All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DelimiterVPS suspended my server and client area is offline
Yesterday evening they opened a ticket at my account saying that there was a 350Mbps DDoS attack at my server, which is weird, because it's only being used as a development server and nothing public is hosted on that server.. So i don't know why anyone would attack my server, i wouldn't even know how that person knows the IP of my server
They've suspended my server because of that and it has been offline for over 10 hours now because they simply did not reply back to the ticket i answered saying that it was just a development and test server and if i could get my server back online
Today i woke up and noticed that their entire client area is offline due to DDoS against their client portal
Down for Maintenance (Err 3) Due to on-going denial of service attack against the client portal, it has been disabled for now. Sales & Support will be provided by email through [email protected] and [email protected]. We apologise for the disruption
Anyway, is this normal for a provider? I know this is a lowend server but i don't agree with the way they're threating customers, suspending a server because of a 350Mbps attack which is barely 40mb/s (notice, this attack only lasted less than a minute from what i can tell from the logs they've sent me)
Anyone else have had this issue with them?
Comments
If their client portal is down due to DDOS maybe someone is cycling an attack across their IP ranges, hence why your server is down?
Is it something in UK? There seem to be a lot of DDoS attacks against UK Lowend providers. It seems that some people have strange ideas for "competition".
When they suspended my server the client area was still working, because they had opened a ticket saying that my server was suspended duo to an incoming ddos attack
Server is located in the USA
No issues on my end for server or connectivity wise. Currently streaming Plex. But panel is down for me as well, for same aforementioned reason.
I had a 24h nullroute yesterday on lowendguide because of ddos.
I decided to use cloudflare ipv4 to ipv6 to keep it online. Some parts of the world had problems with cached dns entries.
Do your server have ipv6?
Yes, i was using IPv6 for testing purposes, had about 15 IPv6 addresses added at my server
Very strange of them to do this, hope it gets resolved.
Keep us updated please.
Will do.
I've already sent them an email, but haven't got any reply yet
Seems like this is a really bad company as they are not sending any updates (last update was 10 hours ago on their twitter)
I'm really wondering what's going on at them right now..
@MarkTurner
Since the Support and the Marketing team is different, I can only hope this issues solved immediately. Most of us still remember how Delimiter in the past.
But due to good attitude of Mark Turner in here, people just forget it and try Delimiter again
Were you ddosed on ipv4 or ipv6.
Perhaps they shut everything down for you?
From the logs they provider, Ipv4
Yep true, Mark Turner makes the difference for me.
And the server is not accessible with ipv6?
Then they must have "pulled the plug" on you.
Server has been suspended, they have never reactivated the service for me again
https://twitter.com/DelimiterVPS
The OP's problem (if he is who I think he is) is that he had an outgoing DDOS from his server about 2-3 days ago causing disruption, then yesterday an incoming DDOS causing disruption. Both times his IP's were null routed. Its more than likely the incoming DDOS was a retaliation for his previous outgoing attack. He was provided flow data for both his outgoing attack and the incoming attack.
As for the DDOS attacking Delimiter's website, that is hosted off-network (for obvious reasons) at Carat Networks in Toronto. They seem to have received a number of attacks over the past few weeks and most recently the /24 where Delimiter's server is located is being bombarded.
We have temporarily moved Delimiter's website to another server at another datacentre and fronted it with Cloudflare as a quick solution. We need to wait for the DDOS against Carat to end the blackhole removed then we'll restore access to the client portal.
In the meantime if you need assistance email [email protected] or for sales - [email protected]
350Mbps attack in terms of bandwidth is small but the PPS is probably what triggered the blackhole action. If this event is the one I believe it to me, it actually lasted about 25 minutes before action was taken. We generally only send customers 100 flow events rather than the whole series of events.
Yeah, Mark Turns up.
They should look into getting some decent DDoS protection for their main site.
@MarkTurner said
Excuse me? 200 mbps outgoing traffic is not a ddos, also, support told me that there was most likely an open resolver on my server, after which I disabled certain things.
Now 25 minutes, provide me with the logs because I don't believe this crap
I would have noticed because i was working with my server a few minutes before I got suspended, and I haven't seen any high traffic going through the server.
@Joodle 200Mbps of valid traffic is NOT a DDOS correct- but if it was classified as a outgoing attack then it would have been 200Mbps of garbage ICMP or UDP traffic to a variety of IPs.
Open resolvers are often the cause of outgoing DDOS, so are certain NTP servers. If you had an open resolver then that would have been easily used to reflect an attack from your server outwards.
Irrespective if your server if your server is responsible for outgoing DDOS traffic then its your responsibility to resolve (excuse the pun) the issue by patching and configuring your server to prevent it. We do not offer any DDOS protection.
What is your server's IP address?
@DDoSHost - have been telling them that for months. I would actually prefer these sites hosted within our network but we are not permitted to in case of internal network issues. We need a way to communicate with customers. In this instance, its the other way around, its the third party network that borked.
@MarkTurner said
xxx.xxx.245.39 [IP partially censored. S.]
I don't care about having it public
Not a very responsible attitude especially given your server current predicament.
I'm gonna have it canceled anyway, don't want more problems with ddos etc
But you don't mind to cause them to others?