Massive DDoS Attack

Dear customers, We would like to provide a transparent update regarding the network outages and connectivity issues that affected some ESAGAMES services during the past days. The recent interruptions, including the outages of approximately 6 hours and 1 hour, were caused by extremely large-scale DDoS attacks targeting our IP ranges. These were not normal attacks that can be easily filtered at server level or by applying simple firewall rules. The attacks reached a scale of multiple billions of packets per second, affecting the upstream network infrastructure before the traffic could even reach our servers. Because of the size and type of these attacks, our upstream provider had to apply emergency mitigation measures in order to protect the rest of the network and other customers connected to the same infrastructure. In some cases, this included temporary blackholing or limiting traffic for the affected subnets. This is why some services became unreachable even though the servers themselves were still online. We understand how frustrating this situation is, especially for customers who depend on stable services. We want to make it very clear that we are not ignoring the issue and we are actively working with the upstream network team to improve the situation. The following measures have already been applied or are in progress: The IP announcements were adjusted so that attacks can be isolated better per /24 subnet instead of affecting the entire range. Additional route and RPKI changes were requested and applied to allow better network-level control. UDP rate-limiting was added at one of the provider’s main points of presence. The upstream provider has reactivated the main announcement and added additional filtering/mitigation measures where technically possible. We are continuing to monitor the affected IP ranges and will apply stricter protection profiles where needed. It is important to understand that attacks of this size cannot always be fully absorbed by any hosting provider. When an attack reaches several billion packets per second, the problem is no longer only the protected server, but the physical network capacity of routers, upstream links, and peering/transit connections. In such cases, even very large networks may need to temporarily drop or limit traffic to prevent a wider outage. If there was a better immediate solution that could fully stop attacks of this scale without affecting customers, we would apply it immediately. Our goal is always to keep services online, even with degraded connectivity, rather than having full downtime. However, with attacks of this magnitude, there are technical limits that no provider can simply bypass instantly. Based on the current situation, the network is more stable now than during the initial incidents, but there is still a risk of temporary packet loss, filtering, or short blackhole events if another large attack is launched. The provider expects that this type of botnet traffic may lose intensity over the following days or weeks, while additional mitigation adjustments continue to be made. What happens next: We will continue working with the upstream network team to improve filtering and reduce the impact of future attacks. We are also reviewing our own protection profiles and customer-side configurations to make sure that exposed services are limited as much as possible. Customers running UDP-based game servers may experience packet loss during active attacks, while TCP-based services such as websites or control panels should remain more stable unless they are directly targeted. We sincerely apologize for the disruption caused. We know that uptime is critical, and we are treating this situation with maximum priority. We will continue to post updates whenever there are important changes or improvements. Thank you for your patience and understanding.