All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
AVSISP - 3 Days Under DDoS - Update to Clients & Others
We are currently dealing with a large DDoS attack against AVS ISP that has been ongoing for approximately 3 days now. We decided it is time to make a post here, as many have been reporting outages falsely due to ICMP filtering and ping limiting.
The main focus of the attack is ICMP (ping), and for that reason we have temporarily disabled ICMP to protect our network and customers.
All VMs remain online. Some customers may see “downtime” alerts from uptime monitoring services that rely only on ping checks. These alerts are false positives caused by ICMP being blocked. We recommend either testing your VM directly (logging in or using the services you run on it) or using monitoring tools that check actual services instead of just ping.
So far we have experienced very little real downtime. The majority of the disruption has been limited to ICMP (ping) filtering. If you do run into problems with your VM or services, please let us know. You can also try rebooting from the control panel if needed.
Because these types of attacks are sometimes used as cover for other malicious activity, we strongly advise customers to:
- Use SSH keys instead of passwords.
- Run SSH on a non-standard port or listening only on your VPN IP if using for Wireguard, etc.
- Restrict access to admin panels or sensitive services with firewall rules (e.g. allowing only your own IP or VPN).
We do not know for certain which customer(s) or service(s) are the direct target of this attack, so it is best that everyone take extra precautions.
Though ICMP is the only service we are fully dropping (ping only, other ICMP being filtered, limited, validated, etc to allow services to function normally) this is indeed a multi-vector attack using such methods as NTP & DNS reflection, UDP AMP, Fragmentation, and many many 100s of vectors.
Thank you for your patience while we continue to mitigate this.
Comments
$7 DDOS deals?
What are you doing about it?
Right now we won't be doing any offers until we get things under control. Don't want new customers to come into a situation where they wonder why they can't ping their VM even though everything is working fine for ssh, http, etc etc.
After this is over, we will definitely put out a lovely offer - and for those customers sticking with us through this - there will be credits and discounts applied to accounts ☺️
Filtering it. We are currently filtering between 10 and 50 GB/s of bad traffic. The ICMP pings that people think are down is actually a protection for them and their VM. The limits are per destination, not source. So if their IP isn't pinging, it means they were being attacked and so we are dropping ONLY pings to them to protect their VMs.
We are working daily throughout this to advance our filtering and soon should have a solution that can validate the ICMP pings before they hit the destination IP filters - allowing more pings to start flowing normal again while still blocking out the bad one. We don't wanna give away details publicly on this as it may allow attackers to develop an evasion solutions to avoid it.
We must remember LET is public. And as such, the attacker can read this just as much as all of us. Which means we cannot give out all details now. Apologies.
Part of the biz. Happens to all of us. Even right now.
Thanks you @avsisp
Thanks, hope it will be gone soon. Not nice to have something destructive like this just because somebody does not like you or what you do.
Thanks
Heh, sketchy! Since the beginning of your appearance somebody is "attacking" you for unknown reason, first it was due to mitigation the ping was high to your fake locations, now blocking icmp ping requests completely with the pretex to "mitigate" the attack. I mean gona believe you
You are a troll who should be banned from the face of the planet for all your attacks on people. Nobody is here to play games with you. We are under a DDoS and we are mitigating it over London. ICMP is disabled due to the attack vectors being used. And we are entirely online otherwise.
I'm not sure what your personal beef is with me or why you keep coming after me to talk crap - but it's extremely immature and I wouldn't even be surprised if it's you who launched the attack knowing that under DDoS we mitigate through London - so you can run around talking B.S about us not being in Albania which simply isn't true - many ISPs reroute during DDoS for mitigation - standard practice. There is literally a whole market around being the provider you reroute through remotely to filter.
Do me a favor and leave me alone - go mind your own business - and stop attacking others just for your own personal satisfaction. Nobody has started anything with you until you started attacking me for no reason claiming we aren't in Albania besides the 100s of evidence we gave you otherwise.
The only thing a DDoS on us is doing is causing us to have to mitigate over London and increase latency back to Albania a bit + drop ICMP echo and filter icmp echo reply to allow only those matching outbound requests. So yeah -- annoying at best.
If the DDoS does continue much longer, law enforcement in the UK, Albania, and USA will have to be notified as this kind of thing is criminal in nature and this is becoming a Persistent threat instead of a simple "DDoS for fun" at this point.
And here is your lovely logs for proof of the DDoS so I don't have to hear you claiming it doesn't exist:
Full output of stats:
Current size dropped (goes up and down):
1-second dropped packets:
1-second report:
There you go. Plenty of proof that a DDoS is indeed underway... Day 4 now.
subscribe
Popcorn reserved.
Seems my Albania VPS is unreachable..And panel also inaccessible?
Yeah same...mine was jumping up and down and there was period where ssh did not work but everything else worked fine. Currently not working.
Yes. We are working on it all day. The attackers keep switching methods. We have to update filters to keep up.
Is anyone else still having any issues? This is a call for feedback.
Other than PING, everything should be working perfectly.
Apologies for the late replies here - have been working hard to try and keep everything online despite the attempts from them to try any method they can to keep us down.
Anyone who wants to - we can move you to London for free. Just let us know.
We promise - we are doing everything in our power to ensure everything stays online NO MATTER WHAT. The attacker(s) are/is stubborn. But so are we.
We made a promise to this community that we would never deadpool and we meant it. Do not worry - all data is safe, everything will remain online. And we are working hard to ensure it stays that way.
My server works but cannot ssh into it, which is not a bit deal for the time being but annoying ofc.
Please try changing your SSH port, running after "systemctl restart ssh && systemctl restart ssh.socket && systemctl restart ssh" and then trying?
It could be that your SSH port is a commonly used port for another service abused during a DDoS and is being blocked for that reason. It seems highly likely that this is the case here as I remember speaking earlier and you having the same issue and all.
Tried it and it did not help. Getting timeout on all the ports I tried.
First attempt will always fail due to SYN cookies. You have to retry attempt at least 2 times back to back. Then it should unlock and go.
Tried it like 10 times, does not work.
Stop accusing me for your shitty services you dumbfc! Unlike you, i don't do illegal shit and you or your services are not worth a minute of my time! You had "ddos attack" (as per your words in another thread) before i even knew or heard about you and your crappy services! A Wyoming registered company, providing prices with albanian shitty currency, tunneling everything to hide your crap and its my fault and everyones for your shitty crap services that dont work!