Dec2g Media Hosting

The reboot went quick, we’re watching core services now for any irregularities or potential ddos activity against the dns daemon.

The issues look deeper than previously anticipated, we are issuing a reboot to clean out some internal systems and we will continue to monitor once the reboot is completed.

Issues related to DNS resolution on the New York server were resulting from a failing named daemon as well as quite a few file descriptors which weren’t being deleted.

This has been cleared up, and dns is fully functional again on new york.

------------------
A reminder to our community that maintaining a clean server environment is a joint venture between system administrators and users.  A common occurence which has been noted are accounts that have used Fantastico to test/try-out software which does not end up being used, but the remnants of the installation remain within the public_html folder of the account.

Outdated PHP applications are the primary cause of account compromise and/or accounts being used to engage in malicious behavior.  The Fantastico Installer provides an easy to maintain and upgrade feature set which allows you to check on your current versions, and upgrade them if need be.  A few of the recent and critical updates are as follows:

CubeCart: 3.0.12 -> 3.0.12 [Security-Patched-1]
dotProject: 2.0.1 -> 2.0.4
Drupal: 4.7.2 -> 4.7.3
Gallery: 2.1.1 -> 2.1.2
Joomla: 1.0.10 -> 1.0.11
PHPSurveyor: 0.99 -> 1.0
SMF: 1.0.5 [Patched-1] -> 1.0.8
TikiWiki: 1.9.2 -> 1.9.4
TYPO3: 4.0 -> 4.0.1

We ask that you inspect your site(s) to make sure your applications are updated, and any applications you are not using be removed.  This will help to ensure a clean, stable operating environment for all users in our shared and reseller environments.

Should you have any questions, or need assistance in securing your applications, please contact our support department via our online Account Manager.
-----------------

During the spawn of this denial of service attack we have now filtered a total of 35,000 remote addresses attacking this server, we have also put in some preventive measures for the handful of domains being victimized by this attack.

The load levels have subsided and we will continue to monitor the strength of these defense mechanisms over the next 72 hours.

The load issues continuing on the new york server are a result of a distributed denial of service attack against the mail service on this server.

We have put in filtering mechanisms which are isolating remote hosts which are contributing to the flood, and over the past 24 hours have filtered out 19,000 remote IP addresses participating in this attack.

We will keep you up to date as additional progression is made.

We are currently addressing a load spike from a user running an unauthorized shoutcast server on Thames. This matter will be resolved in a few minutes.

We’ve run into this issue again, with the max connections per user hard set at 50 — we are investigating this to find out exactly what is causing this problem despite the configuration setting, the mysql services are currently up and operational right now.

A spam attack caused a partition to be filled up causing some errors. We have cleaned up some space and everything should be back to normal now.

Due to a heavy load on MySQL, We have issued a reboot of New York.