Domains.co.za DDoS

Tech Guy SA

Dealer - Tech Guy SA
Joined
Aug 23, 2021
Messages
243
Reaction score
99
Location
Cape Town
Surprised not to see a thread about it.

Anyone affected by the DDos?

Our servers are unreachable all i can do is wait


DDoS attack on domains.co.za Subscribe

Identified - We are currently experiencing an Extremely Massive DDoS attack (over 100Gbps) which is impacting all services on our platforms.
Our technicians are actively working on measures to try and mitigate the massive DDoS attack.

We will provide updates as soon as possible. We appreciate your patience with this matter.
May 15, 2026 - 20:56 SAST

have to VPN to Domains (barley)
 
Thanks for posting this. I was wondering what was happening, all my sites are down, literally just found out :(
No problem i was going to do security tweeks last night around 10pm scheduled for 11pm-2am) but at about 10:30 started to crap itself and noticed my cpanel said no everything is fine if i went via VPN

Now cant even VPN in. nevermind the site since i geoblock.

not all wordpress host are affected i noticed our one we have for our corp emails is active...just not the emails which is weird since they on the same server.

guess we must just relax and let them do the dirty work cant even tell them at this point.
 
Hopefully it gets sorted by Monday at the latest as downtime for me can be costly if it goes on too long.

It's annoying that they haven't said anything about it though, they're all quiet on socials.
 
https://status.domains.co.za/ <-- this thankfullfull worked while the site was down assuming its on another server.

Yeah noticed when i got back to the PC last night its working again and orders came through.

What was weird for me is that via vodacom LTE it was working just fine. As if their network ports were attacked not actual servers.


Monitoring - The DDoS attack has subsided and all services have returned to normal operation. However, attacks of this nature can resume without warning. Our infrastructure team is actively monitoring the network and remains on standby to mitigate any further activity.

We will provide further updates should the situation change. Thank you for your patience.
May 17, 2026 - 09:21 SAST


Not too chuffed about can resume.. but i guess thats the internet for you. I was attacked last year so know the feeling except those guys destroyed my SQL (luckly backups were made on my end anyway lost only a weeks worth of data but had backups of those)

Wonder who attacked
 
Anyone else have html injected? Woke up this morning to a few new administrators added, happened on all my sites (5). Spoke to 2 others on domains who had the same.

My sites not on domains were fine.

Anyone here also compromised? Check your wp users.

@Tech Guy SA
@thebigguy
 
Last edited:
Anyone else have html injected? Woke up this morning to a few new administrators added, happened on all my sites (5). Spoke to 2 others on domains who had the same.

My sites not on domains were fine.

Anyone here also compromised? Check your wp users.

@Tech Guy SA
@thebigguy
No but got the mail from your reply so thanks for the heart attack.

I checked and my Admin user(s) remain the same.

same goes for WHM and CPanel. which i doubt they can do anything on that.

my wp-admin is hidden as well unsure if that helps.

identify the IP that created it and block the user and delete.

see below for tip maybe

I was compromised a while back on my site with Domains.. was my own fault though, as no 2FA on my cPanel.
Same with wordpress 2FA just helps i get a very few amount of IPs trying to get into admin

XMLRPC is also blocked.

use this in htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from #put your own IP in here so only you have access
</Files>

add that above

# BEGIN cPanel-generated php ini directives, do not edit

I had been attacked since last year March on my VPS ended up without knowing why it keeps eating ram cause the bots etc but ended up with 20 osmething ram 8 cores the whole server was getting supercharged

but in august china nailed me so hard had something like a million hits in a few hours they destroyed my SQL database (jokes on them i have backups).

but i moved server (wotn disclose what) better ram management etc but learned from domains about these A.I bots these mFs use and we had to geoblock basically

So i have scriped ive been working months on seems to work it was off for a bit since anycast DNS was working just fine up until last week before the DDos and implemented it again cause Facebooks a.i bot raped my query strings (like WTF dude)
So ended up filtering them cause its not like they listen to robots in the first place and its not like robots has any enforcement eitherway.

so in htaccess geoip im using. i see it helped my buddy at rebelgaming hopefully. its just risks seo rankings unless you allow those guys in. cause honestly blocking everyone works wonders but you need USA but have to filter them since everything runs from the states server wise and its really really annoying.

Now as for the html injects (you didnt mean sql inject) wordfence is your friend up to a point its not the smartest tool in the shed but helps and honeypot kit or a form of a honey pot to trap these aholes just white list your server and your own IP cause ive been locked out before for triggering the WAF rules luckly i use Tor if i need to and luckly cpanel allowed me in.
 
Thanks @Tech Guy SA I'm busy with the clean up now. Sorry for the heart attack! I've spoken to 3 other people on domains who have had theirs compromised in the same way. I have 2FA on everything BTW (and wordfence).

I've also fired off an email to domains.
 
Thanks @Tech Guy SA I'm busy with the clean up now. Sorry for the heart attack! I've spoken to 3 other people on domains who have had theirs compromised in the same way. I have 2FA on everything BTW (and wordfence).

I've also fired off an email to domains.
May i ask is it wordpress?

were they admin Roles?
Is Woo really that heavy or is it just redundancy? That should handle a (by South African standards) pretty darn large store even on Magento.

Yes and no

its not really it can handle a lot its the sql database that becomes the issue. Now ive got it to run on 4GB ram and 8 cores its mostly 8 cores since i have 2 LS workers so they have 2 cores to do the dirty work.

It hardly touches passed 2gb ram its just on the what if it happens. the rest is for redis (1.5GB) and mariaDB which if i don't clean slows down etc. but im talking about months no clean up where last year i had years no clean up i learned a lot from owning a VPS
but im using their managed cp cause i cant stand this lines of code in linux anymore my main reason for that server as well is i use about 280gb this includes emails etc so i need the HDD space their word-press packages too small for me. only last few months converting png to webp files and uploading those. shrinks a lot. my database is a few million (just about 8 million rows) stuff grows.

i must still clear my actions that are failed and completed so prob shed something like 2 mil off.

i could run on less BUT with these issues its best to have the horsepower to be able to do something about it. atm its cruising at 20% usage with local traffic max (Currently typing its 2.5% CPU and 859mb used out of 4gb) now at the back end its downloading and converting xml json to csv and updating stocks

i have 50 000 + SKUs on the system (not all are published and filters etc for products. (58 896) maybe about 6-7k of these are end of life) i dump all my suppliers skus and go through them used to put them in batches of 100 plus in csv template i made

now if you got less than 10k SKUs you dont have to have so much memory to be honest. but woo works fine just less you have the less you need vise versa.

I think wootware uses megento i only know woocommerce there is a lot of room with woocommerce. just dont over saturate with plugins that are not needed.

1779184194362.png


If it wasnt for the bots legit or not id prob run smaller server.

Google bot is okay
Bring bot you must set him to low cause honestly also gets rapy with crawling.
i dont use facebook pixel (i refuse). but she will still crawl which is fine but got to filter and restrict what they filter.
Yeost Sitemaps works wonders and allows thousands not just a few of them.
i manually feed them to bing and google console now and then just incase.

also about store size filters help BUT bots use it against you. but thats what reddis or memcache is for.


1779184793571.png

Cache is king and configuring them can get annoying especially when it needs to get technical.


**edits... my spelling OMG sorry.
 
Last edited:
Jokes on me, majority of my sites are with Xneelo.. and today it is their turn.
i just read ja.

i mean we could move to an overseas host but the problem is it can still happen.

Now i would love to know why these groups are attacking coza servers did someone on tiktok get offended by south africans commenting? honestly.
 
May i ask is it wordpress?

were they admin Roles?
Yes its WP. They were admin roles. They also added a bunch of ftp accounts in the cpanel. Basically it was a bunch of code that was redirecting mobile visitors to a Turkish casino site.

I've cleaned up the htaccess and configs etc so am all in the clear. Really scratching my head over it though. They even added themselves on the GSC as a property owner.
 
Yes its WP. They were admin roles. They also added a bunch of ftp accounts in the cpanel. Basically it was a bunch of code that was redirecting mobile visitors to a Turkish casino site.

I've cleaned up the htaccess and configs etc so am all in the clear. Really scratching my head over it though. They even added themselves on the GSC as a property owner.
aaah okay ja seen this before on someones site not sure how they fixed it.

sounds like you got to change your cpanel passwords add 2fa and check your SSH access.

been hearing about domain jacking latley as well. Not sure how the preventative works (check with domains)

Woo is the biggest pile of poop when it comes to performance.
each their own woo does a LOT of unnessary tasks ill admit that. but if not properly managed then yes it becomes an issue.
 
Top
Sign up to the MyBroadband newsletter
X