This entry was posted in General Security, WordPress Security on August 24, 2017 by Mark Maunder 32 Replies

Dreamhost is currently experiencing a DDoS attack. I am updating this post in real-time as the situation unfolds. Last update was at 10:46am PST. ~Mark Maunder

Their team posted this tweet 20 mins ago.

I’ll be posting updates here as the situation progresses. Their engineers are clearly working the problem.

You can find their status page at https://www.dreamhoststatus.com/ – currently it says the following are affected:

Dedicated Servers, DreamPress 2, Remixer, Shared Hosting, Virtual Private Servers (VPS), Webmail.

Their team detected the attack at 9:20am PST and mitigation started at 10:20am PST.

Dreamhost has recently been in the news for fighting a US Department of Justice request for the IP addresses of all visitors to a website that they host.

The DDoS appears to be unrelated to the DoJ request above. It looks like it may be an Anonymous attack targeting the Dreamhost DNS to try to take a white supremacist website called ‘punishedstormer dot com’ offline. The website came online today and is hosted at Dreamhost.

What is Being Attacked

Dreamhost currently host an extremist website called punishedstormer. The site’s DNS is also hosted by dreamhost. That means that if you try to access the site, your computer or device contacts Dreamhost’s servers and asks for the IP address so that it can connect.

The attackers have launched a massive amount of traffic targeting Dreamhost’s DNS servers so that the website they want to take down becomes inaccessible.

You can see the DNS servers that are being used for the target website in this screen capture:

As you can see, the servers ns1, 2 and 3 at dreamhost.com are responsible for handing out the IP address of anyone looking up punishedstormer’s address. These are being targeted, possibly along with other DNS servers at dreamhost.

This will affect the availability of any website and domain that is using Dreamhost DNS services.

What to Do

If you host your website at dreamhost, you may not be affected by this attack if you host your DNS with another provider. If you host it with Dreamhost, it is likely that you are affected.

Unfortunately there is not much you can do. If you move your DNS away from Dreamhost, it will take up to 48 hours for the update to propagate around the Internet. Dreamhost will probably have this situation resolved in the next few hours. So the best advice may be to sit tight until their engineers are able to filter out the DDoS traffic and bring their systems back up.

Email Also Affected

It is worth noting that if your domain’s DNS is handled by Dreamhost, then your email deliverability may be affected. Emails that are sent to you may be bounced back to the sender. If you are expecting an urgent email, we recommend that you contact the sender directly and let them know your email may be temporarily unavailable.

Once this service disruption ends, you may want to let your contact list know that your email may have been temporarily unavailable due to an attack on your email DNS hosting provider.

Update at 11:22am PST: Dreamhost are reporting that they are beginning to mitigate the attack.

Update at 12:36pm PST: Dreamhost is reporting all services are restored and operational, although they show many services in a ‘degraded’ state. You can find out more information on their status page.