QUOTE What happened?
At 12:45 AM, Easten time, Thursday, March 21 the server went under a DDoS attack. What is a DDoS attack? It means distributed denial of service attack. What this means in basic is that someone on the internet is using lots of other peoples computers to send bogus requests to the server. This bogs down the bandwidth, and floods all connections with useless garbage so nothing valid can get inside. Hence why the site and all services have been "down."
First Response
My first response to the attack was this: change the server IP address. Seemed simple enough and it worked last time. This time however, it did not work. Why? Someone was directly attacking the domain name, jcink.com, particularly the b1.jcink.com subdomains.
In an effort to find out what domain was being attacked, I scrambled, and only added IP records for two domains, my main one jcink.com and forum.jcink.com, as well as ONLY support.b1.jcink.com. Whenever I pointed b1.jcink.com, the attack hit and hit hard.
After working on this until 5am on Thursday, I left the support ffiorums online and posted a message stating that I'd try to get this solved at 11AM. I thought the attacker may have stopped by 11AM but it did not.
At that point, I called my ISP to see if they could do anything. Unfortunately they told me there was little they could do at their end and simply brought me through basic procedures of getting my connection online. No help there.
Now I began looking for DDoS solutions and eventually I remembered one from the past. It allowed me to install a hardware based firewall to guard the server. I spent from around 3PM to 6PM on Thursday installing and configuring this system, as the attack continued.
Around 6:30 PM when I had everything set up, the attack seemed to have stopped, or at least died down a lot. In any case we were up and running again and it appeared the firewall was doing great and the attack had died off.
9PM EST hits and I'm still not sure exactly what went on. I believe the attack started again and got worse, so we got taken down. It couldn't be held off; it was passing all connections through our regular router and hardware router. I determined this double pass was slowing everything down and preventing good blocking. The router HAD to be moved aside and put on a separate line, but I didn't have the hardware to do so.
I left the system plugged in with no router 1AM on friday and went to bed, and the site remained online all night. Around 2PM I bought the piece of hardware I needed and began chipping away at the hardware firewall to allow it to connect. I thought it would only take around 15 minutes to complete but it lasted much longer than that. I had a lot of complications getting it to work, and that's what I've spent all the time up until now on.
What's happening now?
We're still being attacked, but we're online. It rages on, but the health of our connection is excellent. At the moment, the firewall is blocking it all off, which is why you can even read this message.
Do you know who did it, who is doing it, and why?
No we do not know this information for sure. I've gotten several emails of theories mailed to.me, which I thank you all for sending, but no proof of any of it. I also do not know exactly which site(s) are being hit.
Will there be any more downtime?
There could be. There's still some configuration that the firewall might need, and there's always the chance the attack will become stronger. I'm confident at this point though we're pretty much alright for now. But no promises. Just remember, they are still attacking but we're blocking it.
What is the state of the site and services?
I realize there are some bugs going on now because of this. The network changes have made a few issues internally and externally. Please post in support section if you're experiencing issues, and I'll try to fix everything up. I am already aware of some areas in need of fixing and I'll be working on those over the next day or so.
Is there anything you can do?
At the moment, no. You guys have all been great and I couldn't thank you enough for being patient with me during these hard times.
The only thing you need to do is; if you have your own domain name please update the IP address to 67.81.196.235 if you haven't already, OR (recommended) set a CNAME on b1.jcink.com so you'll never have to update it again.
Once again. thanks to everyone for your patience. I couldn't have gotten as far as I did without it, and we really, really apologize for all of this.
as you can see our host has been busy and everyone at GF thanks jcink for what he does.
