An early investigation revealed that the attack originated from Ukrain and we immediately placed our IPs under TMS guard (it filters the incoming malicious traffic, and lets the genuine traffic through, although it is prone to false positives).
We tried returning the servers back to normal at 2.25 GMT but found that we were still receiving abnormally large traffic. To mitigate this we had to leave our DNS IPs in the TMS guard for the entire weekend.
In fact, the attack has still not completely subsided but we have been able to restrict it to a manageable state where all services remain unaffected.
We wanted to share some facts with you:
- We have multiple DNS Servers with complete redundancy
- We regularly face DDoS attacks but our systems manage to prevent our services from being affected. Our resellers are therefore never inconvenienced
- This particular attack was abnormally large due to which we had to take preventive measures leading to our services being unavailable for a few hours
Steps we are taking to prevent such outages in the future:
- Adding additional dynamic firewalls which will proactively mitigate such attacks
- We are increasing our server redundancy even further to buffer against similar situations
We are extremely sorry for the inconvenience caused to all our resellers and their customers. We can assure you that we are taking every possible step to ensure that our system is not affected by such malicious attacks.
Tuesday, July 19, 2016