27 jun

link down [Update]

Time: June 27th 2009 11:45:00(CEST)
Expected Downtime: Unknown
Reason: Hardware failure / Under investigation
*******************************

Dear Customer,

At the moment we experience some troubles in (part of) our network.
A link has failed between one of our routers and an MPLS device.
Because of this most of our DSL customers are no longer able to reach the internet.

We are doing our utmost to solve this issue a.s.a.p.
As soon as we have more information available, we will publish it here.

Please be patient while we are working on this problem.

Regards,
LeaseWeb BV


[UPDATE 12:30]
The engineer is on his way to the datacenter with all spare parts he may need.

27 jun

link down

Time: June 27th 2009 11:45:00(CEST)
Expected Downtime: Unknown
Reason: Hardware failure / Under investigation
*******************************

Dear Customer,

At the moment we experience some troubles in (part of) our network.
A link has failed between one of our routers and an MPLS device.
Because of this most of our DSL customers are no longer able to reach the internet.

We are doing our utmost to solve this issue a.s.a.p.
As soon as we have more information available, we will publish it here.

Please be patient while we are working on this problem.

Regards,
LeaseWeb BV

19 jun

Apache DoS tool released [Update]

Time: June 19th 2009 17:40:00(CEST)
Dear Customer,

There has been a public release of a Apache DoS tool.
You can read about it on the following URL’s

http://isc.sans.org/diary.html?storyid=6601

All versions of Apache are vulnerable.
There are a couple of solutions, one of them is limitipconn
http://dominia.org/djao/limitipconn2.html
However we have found it does not work as it should on all distributions.

We have put together a quick shell script that should give you protection in case your server is being attacked.

It currently is a crude version, if you see it does not work on your server please contact our support and we will try and get it working for you.

If you suspect your server is being attacked you can download the following to your linux webserver. This script does not work on BSD or windows.

http://www.leaseweb.com/antiloris.sh

Place the file in some directory and make it executable.

# wget -O /usr/local/sbin/antiloris.sh http://www.leaseweb.com/antiloris.sh
# chmod 755 /usr/local/sbin/antiloris.sh
# echo “* * * * * /usr/local/sbin/antiloris.sh” >> /etc/crontab

Then edit the file.
In the beginning of the file there are a couple of variables:
LIMIT=50
[email protected]
SENDEMAIL=1
RESTARTAPACHE=1

LIMIT is used for the amount of sessions the attacker has to open before his IP address will be blocked.
EMAILADDRESS is the email address you want to receive email alerts on
SENDMAIL can be 1 or 0. Set to 0 to no longer receive email.
RESTARTAPACHE This variable can restart apache after the IP address has been blocked. Some customers may not want to restart their apache after eac attack, but wait for regular apache time-outs.

19 jun

Apache DoS tool released [Update]

Time: June 19th 2009 17:40:00(CEST)
Dear Customer,

There has been a public release of a Apache DoS tool.
You can read about it on the following URL’s

http://isc.sans.org/diary.html?storyid=6601

All versions of Apache are vulnerable.
There are a couple of solutions, one of them is limitipconn
http://dominia.org/djao/limitipconn2.html
However we have found it does not work as it should on all distributions.

We have put together a quick shell script that should give you protection in case your server is being attacked.

It currently is a crude version, if you see it does not work on your server please contact our support and we will try and get it working for you.

If you suspect your server is being attacked you can download the following to your linux webserver. This script does not work on BSD or windows.

http://www.leaseweb.com/antiloris.sh

Place the file in some directory and make it executable.

# wget -O /usr/local/sbin/antilotis.sh http://www.leaseweb.com/antiloris.sh
# chmod 755 /usr/local/sbin/antilotis.sh
# echo “* * * * * /usr/local/sbin/antilotis.sh” >> /etc/crontab

Then edit the file.
In the beginning of the file there are a couple of variables:
LIMIT=50
[email protected]
SENDEMAIL=1
RESTARTAPACHE=1

LIMIT is used for the amount of sessions the attacker has to open before his IP address will be blocked.
EMAILADDRESS is the email address you want to receive email alerts on
SENDMAIL can be 1 or 0. Set to 0 to no longer receive email.
RESTARTAPACHE This variable can restart apache after the IP address has been blocked. Some customers may not want to restart their apache after eac attack, but wait for regular apache time-outs.

16 jun

Mailserver – SMTP problem [Update]

Time: June 16th 2009 10:00:00(CEST)
Dear Customer,

At this moment it is not possible to e-mail through our mailserver. There appears to be an issue with authentication with the SMTP server. We are currently working on this issue.

It is possible to receive e-mail and no other services are impacted.

Regards,
LeaseWeb BV

[11h10]
The issues are resolved. In case you are not able to sent an e-mail, try lowercase passwords and/or reset your password in the Self Service Center. Our apologies for the inconvenience this might have caused.

16 jun

Mailserver – SMTP problem

Time: June 16th 2009 10:00:00(CEST)
Dear Customer,

At this moment it is not possible to e-mail through our mailserver. There appears to be an issue with authentication with the SMTP server. We are currently working on this issue.

It is possible to receive e-mail and no other services are impacted.

Regards,
LeaseWeb BV

15 jun

EvoSwitch Hall 3 problems [Update]

Time: June 15th 2009 15:05:00(CEST)
Expected Downtime: Unknown
Location: EvoSwitch Hall 3
Reason: Under investigation
*******************************

Dear Customer,

At the moment we experience some troubles in (part of) our network.

We are doing our utmost to solve this issue a.s.a.p.
As soon as we have more information available, we will publish it here.

At this moment the problems seems to be caused by a DDoS attack, we are still investigating.

Please be patient while we are working on this problem.

Regards,
LeaseWeb BV

[UPDATE]The problems were caused by an incoming DDoS attack, we have filtered this attack and the problems were solved.

04 jun

Webhosting connection issue [Update]

Time: June 4th 2009 16:30:00(CEST)
Expected Downtime: Unknown
Location: Evoswitch
Affected IP ranges: Webhosting (85.17.150.100)
Reason: Script Exploits
*******************************

Dear Customer,

At the moment we experience some troubles on our web hosting cluster.

We are doing our utmost to solve this issue a.s.a.p.
As soon as we have more information available, we will publish it here.

Please be patient while we are working on this problem.

Regards,
LeaseWeb BV

[Update 19:16]
The shared webhosting cluster has returned to normal after removing several exploitable scripts.

04 jun

Webhosting connection issue [Update]

Time: June 4th 2009 16:30:00(CEST)
Expected Downtime: Unknown
Location: Evoswitch
Affected IP ranges: Webhosting (85.17.150.100)
Reason: Under investigation
*******************************

Dear Customer,

At the moment we experience some troubles on our web hosting cluster.

We are doing our utmost to solve this issue a.s.a.p.
As soon as we have more information available, we will publish it here.

Please be patient while we are working on this problem.

Regards,
LeaseWeb BV

04 jun

Stockholm connection maintenance

Startdate: June 16th 2009 23:00:00(CEST)
Enddate: June 17th 2009 00:00:00(CEST)

Dear customer,

The supplier of our connection to Stockholm has planned a maintenance of the circuit we use. Our connection to Netnod (Stockholm internet exchange) may be down within this maintenance window.

No network problems expected, traffic will be rerouted to other links. During changing of network paths there may be a temporary increase of RTT or delays.

Kind regards,

LeaseWeb B.V.