PHX PHP 7-32WC2 98.129.229.247 | Network Disruption
Incident Report for Liquid Web - Cloud Sites
Resolved
Following extended monitoring without further disruptions, we are resolving this issue.
Posted May 14, 2018 - 21:33 CDT
Update
While DOS attacks are outside of our ability to control, having DNS zones managed by our Liquid Web team did allow us to update the IP addresses for those zones and avoid extended impact to those websites. If your DNS is hosted elsewhere, please consider hosting DNS with us in the future which will allow us to mitigate impact to your websites should a similar situation arise.

Although we have experienced no further network disruptions, we still advise updating the DNS for websites to the IP listed in ticket communications or to 98.129.229.229.

We will continue to monitor the network closely and will post any new details as they are made available.
Posted May 14, 2018 - 01:05 CDT
Monitoring
As of 5PM CDT, all network traffic has returned to normal. Our networking and operations teams will continue to monitor performance closely and we will provide updates as new information becomes available.
Posted May 13, 2018 - 18:10 CDT
Update
Unfortunately, this large scale DDos attack is still targeting the impacted IP. We highly recommend you redirect any impacted websites to the below suggested IPs. Our networking team is monitoring the traffic but the scale of the attack is preventing the return of functionality of the original IP at this time. If you would like to update your Domain Registrar to point to our internal Liquid Web name servers, our support team can help you create DNS records that will allow your website traffic to be visible on a different IP.
Posted May 13, 2018 - 06:24 CDT
Update
Due to the external DDos impacting customer traffic into our Cloud Sites platform in PHX, specifically php7-32.wc2.phx1 at 98.129.229.247, we are moving impacted customers to additional IPs. However, we can only migrate customers using our Liquid Web nameservers. Customers with external DNS service, should consider migrating their IPs to the afore mentioned IPs until the DDos is further mitigated.
Posted May 12, 2018 - 23:47 CDT
Update
We are continuing to work to mitigate the DDOS. If you have not already updated impacted Sites to the aforementioned IP, please use 98.129.229.229 instead.
Posted May 12, 2018 - 22:26 CDT
Identified
At this time we are experiencing a large inbound DDOS targeting php7-32.wc2.phx1 at 98.129.229.247. Client’s pointing to the primary IP are asked to temporarily update to 98.129.229.252 to avoid disruption at this time.

We will continue to monitor network traffic and performance and will provide an update as additional information becomes available.

If you have any questions, please do not hesitate to contact a member of our support team via live-chat or by toll-free phone at 1.855.348.9060 or international at +1.517.322.0434.
Posted May 12, 2018 - 21:52 CDT
This incident affected: PHP Services (PHX).