2012.02.28 10:25am EST
Systems administration has identified a DDOS attack on our biz117 and biz82 servers. While the server is up and on online, at times it may appear that your website is down. Please be aware that this type of attack is not targeted at compromising a server, server security is not the target. You can find more information on DOS attacks here:
What is a DDOS attack?
Our Systems Administration team is working diligently to mitigate the issue. We anticipate this should be resolved shortly and appreciate your patience.

2012.02.29 9am EST
The DDOS attacks have continued intermittently over the last 24 hours. In our continued efforts, our System Administration team has updated the IP address of our biz117 server in attempt to thwart the attacks. Because of this IP address change, websites on biz117 may appear to be down while the DNS changes propagate. If you're not seeing your website, the DNS changes should finish propagating within a few more hours at most, which will bring your site back up for you. In some cases, you can bypass propagation by clearing your local DNS cache, and you can find instructions here on how to do so.

2012.03.01 10:20am EST
The DDOS attack targeted at our biz82 server appears to have subsided, however we are still actively monitoring the server. Due to additional updates on our biz117, the server's IP address has been changed again, this time to 173.247.243.117. This change, as before, may make your website appear down while DNS propagation takes place.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2012-02-29 4:08 pm
I moved to your service with the expectation of solid performance. For two days now I have had significant downtime.
The support techs have no advisement as to when the problems will be resolved and only apologize. I pay for business class service, I expect professional service and not an apology.

This is wholly unacceptable to be down for stretches of time since the day I moved to inmotion.
2012-02-29 4:20 pm
I agree with Justin and have had the exact same experience. I haven't had a chance to even work on the site at this point and have had spotty at best email access. Completely unacceptable. WHEN WILL IT BE RESOLVED? I was told earlier that it would be resolved today...
Staff
9,967 Points
2012-02-29 4:31 pm
Hi Justin,

I just wanted quickly respond to your comment here to let you know that our Support Team is here and is doing all we can to resolve the current issues at hand. Our servers are in essence being attacked, and our System Administration team is working around the clock to battle and subdue these DDOS attacks. Due to the complexity of this DDOS attack, it's unfortunately not easily mitigated with a simple solution.

We understand your frustration, and agree that having a website down for such a long time is unacceptable.

There have been reports by other hosting providers that they have found themselves under similar DDOS attacks. While this is not an excuse for your downtime, I did want to point out that any server on the web can be attacked in such a manner, and it just so happens that our servers are being targeting at this time.

I am sorry that when you call, our Support Technicians are unable to provide you with many details on what's going on. The truth is, our System Administration team are the ones tackling on what's going on, and they're not available to take phone calls and explain in depth the situation.

I'm more than happy to address any additional questions / concerns that you may have, feel free to post another comment.

Thank you,
Tim S.
2012-02-29 4:34 pm
Yes it's frustrating to have your site down, but there is no quick fix for DDOS attacks. They identified the problem and are moving to fix it by switching IPs. Unfortunately in the world of DNS, this takes hours/days to propagate to the servers throughout the world. This is dependent on how often the DNS servers you use update. I have a site on one of these servers too, but it's not InMotion's fault that some morons decided to attack them.
2012-02-29 4:42 pm
What, is this the first time there has been a DDOS attack in the history of the internet?

Serious?

Why haven't you planned for a DDOS attack? I feel like I paid a bush league group of kids to host my business and now i'm actually embarrassed in my selection of hosting. Why don't you have a plan to handle this rather then running around with your hands in the air saying "GOSH GOLLY WE ARE SO SORRY!!!".

Do you actually have a disaster plan? Aren't you embarrassed by all these fiasco's?

If I ran a hosting company I would be.
2012-02-29 4:42 pm
******Hi Justin,

I just wanted quickly respond to your comment here to let you know that our Support Team is here and is doing all we can to resolve the current issues at hand. Our servers are in essence being attacked, and our System Administration team is working around the clock to battle and subdue these DDOS attacks. Due to the complexity of this DDOS attack, it's unfortunately not easily mitigated with a simple solution.

We understand your frustration, and agree that having a website down for such a long time is unacceptable.

There have been reports by other hosting providers that they have found themselves under similar DDOS attacks. While this is not an excuse for your downtime, I did want to point out that any server on the web can be attacked in such a manner, and it just so happens that our servers are being targeting at this time.

I am sorry that when you call, our Support Technicians are unable to provide you with many details on what's going on. The truth is, our System Administration team are the ones tackling on what's going on, and they're not available to take phone calls and explain in depth the situation.

I'm more than happy to address any additional questions / concerns that you may have, feel free to post another comment.

Thank you,
Tim S.*****

What, is this the first time there has been a DDOS attack in the history of the internet?

Serious?

Why haven't you planned for a DDOS attack? I feel like I paid a bush league group of kids to host my business and now i'm actually embarrassed in my selection of hosting. Why don't you have a plan to handle this rather then running around with your hands in the air saying "GOSH GOLLY WE ARE SO SORRY!!!".

Do you actually have a disaster plan? Aren't you embarrassed by all these fiasco's?

If I ran a hosting company I would be.
2012-02-29 4:47 pm
******Yes it's frustrating to have your site down, but there is no quick fix for DDOS attacks. They identified the problem and are moving to fix it by switching IPs. Unfortunately in the world of DNS, this takes hours/days to propagate to the servers throughout the world. This is dependent on how often the DNS servers you use update. I have a site on one of these servers too, but it's not InMotion's fault that some morons decided to attack them.******

Not really that hard. Firewalls and IDS solutions can deal with this before the attack drops the server. Additionally - it appears they have a high TTL so we are all hosed as the dns records stale. In the end it all comes down to planning - remember the 7 P's. Piss poor planning promotes piss poor performance.
2012-02-29 5:47 pm
Well unfortunately i have had the same problem for 3 days now, and i purchased the service 7 days ago and moved from previous provider on the weekend so basically no availability so far. Actually my site not running is not a problem, i couldnt care less, but email... that is another thing, my small company relies on email for communicating with our clients every day, and trust me not having emails is creating a big problem, having to print documents and sending them with a messenger(delivery guy or however you want to call it), i have spent in these 3 days twice the amount i pay for a year of your service in delivery guys and printing documents.

Anyways i am not looking forward to any more explanation i do understand you are in a tough spot right now and am sure you are working full time and staff on this subject i just hope you get it resolved asap, and i am using the word hope, because as you, i am also in a tough spot for not being able to send or receive emails.
2012-02-29 6:29 pm
I recently switched from another hosting provider to InMotion Hosting in hopes to get away from this problem that was happening with Network Solutions.

One better part about their support is they are letting you know what is going on. While I'm very dissatisfied the email is down, at least they are kind enough to let you know what the problem is and they are working to resolve the problem.

Like most business, my business relies heavily on email. When email is down, it can be a very costly loss when this happens. I lose clients when this happens.

The reason I switched to InMotion Hosting is because they told me they have a 99.99% up-time on their email. It has been less than a month since I've completed the switch from Network Solutions. I hope this is resolved in the very near future.

I would think a properly configured router should be able to help prevent these types of attacks.
2012-02-29 7:00 pm
I am also on biz117 and being affected by this outage. I was told by an agent today that this is the 2nd such attack in the last 6 months. You'd think they would learn a couple lessons from the lat one?

He also told me that the problem may still persist after the IP address propagates.

It sounds like the "solution" is to email support and ask for your site to be moved to another server in their rack.

The thing that really baffles me is this DNS propagation... a few times today I actually saw the new IP address after flushing DNS and pinging my site. Then, moments later, the old IP returns.

Something flaky is happening with the DNS propagation and when I mention what I typed above it seems to fall on deaf ears.
2012-02-29 7:13 pm
This is really ridiculous and the 5th time I've been down in the past month. I've worked for a Hosting company and I understand what's involved in dealing with these attacks, but I've never seen a site down for more than a few hours because of a DDOS attack. That's insane.

Not only that, I've never seen a company that needs to actually update their DNS records to deal with the attack. Find out whose domain name is under the DDOS attack and null route the traffic until the attack stops. This isn't rocket science. I've been with you guys less than 2 months and I'm already looking for a new host.
2012-02-29 9:32 pm
******]This is really ridiculous and the 5th time I've been down in the past month. I've worked for a Hosting company and I understand what's involved in dealing with these attacks, but I've never seen a site down for more than a few hours because of a DDOS attack. That's insane.

Not only that, I've never seen a company that needs to actually update their DNS records to deal with the attack. Find out whose domain name is under the DDOS attack and null route the traffic until the attack stops. This isn't rocket science. I've been with you guys less than 2 months and I'm already looking for a new host.******

I'm done.I cant have stretched out periods of darkness.

When they detected issues they should have immediately moved their customers to something stable, not twiddle their thumbs waiting for the phones to blow up with angry customers.

What really surprises me is the customers who take this.
2012-02-29 9:46 pm
******I'm done.I cant have stretched out periods of darkness.

When they detected issues they should have immediately moved their customers to something stable, not twiddle their thumbs waiting for the phones to blow up with angry customers.

What really surprises me is the customers who take this.******

You can't move hundreds of Customers during a DDOS attack. That just isn't feasible. What they should have done is detected the domain name(s) that were under the DDOS attack and shut them down until the attack stopped.

They're right, DDOS attacks can't be avoided, but they aren't dealing with this the right way. They are effectively punishing everyone on the server with allowing it to continue. Shut down the affected domains/websites.

It's a pain for people to switch hosts and while I'm looking, I don't really want to go through the hassle of moving again. Hopefully they get things sorted soon or I will be moving.
2012-03-01 12:26 am
JVisgaitis - I'm curious if you're on biz117 or biz82? Like most posting here, I, too am a new customer, who signed up over the weekend, and am already beginning to doubt the advertised 99.9% reliability. I work for a company that offers web hosting (among DSL, email, etc.) and having this long of downtime is NEVER acceptable, especially for our business customers.

One other thing that really baffles me, is InMotion hosting apparently installs, by default, a "ONLY USE IN DEVELOPMENT" php.ini file in my home directory -- seriously? That's practically asking for security vulnerabilities. Granted it's not used unless you modify the .htaccess file to point to it, but if you don't, and use InMotion's default php.ini file, all PHP errors are displayed on your site, complete with file paths, usernames, possibly even passwords (which means display_errors in the default file must be set to On, a big no-no on production sites).
2012-03-01 12:28 am
******When they detected issues they should have immediately moved their customers to something stable, not twiddle their thumbs waiting for the phones to blow up with angry customers.******

It's actually a giant UDP flood, so it could be any of the customers on that server.
2012-03-01 12:30 am
Oh yeah, and although helpful for development purposes, also not a good idea to have a "phpinfo" file somewhere within your website path, also a default file placed in new customer's home folder.
2012-03-01 12:40 am
@crownoflife I'm on biz117. When I go to my site now, all I see is a page that gives me my IP and has the Inmotion logo on it.

99.9% uptime is a marketing spin. It takes into account all of their hosting servers, not just the ones we are on.
Staff
9,967 Points
2012-03-01 9:24 am
Hi everyone,

I've seen a number of comments here in the last 24 hours. Most of the comments seem to be about venting frustrations and that's understandable.

If you have specific questions or need any assistance please feel free to ask a question on our support center or post further comments.

Thanks!

Tim S
2012-03-01 11:34 pm
@JVisgaitis I've been put on biz117 too. Five times in a month? That's absurd. If I didn't have a cPanel requirement for my new website, I would've stuck with 1&1 hosting - I've had them with years without any problems, not to mention they always email me if servers have planned maintenance, new billing changes, etc. Why doesn't InMotion hosting email us, instead of posting these updates via their public website for the whole world to see, including the attackers?
2012-03-02 12:43 pm
I'm not going to praise InMotion's response to this event. There's no reason that the effects of a DDoS should be felt for more than a few hours these days. There are numerous ways to protect against, and resolve, DDoS attacks in a way that minimizes downtime for everyone that isn't the target of such an attack. The fact that after two days this is still an issue indicates that not enough is being done to resolve the problem.

In addition to not having the problem resolved as of the time I'm posting this, the lack of DIRECT communication about the issue is less than wonderful as well. As I don't use InMotion's DNS servers (for several reasons), I need to manually update my domain when changes occur. Finding out about this only after trying to access my site, then visiting the support site when I wasn't able to reach my site, is not the way I want to find out about issues like this. An email should have been sent to all customers on the affected server(s) once IP address changes were made. I shouldn't need to visit the Support site to find out about changes like this.
Staff
9,967 Points
2012-03-02 12:52 pm
Hi MikeV,

Thanks for posting your comment. I understand your frustrations and you make valid points.

I can tell you we have staff that are focusing on developing methods to streamline how we contact and reach out to customers in instances like these.

As more information becomes available, and these new methods are released, we'll post more information.

Feel free to contact us if you have any further comments or questions.

Thanks!

Tim S

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

21 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!