The beginning of July saw a set of DDoS (Distributed Denial of Service) attacks slamming at least three DNS hosting/ domain name management providers. It is believed that these attacks may have been related.
TPP Wholesale, easyDNS and DNSimple all reported temporary degradation and outages of DNS services believed to be the result of DDoS attacks.
The first victim, TPP Wholesale, experienced unscheduled service interruptions to eight of its servers. The security of Sydney-based Australian Netregistry Group, of which TPP Wholesale is a subsidiary, managed to mitigate the attack by rate-limiting DNS queries. Unfortunately, this process is somewhat prone to so-called false positives, and some innocent users were denied DNS services. The team proceeded to sort out the issue by going through results and white-listing false positives.
Victim number two, Toronto-based easyDNS, also experienced disruptions. According to a company spokesman, it appeared that this attack target the company itself, rather than just one of its clients. Finding it difficult to differentiate DDoS generated traffic from real traffic, teh company managed to at least partially mitigate the attack. Customers were also provided with a set of potential work-around options. The fact that the attacked was launched against easyDNS, as opposed to one of its clients, made isolation and mitigation of the issue a nightmare. This was not helped a great deal by the fact that the attack was also comparatively well constructed.
DNSimple is operated by Florida-based company Aetrion. Apparently, this attack used DNSimple's authoritative name servers to amplify an attack targeted at a third-party, unnamed network. It appears that this attack used a technique known as DNS reflection. Known for some time, this technique roused renewed interest in attackers after it was used in other recent DDoS attacks of previously unheard of proportions. An example of such unprecedented attacks is the attack launched on Spamhaus, a spam-fighting organisation, in March.
According to a DNSimple spokesman, this latest attack on the service was undoubtedly significantly larger in both duration and volume than previous attacks experienced by the company. It is also believed that this attack was probably aimed at hosting company Sharktech and/ or one of its clients.
Apparently, a comparison of patterns involved in these three attacks suggested that they were related in some fashion. Although TPP Wholesale and easyDNS did not confirm that DNS reflection was used in the attacks launched against them, similarities between these attacks definitely exist, at least according to findings revealed by DNSimple.
If you find your cPanel disk space filling up, or an email address has hit its disk space quota, cPanel has a helpful built in Email Disk Usage tool. This will provide you with a simple to understand breakdown of how much disk space each folder for a particular email...
Although WHM will normally automatically keep itself up to date, you may want to manually check for server updates / push through an update that is pending, or it may be that you have automatic updates switched off on your cPanel server. In this guide we will show you how...
You may sometimes need to manually adjust the PHP settings on your cPanel server – for example if a site is hitting the PHP memory, or file size upload limit. WHM allows you to quickly change the settings of any PHP version installed on the server when needed, using the...