Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Linode Suffering Attacks Lately - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Linode Suffering Attacks Lately

2

Comments

  • Colocrossing buy a new site secretively? :)

    https://forum.linode.com/viewtopic.php?t=8530

    • in 2012.
  • perennateperennate Member, Host Rep
    edited December 2015

    http://status.linode.com/incidents/mmdbljlglnfd

    Edit: ah didn't see it was already posted

    I’d like to share some updates about the recent DDoS attacks.

    I am one of several network engineers at Linode who have been working around the clock on DDoS mitigation. While things are stable, I would like to take a moment to publicly address the large and frequent DDoS attacks that we have been receiving since Christmas Day.

    It has become evident in the past two days that a bad actor is purchasing large amounts of botnet capacity in an attempt to significantly damage Linode’s business. The following is a partial list of attacks we have received in no particular order:

    • Multiple volumetric attacks simultaneously directed toward all of our authoritative nameservers, causing DNS hosting outages
    • Multiple volumetric attacks simultaneously directed toward all of our public-facing websites, causing Linode Manager outages
    • Layer 7 (“400 bad request”) attacks toward our web and application servers, causing Linode Manager outages
    • Large volumetric attacks toward our colocation provider’s upstream interconnection points, overwhelming the router control planes and causing significant congestion/packet loss
    • Large volumetric attacks toward Linode network infrastructure, overwhelming the router control planes and causing significant congestion/packet loss

    All of these attacks have occurred multiple times. Over the course of the last week, we have seen over 30 attacks of significant duration and impact. As we have found ways to mitigate these attacks, the vectors used inevitably change.

    As of this afternoon, we have mostly hardened ourselves against the above attack vectors, but we expect more to come. We are working extremely closely with all of our technical partners, including our network equipment vendors and our colocation providers, to prevent future attacks.

    Once these attacks stop, we plan to share a complete technical explanation about what has been happening. Additionally, we will be announcing the details of an ongoing project to significantly improve our internet connectivity and resiliency.

    We would like to apologize for the lack of detail in some of our recent status-page updates. Please know that we are dedicating all resources from multiple departments to stopping these attacks. We acknowledge the amount of downtime we’ve been experiencing is completely unacceptable, and we appreciate the understanding and support we have received over the past several days. We will share more information as our investigation continues.

    Alex Forster

    Network Engineer at Linode

  • I hope a lot of providers start to think about current problems in new year with DDoS attacks, and how mitigate them...

  • Alex Forster should recognize:

    Thanked by 1lifehome
  • xavier said: Alex Forster should recognize:

    So... what about this??? ¬_¬

  • @yomero said:
    So... what about this??? ¬_¬

    Well he retweeted it recently :)

    Thanked by 1yomero
  • @raindog308 said:
    Linode, KnownHost, WiredTree...none offer DDOS protection even as an addon.

    For those of you looking for DDOS protection against your site, you can simply use a service like CloudFlare as a proxy. They have robust DDOS protection, and you're even assigned a CloudFlare IP that masks your real IP. I've yet to suffer from an attack since doing so. There's probably other such companies, but I've never looked into them.

    The current issues at Linode are targeted directly at their upstream provider which is outside of your/their control. Also, if the physical server, in which your virtual server is hosted on, is under attack, there's nothing you can do about that either, which is why they probably don't offer a subscription based option for individual protection. It's up to them to fix it at the physical server level.

    Today's outage has lasted for 9 hours so far!

  • jarjar Patron Provider, Top Host, Veteran

    Hats off to their team. I doubt they're sitting over there right now refusing to spend money on it, whatever is going on is spread enough that there's no one quick way out for them obviously. I hate that they had to spend their holiday dealing with this.

    Thanked by 1MikePT
  • Pathetic competitor I'm sure. I had to move my machine that was up 189+ days on 8001 (NAC MMU)

    Pissed some little shit(s) are spending the holiday on this.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    @jarland said:
    Hats off to their team. I doubt they're sitting over there right now refusing to spend money on it, whatever is going on is spread enough that there's no one quick way out for them obviously. I hate that they had to spend their holiday dealing with this.

    Same. Perhaps they'll invest in DDoS mitigation hardware though.

  • linode deadpooled?

  • @creep said:
    linode deadpooled?

    no, they are very old company with agressive adversting, and a lot of clients.

  • Linode has to get a calendar. Not first time they had DDOS outages. Been many years of problems. Good company, but DDOS protect is necessary or some means of dealing with this gracefully (automated nulls). Leadership issue and lack of invest is going to erode their customers.

  • HTTPS slowly became Internet standard, why DDOS protection can't? I hope we get DDOS protection as a standard, not premium features on all webhosting.

  • Our Ecommerce website with Linode had like 1 hour of downtime. I mentioned to move the website to the pony.
    Bad thing is that I don't see a 2 gb option with ssd and add a plus for ssd . Also we eat less than 150GB/mo while pony's come with 10 TB which would be an overkill.

    I do like Francisco's products BTW

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @inthecloudblog said:
    Our Ecommerce website with Linode had like 1 hour of downtime. I mentioned to move the website to the pony.
    Bad thing is that I don't see a 2 gb option with ssd and add a plus for ssd . Also we eat less than 150GB/mo while pony's come with 10 TB which would be an overkill.

    I do like Francisco's products BTW

    It's on the high volume table under the main ones :)

    Francisco

    Thanked by 1inthecloudblog
  • NyrNyr Community Contributor, Veteran

    rokok said: HTTPS slowly became Internet standard, why DDOS protection can't?

    Because it's expensive, specially for small ISPs and regions where bandwidth is not cheap.

  • FlamesRunnerFlamesRunner Member
    edited January 2016

    CloudFlare is clearly doing a good job when I try to help someone on LET with a PHP code snippet and get blocked for it :p

    CF Web Application Firewall = complete garbage

    Thanked by 1GM2015
  • Linode run its own network or they are mostly rely on softlayer network?

  • yomeroyomero Member
    edited January 2016

    cstreater said: CloudFlare

    No.

    These attacks aren't directed to some site of us, but to someone else or directly to Linode.

    Having cloudflare in our site doesn't help at all.

  • That's a pretty shit situation to be in.

  • Cloudflare can only filter the traffic to domain but if IP are attacked directly on the node then cloudflare cannot do anything.

  • It is too bad it did not work. They went back online and down an hour later. It is not looking good with well over 24 hours of downtown plus a lot more over the past 7 days.

    But their new posts says they have new connection and will have "DDoS mitigation hardening".

    @kcaj said:

    That's a pretty shit situation to be in.

  • smansman Member
    edited January 2016

    @turbovps said:
    Cloudflare can only filter the traffic to domain but if IP are attacked directly on the node then cloudflare cannot do anything.

    Yea, was shaking my head at the cloudflare comment. Also someone talking about cpanel.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    I wonder if it's because of the spammer gang that's been lighting them up on spamhaus?

    https://www.spamhaus.org/sbl/listings/linode.com

    They had a mass clear out just the other day of probably 20+ listings as well, all ROKSO's, so it looks like the gang's either rooting or abusing credits/etc.

    It would make sense for them to start eating packets if they started suspending/nuking the accounts.

    Francisco

    Thanked by 2yomero vimalware
  • TitanicFreakTitanicFreak Member
    edited January 2016

    Seems like Linode Atlanta is now using Level3 instead of Zayo, an unexpected change to many I assume. They also seem to be entirely droping ICMP for IPv4 traffic.

  • Nick_ANick_A Member, Top Host, Host Rep

    Level 3 bought out Black Lotus and offers in-house filtering. Makes sense that Linode would give that a try.

    Thanked by 2yomero vimalware
  • Francisco said: I wonder if it's because of the spammer gang that's been lighting them up on spamhaus?

    Maybe they are, but I guess they have other "enemies" and competitors around.

    PS: I was waiting to see some rumours about the attackers or something, but never read anything except your idea. Not having any is not funny, lol.

  • They're now blocking everything except Western Europe and North America. El Reg has a good article.

  • Pleased that Linode seem to be getting sorted now. Maybe the team will get their Christmas and New year breaks now!

Sign In or Register to comment.