Is the site really slow for anyone else at the moment? My internet connection is fine and other sites are working as normal, but pinballinfo is laggy as hell.
Pinball info
Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Site slow
- Thread starter JT.
- Start date
yeah a little although I'm in work and this connection is unreliable so hard to say. I did just load an image from here and it took ages to load.
OP
OP
The whole place timed out for me a few minutes ago...
And well spotted those that did 
...
My name is Adam Smith, and I’m the technical director at Vidahost. On Saturday 5th of July we experienced a large scale Denial of Service attack against one of our customers. Hopefully very few of you noticed but this was, unfortunately, briefly service affecting for thousands of our customers and therefore I wanted to send an official message to let you know what happened, to give you some technical background and to explain the measures we will be taking (and already take) to ensure this can’t affect your website again.
A Denial of Service attack is normally carried out by a Botnet. A Botnet is a network home/office PCs and servers in remote locations on the internet which have been infected with a virus and have fallen under the control of a malicious group. These groups then rent time on this network to individuals or organisations who wish to carry out DDoS attacks. The compromised machines will simply flood the target website with traffic which is often indistinguishable from normal visits until the server or network infrastructure is saturated, degrading service for normal visitors.
How long did the problem last?
According to external monitoring systems, there was 10 minutes of downtime for approximately 50% of sites we host, from 15:09PM to 15:19PM. This was followed by some intermittent packet loss which may have caused slow or intermittent website loading for the following 2 hours whilst we fully mitigated the attack.
If your problem lasted longer than this, it was most likely unrelated and you should raise a support ticket for assistance.
Why do people wish to carry out a DDoS attack?
Sometimes it’s to obtain a financial ransom; the attackers will contact the site they plan to attack and demand money. If the money is not paid, they attack the site and increase the ransom.
Sometimes it’s for moral/religious reasons; they object to the content of the website and wish to make it unavailable to visitors.
Sometimes there is no obvious reason, however this is rare since renting time on a botnet is relatively expensive.
Which site were they targeting?
In the case of an interactive DDoS where web pages are requested by the attacking PCs, we can see instantly which website is being targeted and take appropriate action.
Where the traffic is not interactive, the attacking PCs open connections without sending any traffic or simply flood the target IP with random bytes of data. In this case, unless the website has a dedicated IP, it is impossible to determine the target.
Why did this affect service to so many customers?
DDoS is an arms race; it’s all about who has the most capacity. Our infrastructure is vast and, in the past year alone, we’ve spent over £1.5m on upgrades to ensure our service remains fast and reliable. The problem is that the attackers have access to almost limitless bandwidth which, of course, they don’t have to pay for.
We receive DDoS attacks on a daily basis and, due to our extensive infrastructure and R&D, these are mitigated transparently to the end user with no customers affected. In the case of a moderate DDoS we may have to optimise/cache the affected site or, worst case scenario, take it offline or move it to a dedicated server. However this attack was huge.
The attack was against one of our shared hosting load balancer IPs which already runs thousands of sites. However, in this case, the incoming traffic was large enough to saturate one of our internal trunk links. This is why so many customers, including some dedicated/virtual dedicated customers, were affected. It’s extremely rare, it hasn’t happened before and due to the changes we’re making, shouldn’t happen again.
How large was the DDoS?
We normally believe in complete transparency, except in the case of DDoS. We can’t disclose the size of the DDoS, or our exact capacity, as this would help would-be attackers to know how much traffic to hit us with.
However this was the largest DDoS that I’ve personally seen, and one of the largest that our head of networking (with over 10 years experience at the largest UK hosting companies) has seen.
How did you fix it?
The easiest fix is to have the target IP address “null routed”, to block access to it to protect the rest of our network. However, due to the nature of the Cloud platform, we’re able to be more discerning about the type of traffic we forward to it. We therefore blocked the attack traffic on the routers at the borders of our network (which have the largest capacity) and this protected the internal link and all sites on the shared hosting cloud. This required human intervention as something that drastic can’t be done automatically but ensured service was maintained to all websites even whilst the attack was ongoing.
What are you doing to prevent this happening again?
We’re carrying out further upgrades to our network infrastructure. The link that was saturated will shortly be quadrupled in capacity. We’ve just spent another £250,000 on additional routers and £30,000 on multiplexing technology. We will continue to expand and diversify our network indefinitely.
Does this happen to other hosts?
Absolutely yes. Some hosts suffer service affecting DDoS on a daily basis. Of course smaller hosting providers, simply due to lack of clients, never attract DDoS on the basis of probability. At our size we expect DDoS and protect against it.
...My name is Adam Smith, and I’m the technical director at Vidahost. On Saturday 5th of July we experienced a large scale Denial of Service attack against one of our customers. Hopefully very few of you noticed but this was, unfortunately, briefly service affecting for thousands of our customers and therefore I wanted to send an official message to let you know what happened, to give you some technical background and to explain the measures we will be taking (and already take) to ensure this can’t affect your website again.
A Denial of Service attack is normally carried out by a Botnet. A Botnet is a network home/office PCs and servers in remote locations on the internet which have been infected with a virus and have fallen under the control of a malicious group. These groups then rent time on this network to individuals or organisations who wish to carry out DDoS attacks. The compromised machines will simply flood the target website with traffic which is often indistinguishable from normal visits until the server or network infrastructure is saturated, degrading service for normal visitors.
How long did the problem last?
According to external monitoring systems, there was 10 minutes of downtime for approximately 50% of sites we host, from 15:09PM to 15:19PM. This was followed by some intermittent packet loss which may have caused slow or intermittent website loading for the following 2 hours whilst we fully mitigated the attack.
If your problem lasted longer than this, it was most likely unrelated and you should raise a support ticket for assistance.
Why do people wish to carry out a DDoS attack?
Sometimes it’s to obtain a financial ransom; the attackers will contact the site they plan to attack and demand money. If the money is not paid, they attack the site and increase the ransom.
Sometimes it’s for moral/religious reasons; they object to the content of the website and wish to make it unavailable to visitors.
Sometimes there is no obvious reason, however this is rare since renting time on a botnet is relatively expensive.
Which site were they targeting?
In the case of an interactive DDoS where web pages are requested by the attacking PCs, we can see instantly which website is being targeted and take appropriate action.
Where the traffic is not interactive, the attacking PCs open connections without sending any traffic or simply flood the target IP with random bytes of data. In this case, unless the website has a dedicated IP, it is impossible to determine the target.
Why did this affect service to so many customers?
DDoS is an arms race; it’s all about who has the most capacity. Our infrastructure is vast and, in the past year alone, we’ve spent over £1.5m on upgrades to ensure our service remains fast and reliable. The problem is that the attackers have access to almost limitless bandwidth which, of course, they don’t have to pay for.
We receive DDoS attacks on a daily basis and, due to our extensive infrastructure and R&D, these are mitigated transparently to the end user with no customers affected. In the case of a moderate DDoS we may have to optimise/cache the affected site or, worst case scenario, take it offline or move it to a dedicated server. However this attack was huge.
The attack was against one of our shared hosting load balancer IPs which already runs thousands of sites. However, in this case, the incoming traffic was large enough to saturate one of our internal trunk links. This is why so many customers, including some dedicated/virtual dedicated customers, were affected. It’s extremely rare, it hasn’t happened before and due to the changes we’re making, shouldn’t happen again.
How large was the DDoS?
We normally believe in complete transparency, except in the case of DDoS. We can’t disclose the size of the DDoS, or our exact capacity, as this would help would-be attackers to know how much traffic to hit us with.
However this was the largest DDoS that I’ve personally seen, and one of the largest that our head of networking (with over 10 years experience at the largest UK hosting companies) has seen.
How did you fix it?
The easiest fix is to have the target IP address “null routed”, to block access to it to protect the rest of our network. However, due to the nature of the Cloud platform, we’re able to be more discerning about the type of traffic we forward to it. We therefore blocked the attack traffic on the routers at the borders of our network (which have the largest capacity) and this protected the internal link and all sites on the shared hosting cloud. This required human intervention as something that drastic can’t be done automatically but ensured service was maintained to all websites even whilst the attack was ongoing.
What are you doing to prevent this happening again?
We’re carrying out further upgrades to our network infrastructure. The link that was saturated will shortly be quadrupled in capacity. We’ve just spent another £250,000 on additional routers and £30,000 on multiplexing technology. We will continue to expand and diversify our network indefinitely.
Does this happen to other hosts?
Absolutely yes. Some hosts suffer service affecting DDoS on a daily basis. Of course smaller hosting providers, simply due to lack of clients, never attract DDoS on the basis of probability. At our size we expect DDoS and protect against it.
OP
OP
That's good comms from the provider there...
I cannot praise them highly enough really - they have been very good to us here Saying that, it was after a couple of shocking episodes
Saying that, it was after a couple of shocking episodes 
I agree, very good communication and worthy of praise. Having written a few such emails, it is hard to get the balance to answer the questions without getting too technical.
We complained, they improved, sounds like good customer care (for now).
We complained, they improved, sounds like good customer care (for now).
