serveroutsource.net DOWN again

Portal Home > Knowledgebase > Articles Database > serveroutsource.net DOWN again

Posted by 6310, 09-29-2003, 04:45 PM
serveroutsource.net DOWN again
Posted by mallujigga, 09-29-2003, 04:51 PM
Yes it is. I think this is the 2nd time this has happened in about 48 hrs?
Posted by banihani, 09-29-2003, 04:58 PM
Ping results for serveroutsource.net Highest Response: 0 ms. Lowest Response: 0 ms. Average Response: 0 ms. Total Number of Packets Sent: 4 Lost Packets: 4 Lost Packets: 100 %
Posted by 6310, 09-29-2003, 05:01 PM
it is 2nd time last 12h traceroute to serveroutsource.net (65.87.5.2), 30 hops max, 38 byte packets 1 10.1.9.3 (10.1.9.3) 0.671 ms 0.474 ms 0.443 ms 2 216.87.0.46 (216.87.0.46) 0.482 ms 0.443 ms 0.471 ms 3 66.234.14.54 (66.234.14.54) 0.545 ms 0.528 ms 0.463 ms 4 66.234.14.42 (66.234.14.42) 1.293 ms 0.576 ms 0.440 ms 5 miamfl6lce2-gige7-0-0.wcg.net (64.200.118.241) 1.195 ms 1.009 ms 1.035 ms 6 miamfl2wcx3-pos5-0.wcg.net (64.200.119.89) 1.143 ms 1.242 ms 1.096 ms 7 miamfl2wcx3-cuttingedgetech.gige.wcg.net (64.200.118.210) 1.228 ms 1.132 ms 1.196 ms 8 157.238.182.242 (157.238.182.242) 1.308 ms 1.313 ms 1.336 ms 9 * * * 10 * Awebhosting.demarc.cogentco.com (38.112.5.134) 525.459 ms * 11 * * * 12 * * *
Posted by mallujigga, 09-29-2003, 05:14 PM
That's just weird. I've had a server with them for about 9 months now and never had any down time like this before. No worries though. I am sure it will be up and running pretty soon.
Posted by DF-Duncan, 09-29-2003, 05:27 PM
Luckily we only have one server with them, use it as a backup dump., but i hope it returns soon
Posted by 6310, 09-29-2003, 05:31 PM
>pretty soon hmm....
Posted by dimva, 09-29-2003, 05:37 PM
Yep, it's down. At first I thought it was something I did to my server since I was uploading something and then my computer froze, and when I rebooted, I couldn't connect anymore. But when I tried to submit a reboot request, I realized that the whole network was down. Anyway, it's pretty good for a $49 box. Hope it returns soon because I didn't finish my upload!
Posted by dimva, 09-29-2003, 06:18 PM
It was up for awhile, then when I tried to ftp again it went down. It can't possibly be my fault, can it?
Posted by a-m, 09-29-2003, 07:32 PM
just for the record were @ 3 so far since i signed up for the monitoring. i did this because last night my server went down twice for a couple of minutes. so i just wanted to take a look. these stats are from 12:30pm EST - 7:30pm EST Uptime (Availability): 89.29% (Down 3 times out of 28 checks) 09-29-2003 19:24:27 OK 15.180 09-29-2003 19:08:50 OK 9.879 09-29-2003 18:52:06 OK 11.351 09-29-2003 18:36:16 Error 15.064 09-29-2003 18:20:15 OK 15.645 09-29-2003 18:04:12 OK 13.490 09-29-2003 17:48:15 OK 10.064 09-29-2003 17:31:58 OK 15.197 09-29-2003 17:16:33 Error 15.300 09-29-2003 17:00:12 Error 15.149 09-29-2003 16:44:10 OK 15.262 09-29-2003 16:28:15 OK 13.397 09-29-2003 16:13:12 OK 2.607 09-29-2003 16:13:11 OK 2.302 09-29-2003 15:56:10 OK 0.857 09-29-2003 15:40:57 OK 4.010 09-29-2003 15:23:51 OK 1.146 09-29-2003 15:07:52 OK 1.002 09-29-2003 14:52:05 OK 0.904 09-29-2003 14:36:36 OK 0.920 09-29-2003 14:20:32 OK 1.034 09-29-2003 14:03:51 OK 0.788 09-29-2003 13:47:49 OK 0.778 09-29-2003 13:31:41 OK 1.020 09-29-2003 13:15:55 OK 0.270 09-29-2003 12:59:51 OK 0.296 09-29-2003 12:43:52 OK 0.533 09-29-2003 12:29:08 OK 0.994
Posted by 6310, 09-29-2003, 07:48 PM
7 drvlga1wcx2-oc48.wcg.net (64.200.127.30) 25.681 ms 25.551 ms 25.583 ms 8 hrndva1wcx3-pos11-0.wcg.net (64.200.232.126) 25.992 ms 26.396 ms 26.269 ms 9 washdc5lce1-oc48.wcg.net (64.200.95.118) 25.936 ms 25.670 ms 25.812 ms 10 Ash-Equinix-GigE.aleron.net (206.223.115.45) 25.385 ms 25.321 ms 25.336 ms 11 ge3-2.as.la1miafl.aleron.net (205.198.4.78) 105.710 ms 57.542 ms 57.901 ms 12 miabw.as.la1miafl.aleron.net (205.198.4.134) 57.795 ms 57.596 ms 57.698 ms 13 miabw.as.la1miafl.aleron.net (205.198.4.134) 58.165 ms !H 60.918 ms !H 57.846 ms !H
Posted by SrvOutsource, 09-29-2003, 09:25 PM
Our clients should know what has going on, as we have been posting in our forums clients area since last Friday. We have had 13 DDoS attacks since last Friday. From this number of attacks, someone is personally out to try to shut us down. They started out as UDP Floods on Port 53, but they changed to TCP Floods on Port 53 tonight. Here are just some of the attackers IP's: 202.156.173.92 202.156.228.93 62.150.0.103 208.61.176.178 81.48.165.83 81.218.179.62 166.70.3.28 4.41.45.164 NOTE: The network should have returned to normal awhile ago. Before this, you might have experienced high latency or packet loss during the attack.
Posted by AKavanaugh, 09-29-2003, 09:28 PM
Great - now that you have IP's, do something other than filtering. Having an Abuse team is usually a good idea to follow up on attacks with ISP's - sometimes it gets somewhere, sometimes you need to push harder.
Posted by SrvOutsource, 09-29-2003, 09:32 PM
We will be, but most of the IP's are from overseas, and usually don't repsond when notices are sent to them. The US ones are usually better. But as with all DDoS attacks, these IP's only belong to slave computers that have been infected, and are not the true attacker.
Posted by microsol, 09-29-2003, 10:47 PM
That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN!
Posted by RossH, 09-30-2003, 12:29 AM
Why don't you rate limit UDP and TCP to port 53?
Posted by AKavanaugh, 09-30-2003, 12:56 AM
Who's got time for rational solutions in today's busy world of overselling?
Posted by RossH, 09-30-2003, 01:19 AM
Ohh sorry, I forgot I was talking to hosts just out to make money.
Posted by SrvOutsource, 09-30-2003, 01:56 AM
1. If the network person could have accessed the router from remote he could have done this. And the router froze due to the 8.3M pps hitting it. 2. We actually don't oversell our bandwidth.
Posted by SrvOutsource, 09-30-2003, 01:57 AM
We are working on that issue now. We have 2 extra routers, and are planning it.
Posted by Bineshi, 09-30-2003, 02:20 AM
I return to this forum after a few months and low and behold, SrvOutsource is still in the frying pan. Maybe you should work on improving your honesty and customer relations a bit? I wouldn't be suprised if this attacker is another customer you tried to swindle. Thankfully for me, I got word from Visa card services yesterday that they have completed their investigations, and all Server Outsouce charges have been refunded on my card. The thread on this forum was actually instrumental to proving my case. I can't say I really care, but whoever is attacking this ISP should just go the legal route if they have a complaint. They are already being investigated by a few different agencies. Don't risk getting yourself in trouble or sink to this company's level with underhanded tactics.
Posted by RossH, 09-30-2003, 02:21 AM
Guess you should have people at the noc eh? Your using a riverstone router I'm guessing, what kind? I'm guessing the 1000/3000? Maybe I'm totally off.
Posted by porcupine, 09-30-2003, 03:56 AM
8.3M packets/sec? Thats a pretty big number. Not to question or anything, but if your router choked and died, where'd you get that number? 8.3 Million PPS should have taken out a fair chunk of routers upstream if you ask me, anything over 500,000 packets/sec is liable to cause major outages, let alone 8,300,000......
Posted by SrvOutsource, 09-30-2003, 08:33 AM
Ross, You where close. We are using a Riverstone, but a model RS 8000.
Posted by SrvOutsource, 09-30-2003, 08:38 AM
It came from the firewall before it crashed. And it did, it flooded all of our network connections, as they did an attack over all of them yesterday. The attacker keeps changing their tactics. First it was UDP Flood attacks on port 53 to our PRI DNS. Then started flooding the main router on misc. ports. Then switched to TCP Flood attacks on Port 53 to all. And now this morning has switched to TCP Flood attacks on Port 80 to our main server. It is also funny the firewall has been cataching just certain IP's that belongs to a local Miami, FL BellSouth DSL connection.
Posted by Trayton, 09-30-2003, 11:48 AM
I'm new to this but what did serveroutsource.net do to piss so many people off cause their prices and pings seem decent?
Posted by mallujigga, 09-30-2003, 12:03 PM
Some people say serveroutsource over sell their bandwidth and some people are not happy about the service they get. So, it adds up to a bunch of people who are not really happy with serveroutsource. I have a cheap server with them just to learn the basics of linux and so far have nothing bad to say about them.
Posted by Trayton, 09-30-2003, 02:10 PM
Cool seems like there are a few good providers out there or ones that are decent!
Posted by microsol, 09-30-2003, 03:32 PM
One of our servers is STILL not reachable from our location but from others after 24 hours! Seems that nobody cares there and that a cancellation comes along, because they know about it since this morning and nothing happens.....
Posted by tandem, 09-30-2003, 09:14 PM
Just a do a quick search on these forums and you will find quite a few threads started by unhappy humans (or ex-customers) complaining about the treatment at the hands of srvoutsource. > That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN! That's what I call "caring about the customer" , or "how to save a few dollars and cram all'of'em on a single router." One machine gets shot... and all of the others fall down like flies.
Posted by Andrew, 09-30-2003, 09:52 PM
Well, in all fairness, do a search here at WHT and you'll also find a lot of nasty posts by a user named 'tandem' against ServerOutsource. Not that I'm the biggest serveroutsource fan myself, considering that I wanted to get a server there and the guy couldn't even get it together to whitelist my IP with his firewall. But still, gotta mention these things when they come up.
Posted by tandem, 09-30-2003, 10:01 PM
Andrew, you've got a great memory... where did you find it? nasty = plain facts Just look at the post from Bineshi further up; it sums up "serveroutsource". > I wanted to get a server there and the guy couldn't even get it together to whitelist my IP with his firewall. Not surprised in the slightest.
Posted by RossH, 09-30-2003, 10:48 PM
If your using a Riverstone 8000 then why is it crashing, I'm looking and when you said you were getting 8.3 Mpps I thought you hinted that it was the pps that was crashing the router. If you truly are using a Riverstone 8000 that router should be able to handle 15 Mpps, I'm looking at the tech pdf right now. http://www.riverstonenet.com/pdf/RS-8K.pdf
Posted by Andrew, 09-30-2003, 11:02 PM
It was on the shelf next to my lack of a life. Like I said, I'm not their biggest fan, but you do seem to go a bit over the top trying to smear them.
Posted by AKavanaugh, 10-01-2003, 12:25 AM
Tech sheet's lie - as do company's when trying to explain an outage such as this; chose your poison .
Posted by TheTrance, 10-01-2003, 12:58 AM
looks like everyones getting ddosed and packeted these days...
Posted by a-m, 10-01-2003, 01:03 AM
its down again, been down for about 45 minutes
Posted by microsol, 10-01-2003, 02:34 AM
Hehe, good find!
Posted by tandem, 10-01-2003, 02:45 AM
You don't really need to try; srvoutsource himself has been doing a good job of it. Just read what people are saying...
Posted by SrvOutsource, 10-01-2003, 04:56 PM
1. We don't oversell our bandwidth like others. And have the MRTG graphcs to show this. FYI: The people who have usually posted negative things about us have usually been terminated for Non-Payment or AUP violations. Which of course usually doesn't make someone unhappy.
Posted by SrvOutsource, 10-01-2003, 04:59 PM
Ross, We are using a RS 8000 with a CM2 and 512MB RAM (The Max.) According to the "specs", they say it can handle this amount. But there is a hardware flaw in RS CM2, CM3, and CM4 that the CPU can be flooded with a high amount of packets per second. RS has acknowledged this, and said it should be fixed in the CM5 due out in about 6 months. This is what was happening. And also points that the person doing it knew the exact router we are using, and about this flaw. We had plans to upgrade in Q4, which are now being pushed ahead of schedule to protect our network and clients. Last edited by SrvOutsource; 10-01-2003 at 05:13 PM.
Posted by SrvOutsource, 10-01-2003, 05:01 PM
a-m, We posted a message in our members forum that emergency maintence was going to be done last night during the maintenance window. This was expected outage.
Posted by SrvOutsource, 10-01-2003, 05:08 PM
Andrew, Thank you. Tandem shows his true colors when he posts in any thread that has to do with my company. And has been warned by the mods before about his comments. Also as a note he has never been a client, and does just like to post smear comments without knowing any of the facts. He will probably now, post a interesting reply to this one, as he usually does. And if Bineshi wuld give his real name, I could reply to what happened. But from his post he looks like he commited credit card fraud, as if he ordered a server, and we provided him with service, he agreed to our ToS and policies. In the past month we have terminated several server for AUP violations. Attacking other networks, hosting child porn, SPAMMING, etc. Not to mentioned people for non-payment of their monthly bill.
Posted by richy, 10-01-2003, 05:49 PM
What URL for the live mrtgs? sorry couldnt find them on their site but i may be missing them (sleep deprivation is a wonderful thing). Hope it works out for you.
Posted by SrvOutsource, 10-01-2003, 05:58 PM
Richy, Currently they are in a password protected directory for clients only. I am working on a page for the site. What would you recommend? As MRTG has daily, monthly, etc. Most compaines that do show them, only show the daily graph. BTW Jolt is a good cure for sleep deprivation.
Posted by MStar, 10-01-2003, 06:17 PM
i'd like to see daily and monthly graphs... it would boost confidence.
Posted by SrvOutsource, 10-01-2003, 06:22 PM
Will start working on that tonight. When they are online, it will end prove that we do NOT oversell our bandwidth connections.
Posted by porcupine, 10-01-2003, 06:52 PM
Not too sure how a MRTG can determine whether you do, or do not oversell connections. The numbers in the .cfg can define a 100mbps link as a gig-e quite easily, and many providers cap connections as need be which would also not show up. You should MRTG your routers cpu/memory/io while you're at it .
Posted by AKavanaugh, 10-01-2003, 08:41 PM
Myles has a good point - all it will prove is the possibility of a doctored MRTG.
Posted by SrvOutsource, 10-01-2003, 08:58 PM
Anything could be "doctored", but then you are implying the possibity I would do something like this. Which I would NOT.
Posted by porcupine, 10-01-2003, 09:01 PM
You don't even need to doctor the MRTG. Say you buy 50mbps on a 100mbps line. Your MRTG is automatically going to be at 100MBPS, but your cap with your provider may be 50mbps. Thus MRTG will make it look as if you're never going past 50% of your capacity, with no "doctoring" involved. Better example may be someone with a GIG-E port going "look, we never go past 200mbps!", whereas their commit and cap rate might be at 200mbps, which is a very common practise (capping on a gig-e).
Posted by concreteman, 10-04-2003, 05:19 AM
Funny looking back it seems no matter how tired I get, I am never too tird to carry a grudge... its gotten better over the years, only cause my memory is failing. Stumbled into this thread and it reminded me just how bad anger and resent are. calm down! I'm not talking to you! Oh, um goodnight.
Posted by Daver, 10-04-2003, 10:01 AM
Yeah, but you could easily tell if it is hitting a limit of some sort, say the MRTG was consistantly pegged at 50mbps then it would (to me) show something is likely holding it at 50mpbs, or 100mbps even. there would be tell tale issues over time with a doctored MRTG but, it could be done for sure..
Posted by tandem, 10-04-2003, 10:48 AM
You are actually not worth even a minute of my valuable time. All I want to say is this: Time and time over you have shown your devious ways on multiple occasions on these forums. * Inflated bandwidth in your WHT adverts (not declaring that your bw is based on 95%tile and presenting it as if it's a straight calculation) * Taking money away from ex-customers who deserted you by abusing their credit card accounts * You've been exposed that you have no-one attending to your clients' servers at the data center despite your early claims to the contrary * Now we know that you've been using a single router all along for all the servers that you host ... and the list goes on and on. Good luck in your great endeavors!
Posted by SrvOutsource, 10-04-2003, 04:24 PM
Tandem, You have constatly shown that you keep bashing my company without any facts, and heckling my posts. And never have been a customer. You also have been warned about this from the mods. 1. We do not "inflate" our bandwidth in our ads. If the ad shows 400GB, 1000GB, the clients GET that bandwidth. If the ad shows 1.2Mbps @ 95tile, they get 1.2Mbps. Etc. 2. We have never abused any credit card, and also have the client authorization. Which they send in a signed authorization form. Now there have been some clients that have tried to do chargebacks after we have terminated them for AUP violations (Spamming, hosting child porn). Those are 2 examples that you have NO idea what you are talking about my company. The list go on and on with your threats and heckling posts also. Your latest post has been reported to the mods, as they already know your story from the ads forum.
Posted by tandem, 10-04-2003, 04:45 PM
Every single statement I have made is based on multiple threads on these forums (and you know it - but you will obviously not admit to it). I have never heckled your posts. I have simply pointed out (like many others have) the wrongs in your posts. I have not received any warnings from the mods about my posts stating the facts about your business. I did communicate with you in the past by email before finding out about your business practices and your true nature. There ... That's about as much time as I intend to spend regarding your antics. I will leave it to others to take it on from here.
Posted by SrvOutsource, 10-04-2003, 04:52 PM
Thank you for proving my point even further, by you continuing to post OT messages in this thread just to take cheap bashing shots at my company like you normally do.
Posted by SrvOutsource, 10-04-2003, 05:32 PM
Now to get this thread back on topic like it should be for this section. A usage page has been created per the suggestions here. http://www.serveroutsource.net/network/usage.htm As all can see, we are well below are 100Mb/s port speeds. MIANET4 which is a 100Mb Cogent circuit is just above 25% used. This is the circuit the -HB server models are on.
Posted by WeirdWay, 10-05-2003, 06:08 AM
IMO.. If you havent been a client, you have not got the right to attack a company.. My input, dont mind me
Posted by tandem, 10-05-2003, 09:49 AM
Have a look at this thread and you will see people who are not or have not been clients commenting on the situation and criticizing some aspects of serveroutsource's business practices based on facts. It's just a matter of how subtle (or direct) the comment is.
Posted by SrvOutsource, 10-05-2003, 10:04 AM
Tandem, Thank you for proving my point even more. This thread was started due to the outage started by a DDoS attack. There are no posts in this thread about any business practices other then your attempts to try to make my company look bad every chance you get. By you posting OT like you do, you just show your true intent.
Posted by tandem, 10-05-2003, 10:55 AM
Re-read the whole thread and ye shall find... > And if Bineshi would give his real name, I could reply to what happened. That's quite funny... Now you are pretending that you don't know who Bineshi is, when there is a large thread devoted to his complaints (started by him) in the Dedicated forum, just a few weeks old. Isn't it typical of you to act as if you don't know anything about it or deny it ever happened?
Posted by SrvOutsource, 10-05-2003, 01:42 PM
Tandem, I don't spend my days on the board searching for every little thing to harass someone with. I just did a search, and found the thread you mention. We followed our billing policy, and posted the exact amount we charged. His server was setup within the 24 hours time frame, and the welcome e-mail was sent. E-mail receipts where received that they where delivered. Also no chargeback where done by the client, as we had his approval for the order for the server, which we provided to him. It was his choice whether to use it or not. And publicly agreed to our offer in that thread you mention. Which if you read the thread, if he tried a chargeback, HE would be comitting credit card fraud. Since he order the service, and it was provided. But I could see someone like you, supporting that. Trying to to use this post which the mods locked for that reason, shows how badly you are trying to make the company look. And continuing to post OT in this thread. You just continue to show your harasment. This has been reported to the mods again, and they said they will have yet ANOTHER talk with you. Keep it up. You just make it clearer what you are trying. And no matter what you say, since you are not a client, or ever have been. This leaves that you are a competitor, trying to make your competition look bad with your posts in any thread that has to do with me company. Which people reading your posts just ignore. Because every time you post to a thread, it is always OT, just like you have done to this one. Last edited by SrvOutsource; 10-05-2003 at 01:51 PM.
Posted by tandem, 10-05-2003, 01:58 PM

Posted by cperciva, 10-05-2003, 02:34 PM
I don't think this thread needs to stay open any longer.