The content of the message from the company that is responsible for maintaining servers:
There are difficulties in accessing your services today. The problem concerned the vast majority of our servers – both shared, via vps, and large dedicated machines.
Unavailability was associated with a very large DDoS (Distributed Denial of Service) attack that took place today (Friday, 10/01/2020) around 13:00 – 15:30.
The attack involved a very large number of connections to the web server (and only to the web server). Connection times were 150,000 / second.
Each connection was the correct connection, as if someone were just browsing the website – however, because there were extremely many connections, the servers could not keep up with their operation and sometimes the site did not work (or not all clients). After a while, some sites might work so that they won’t work again in a moment. Other services than www worked well, including e-mail.
We haven’t had such a big attack in our network so far. We have a very advanced antiDDoS system that can usually filter unwanted traffic very effectively. Our system has many of its own rules, uses external IP reputation databases and works effectively and imperceptibly on a daily basis. The antiDDoS system also fulfilled its function in the case of this attack – most of the traffic was filtered before it reached the web servers. However, the movement that arrived still caused significant difficulties.
The factor impeding effective filtering of traffic was the fact that the attack was largely from computers in Poland – computers from Neostrada / Orange, cellular networks (a lot of traffic from the Plus network) and cable television networks connected to our servers. They were probably infected with the computers of ordinary users. Such a movement resembles legitimate connections and it is very difficult to filter it. The attack was so distributed that IP addresses attacking one server practically did not repeat on other servers, which further hindered the analysis.
An interesting fact is that at the time when the attack on our network was ongoing, many other large websites did not work in Poland – at least three banks did not fully operate: mBank, ING and Santander. We also know unofficially that other hosting providers also had problems at the same time.
A team of several experienced administrators worked on our part on analyzing network traffic and preventing attacks.
We apologize for the inconvenience that took place today. We strive to eliminate this type of problems and on a daily basis our activities are imperceptible to our clients, which means that they are effective.
Thank you for the confidence shown to our company and we wish you the least stressful hosting situation in the New Year 2020. We assure you that we will actively help in fulfilling this wish.
dr inż. Wojciech Babicz
President of the Board Smarthost Sp. z o.o.