.io

Spare a thought for this bloke....
View attachment 1390362
Click to expand...

We always advise clients to make use of a firewall with a selected ip whitelist to access. Not use default RDP ports and use the build in lockout feature after 3 invalid login attempts.

Unfortunately these servers are self managed and as the ISP we only get involved when there is abuse linked to the IP.

I deal with the abuse queue every day and I take servers offline as soon as I see complaints about abuse on our hosting.

Connectivity IP's are difficult because of the number of ways it can be used in a botnet like MikroTik routers which is the MAIN contributors as well a windows computers that are compromised due to malware installed.
 
AfriNatic said:
We always advise clients to make use of a firewall with a selected ip whitelist to access. Not use default RDP ports and use the build in lockout feature after 3 invalid login attempts.

Unfortunately these servers are self managed and as the ISP we only get involved when there is abuse linked to the IP.

I deal with the abuse queue every day and I take servers offline as soon as I see complaints about abuse on our hosting.

Connectivity IP's are difficult because of the number of ways it can be used in a botnet like MikroTik routers which is the MAIN contributors as well a windows computers that are compromised due to malware installed.
Click to expand...
What is that box? Is it related to http://www.scode.co.za/ The payments system that defaults to non-encrypted?
 
AfriNatic said:
We always advise clients to make use of a firewall with a selected ip whitelist to access. Not use default RDP ports and use the build in lockout feature after 3 invalid login attempts.

Unfortunately these servers are self managed and as the ISP we only get involved when there is abuse linked to the IP.

I deal with the abuse queue every day and I take servers offline as soon as I see complaints about abuse on our hosting.

Connectivity IP's are difficult because of the number of ways it can be used in a botnet like MikroTik routers which is the MAIN contributors as well a windows computers that are compromised due to malware installed.
Click to expand...
Yep, enforce segmentation and comb them off to a VM where anything goes.
 
Is there any light at the end of the tunnel? I have a few VPS's with you guys for some clients and they are all pushing to move to another provider :/
 
Update : As of this morning the attack is ongoing and we've exhausted our reliance on DD / Optinet to assist in mitigating the attack.
We are in discussion with a new provider at the moment and updates will be sent to all clients during the course of the day.

To all our clients, please accept our apologies for this and thanks for your support.
 
Jade @ Absolute Hosting said:
Update : As of this morning the attack is ongoing and we've exhausted our reliance on DD / Optinet to assist in mitigating the attack.
We are in discussion with a new provider at the moment and updates will be sent to all clients during the course of the day.

To all our clients, please accept our apologies for this and thanks for your support.
Click to expand...
Having been at the receiving end of DD's incompetence several times, you have my sympathies.

You guys (and girls) are an amazing company and I hope that whatever sinister plot is behind this does not succeed in damaging your excellent reputation.
 
Jade @ Absolute Hosting said:
Update : As of this morning the attack is ongoing and we've exhausted our reliance on DD / Optinet to assist in mitigating the attack.
We are in discussion with a new provider at the moment and updates will be sent to all clients during the course of the day.

To all our clients, please accept our apologies for this and thanks for your support.
Click to expand...
just received this:

'The attack has manifested into a flood attack which is saturating the links leading into our network, meaning that despite our best efforts to stop the attacks at the data center firewalls - the uplinks simply cannot manage.

We are in discussions to move services to another Data Center and utilize a connectivity provider who can better defend against these types of attacks.

Thank you for your patience and we understand how frustrating this is, we have your best interests at heart.'
 
OCP said:
Having been at the receiving end of DD's incompetence several times, you have my sympathies.

You guys (and girls) are an amazing company and I hope that whatever sinister plot is behind this does not succeed in damaging your excellent reputation.
Click to expand...
If it turns out to be a targeted attack from an individual or company and is provenm then I hope the culprit/s are named and shamed!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X