Hacker News new | past | comments | ask | show | jobs | submit login

Wait a minute, this explains what happened to my VPS hosted at DigitalOcean. I have been running a XT node on it ever since Day 1 and today I got this email from DigitalOcean:

  Hi there,
  Our system has automatically detected an inbound DDoS against your droplet named core with the following IP Address: <IP>
  As a precautionary measure, we have temporarily disabled network traffic to your droplet to protect our network and other customers. Once the attack subsides, networking will be automatically reestablished to your droplet. The networking restriction is in place for three hours and then removed.
  Please note that we take this measure only as a last resort when other filtering, routing, and network configuration changes have not been effective in routing around the DDoS attack.

I responded asking for more specific information, and they said:

  Hi there, 
  It looks like it was 2.1gbps DoS attack at about 200k PPS which would really make me think this was a straight-up SYN flood. 
  I don't really have more detailed information than that, sadly. 
  It looks like the blackhole will expire 3 hours after it was 
  put in place. 
  If you'd like a different IP, the simplest way would be to power off the droplet, take a snapshot, and bring the snapshot back up as a new droplet. After that's done, you can destroy the old droplet and you should be good to go from there.
Now it all makes sense.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact