[ANN] Microtronix Hosting down due to Massive DDoS and Brute force

[jfreak53]

As many have noticed we have had a lot of services offline all night since around 5PM or so. Last night 7 of our NODES came under a massive DDoS attack around 5PM. Not only have they bashed our network connection they firstly brute forced the Solus API of those nodes and have trashed a few VPS unit's. When we thwarted their brute force attack they then started DDoSing.

We are working on the entire case since last night but it's slow going. First we had to block them off then we have to bring everything back online. Some of the VPS unit's in that node are having to be replaced from backup and this is also taking us quite some time.

Problem being is that the VPS unit's on those network nodes, some of them, were trashed by the brute force API attack. So some of those VPS unit's have to be brought back online now and restored from our last backup state of the VPS unit's.

Second problem is that one of our DNS server's was on one of those nodes and itself was trashed, at around 9PM they took it upon themselves to attack a secondary DNS server in Denver just for the heck of it, don't know why anyone would attack a DNS server but hey that's what they did. So two DNS server's are down. All our shared hosting services are fine, problem being the two major DNS server's we have are both offline at the moment, so though the files are fine the services themselves cannot be gotten to. We are working now on restoring a DNS server to get Micro1 back online for shared hosting. Micro2, 3 and 4 are all online and working fine since they are different DNS servers.

We are working tirelessly to get things back online as we speak. Unfortunately our billing system was on it's own VPS unit in NODE 11 which was attacked also. We had a backup as of 8AM, so we are good, it's just a matter of getting thing's back online with it.

We will keep everyone posted here as updates occur.

[1714888628]

1714888628

[1714888628]

1714888628

[1714888628]

1714888628

[1714888628]

1714888628

[1714888628]

1714888628

[jfreak53]

UPDATE: We have switched nameservers on our primary domain that serves NS records. After doing that we have installed two brand new DNS servers to work off of with current DNS records.

This should bring Micro1 back online for all DNS problems that were happening. This is working for us but might take a awhile to show up for everyone.

We are still working on VPS unit's and the Network in that area to fix what went down.

[jfreak53]

UPDATE: NODES 11, 12, 14, 16, 17, 19, and 32 should be back up at this point with fresh VPS's. We are working on the recovery of the information for each VPS and restoring the rest of the the VM's that were trashed. You can login to your SolusVM panel to check if you are back online, all VPS unit's should be online, it's just a matter of time till we restore each one's state.

[jfreak53]

UPDATE: All VM's are back online now. Our billing site is online but we are still restoring state ourselves so support will be down for a bit longer till we get it back up. Sorry.

We are working on the two BTC servers now that went offline also, btc3 is there and fine as it was on NODE 47 but 1 and 2 were taken down by the attack.

[jfreak53]

UPDATE: BTC1 is back online now and access restored. You will need to check your email as we had to change user passwords for the control panel. So we are sending those back out now to all BTC1 customers. We are now working on BTC2.

[jfreak53]

UPDATE: BTC2 is now back online.

[jfreak53]

UPDATE: All VPS unit's are back up as of yesterday around noon. We are giving out account credit in different amounts to the clients affected during this hack. If your VPS was affected by this attempt please open a support ticket and we will credit your account for time lost.

All support tickets are back online and our support email is also back online. Services and purchases are also back up and online at https://clients.microtronix-tech.com

We are giving a couple days grace period until Tue. on overdue invoices due to this problem. We know it was a pain in the butt and these are things we fight daily to keep from happening, unfortunately hackers are getting more ruthless and with a sole desire to destroy just for the fun of it. The NODES effected are actually the ones we JUST got done 3 weeks before upgrading hardware on, just to have it trashed by the hack. So they got new hardware also while we were at it yesterday, again.

If anyone has any questions please feel free to open a support ticket and we will be glad to help.

[BinaryMage]

Has the SolusVM panel moved, or is it down? http://vps.microthosting.com/login.php is not accessible.

[jfreak53]

Wow your lucky I was awake I normally don't get on this thing on Sun. ha ha. You should have opened a ticket

At any rate, no it's there, you just have to enter the whole thing

https://vps.microthosting.com:5656

[BinaryMage]

Wow your lucky I was awake I normally don't get on this thing on Sun. ha ha. You should have opened a ticket

At any rate, no it's there, you just have to enter the whole thing

https://vps.microthosting.com:5656

It wasn't all that urgent; I didn't want to be too much of a bother on a weekend. Thanks, I guess I'd never received notice of the port switch. Mea culpa.