QuadHost.net timing out for some ISPs?

Unixfy

It seems that Quadhost.net is timing out for some connections (isup.me shows it as up, and I can access it when using some VPNs), is anything up @Quadhost?

NOTE: Solved, I got blacklisted by DDoS protection

rgigengz

Works fine for me.

Unixfy

rgigengz said: Works fine for me.

I'm aware that it works fine for some people, but I'm curious as to why it's not working for me, as well as some VPN connections....
@QuadHost
@QuadHost

Amitz

Have you considered opening a ticket with them? Just an idea...

Unixfy

Amitz said: Have you considered opening a ticket with them? Just an idea...

Yes, I have opened a ticket with them.

Amitz

@karatekidmonkey said:

Amitz said: Have you considered opening a ticket with them? Just an idea...

Yes, I have opened a ticket with them.

Great thing! That's the spirit!

perryoo11

Magic.

Unixfy

perryoo11 said: Magic.

Uhhhh....okay

linuxthefish

Their main site IP looks to be under clouvider ddos mitigation, so routes might not have updated in some locations?

Unixfy

@linuxthefish
Oh it is? Maybe that's what happened. Hm.

linuxthefish

@karatekidmonkey said:
@linuxthefish
Oh it is? Maybe that's what happened. Hm.

Run a traceroute and see where it stops?

Unixfy

The IP address that I get after tracerouting is one that belongs to Clouvider, I guess it is DDoS protection

tommy

oh, no! their VPS panel still UP, who care about their website ? (their website just fine)

Clouvider

@linuxthefish said:
Their main site IP looks to be under clouvider ddos mitigation, so routes might not have updated in some locations?

More likely NTT's Arbour platform has identified the connection as suspicious and blacklisted @karatekidmonkey IP.

QH is under SYN flood, and as such excessively refreshing the website (especially when you have a number of plugins in your web browser that created even more connections) when it's loading and being authenticated by the scrubbers sends the IP to the blacklist, as the traffic you generate is too similar to the attack they are receiving.

If you got blacklisted by NTT for that reason, you'd normally not reach Clouvider's network in the traceroute, and the last reachable hop would be somewhere in the NTT's network.

If this is the case feel free to contact QuadHost or our NOC directly (https://www.clouvider.co.uk/contact-us), we will be happy to ask NTT to whitelist your IP.

rm_

IPv6 is not working on that website:

 Host                                      Loss%   Snt   Last   Avg  Best  Wrst StDev
...
 2. 2a02:2698:8000::501                     0.0%    10   13.7  43.1   1.9 326.5  99.9
 3. 2a02:2698:8000::1e02                    0.0%    10    4.3   1.9   1.3   4.3   0.8
 4. GW-ERTelecom.retn.net                   0.0%    10   28.3  28.5  28.3  29.5   0.3
 5. ae11-154.RT.M9P.MSK.RU.retn.net         0.0%    10   28.4  28.4  28.1  28.8   0.0
 6. RT.TC2.LON.UK.retn.net                  0.0%    10   78.5  78.8  78.5  79.5   0.0
 7. LINX-JUNIPER-SOV.PEERING.CLOUVIDER.NET  0.0%    10   79.7  79.6  79.5  79.7   0.0
 8. 2a04:92c1:1:7::1                        0.0%    10   79.8  79.7  79.6  79.8   0.0
 9. 2a06:8ec0::4                            0.0%    10   79.8  79.8  79.7  80.0   0.0
10. ???

so when a client tries to use IPv6, it will hang for a long time.

$ curl -v https://quadhost.net/ -6
* Hostname was NOT found in DNS cache
*   Trying 2a06:8ec0:0:252::...
* connect to 2a06:8ec0:0:252:: port 443 failed: Connection timed out
* Failed to connect to quadhost.net port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to quadhost.net port 443: Connection timed out

Also I can't load it via Squid proxy, because Squid currently doesn't fall back to IPv4 as it should.

Probably deployed v6 years ago and then stopped caring or verifying that it actually works.

quadhost

Apologies to everyone for the delay in response here, we figured you would all appreciate our efforts in resolving the issue rather than visiting a 3rd party forum.

@karatekidmonkey more than likely as @clouvider suggested you were picked up as a false positive by the protection during the attacks.

@tommy said:
oh, no! their VPS panel still UP, who care about their website ? (their website just fine)

Only our main site was hit by the attacker, all client VM's and systems remained online.

rm_ said: IPv6 is not working on that website

Correct it wasn't, and is now resolved...

PING quadhost.net(2a06:8ec0:0:252::) 32 data bytes
40 bytes from 2a06:8ec0:0:252::: icmp_seq=0 ttl=55 time=11.7 ms
40 bytes from 2a06:8ec0:0:252::: icmp_seq=1 ttl=55 time=8.22 ms
40 bytes from 2a06:8ec0:0:252::: icmp_seq=2 ttl=55 time=8.24 ms
40 bytes from 2a06:8ec0:0:252::: icmp_seq=3 ttl=55 time=8.17 ms

--- quadhost.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3011ms
rtt min/avg/max/mdev = 8.175/9.106/11.788/1.552 ms, pipe 2

 ---- Finished ------ 

rm_ said: Probably deployed v6 years ago and then stopped caring or verifying that it actually works.

Thats your opinion that you are free to have however it is not the case.

Unixfy

quadhost said: Apologies to everyone for the delay in response here, we figured you would all appreciate our efforts in resolving the issue rather than visiting a 3rd party forum.

It would be ideal if you could do both, but yeah I guess solving the issue is better

quadhost said: @karatekidmonkey more than likely as @clouvider suggested you were picked up as a false positive by the protection during the attacks.

That's probably true, I have quite a few browser addons that create additional connections to the servers. During that time I just setup openvpn on one of your i-83 nodes and used it to access the client area

Issue solved at this point.