Back to Status
Massive DDoS Attack
Critical
Started May 10, 2026 17:31
· Duration: 20d 9h 9m
Resolution Progress
90%
Dear customers,
We would like to provide a transparent update regarding the network outages and connectivity issues that affected some ESAGAMES services during the past days.
The recent interruptions, including the outages of approximately 6 hours and 1 hour, were caused by extremely large-scale DDoS attacks targeting our IP ranges. These were not normal attacks that can be easily filtered at server level or by applying simple firewall rules. The attacks reached a scale of multiple billions of packets per second, affecting the upstream network infrastructure before the traffic could even reach our servers.
Because of the size and type of these attacks, our upstream provider had to apply emergency mitigation measures in order to protect the rest of the network and other customers connected to the same infrastructure. In some cases, this included temporary blackholing or limiting traffic for the affected subnets. This is why some services became unreachable even though the servers themselves were still online.
We understand how frustrating this situation is, especially for customers who depend on stable services. We want to make it very clear that we are not ignoring the issue and we are actively working with the upstream network team to improve the situation.
The following measures have already been applied or are in progress:
The IP announcements were adjusted so that attacks can be isolated better per /24 subnet instead of affecting the entire range.
Additional route and RPKI changes were requested and applied to allow better network-level control.
UDP rate-limiting was added at one of the provider’s main points of presence.
The upstream provider has reactivated the main announcement and added additional filtering/mitigation measures where technically possible.
We are continuing to monitor the affected IP ranges and will apply stricter protection profiles where needed.
It is important to understand that attacks of this size cannot always be fully absorbed by any hosting provider. When an attack reaches several billion packets per second, the problem is no longer only the protected server, but the physical network capacity of routers, upstream links, and peering/transit connections. In such cases, even very large networks may need to temporarily drop or limit traffic to prevent a wider outage.
If there was a better immediate solution that could fully stop attacks of this scale without affecting customers, we would apply it immediately. Our goal is always to keep services online, even with degraded connectivity, rather than having full downtime. However, with attacks of this magnitude, there are technical limits that no provider can simply bypass instantly.
Based on the current situation, the network is more stable now than during the initial incidents, but there is still a risk of temporary packet loss, filtering, or short blackhole events if another large attack is launched. The provider expects that this type of botnet traffic may lose intensity over the following days or weeks, while additional mitigation adjustments continue to be made.
What happens next:
We will continue working with the upstream network team to improve filtering and reduce the impact of future attacks. We are also reviewing our own protection profiles and customer-side configurations to make sure that exposed services are limited as much as possible. Customers running UDP-based game servers may experience packet loss during active attacks, while TCP-based services such as websites or control panels should remain more stable unless they are directly targeted.
We sincerely apologize for the disruption caused. We know that uptime is critical, and we are treating this situation with maximum priority. We will continue to post updates whenever there are important changes or improvements.
Thank you for your patience and understanding.
We would like to provide a transparent update regarding the network outages and connectivity issues that affected some ESAGAMES services during the past days.
The recent interruptions, including the outages of approximately 6 hours and 1 hour, were caused by extremely large-scale DDoS attacks targeting our IP ranges. These were not normal attacks that can be easily filtered at server level or by applying simple firewall rules. The attacks reached a scale of multiple billions of packets per second, affecting the upstream network infrastructure before the traffic could even reach our servers.
Because of the size and type of these attacks, our upstream provider had to apply emergency mitigation measures in order to protect the rest of the network and other customers connected to the same infrastructure. In some cases, this included temporary blackholing or limiting traffic for the affected subnets. This is why some services became unreachable even though the servers themselves were still online.
We understand how frustrating this situation is, especially for customers who depend on stable services. We want to make it very clear that we are not ignoring the issue and we are actively working with the upstream network team to improve the situation.
The following measures have already been applied or are in progress:
The IP announcements were adjusted so that attacks can be isolated better per /24 subnet instead of affecting the entire range.
Additional route and RPKI changes were requested and applied to allow better network-level control.
UDP rate-limiting was added at one of the provider’s main points of presence.
The upstream provider has reactivated the main announcement and added additional filtering/mitigation measures where technically possible.
We are continuing to monitor the affected IP ranges and will apply stricter protection profiles where needed.
It is important to understand that attacks of this size cannot always be fully absorbed by any hosting provider. When an attack reaches several billion packets per second, the problem is no longer only the protected server, but the physical network capacity of routers, upstream links, and peering/transit connections. In such cases, even very large networks may need to temporarily drop or limit traffic to prevent a wider outage.
If there was a better immediate solution that could fully stop attacks of this scale without affecting customers, we would apply it immediately. Our goal is always to keep services online, even with degraded connectivity, rather than having full downtime. However, with attacks of this magnitude, there are technical limits that no provider can simply bypass instantly.
Based on the current situation, the network is more stable now than during the initial incidents, but there is still a risk of temporary packet loss, filtering, or short blackhole events if another large attack is launched. The provider expects that this type of botnet traffic may lose intensity over the following days or weeks, while additional mitigation adjustments continue to be made.
What happens next:
We will continue working with the upstream network team to improve filtering and reduce the impact of future attacks. We are also reviewing our own protection profiles and customer-side configurations to make sure that exposed services are limited as much as possible. Customers running UDP-based game servers may experience packet loss during active attacks, while TCP-based services such as websites or control panels should remain more stable unless they are directly targeted.
We sincerely apologize for the disruption caused. We know that uptime is critical, and we are treating this situation with maximum priority. We will continue to post updates whenever there are important changes or improvements.
Thank you for your patience and understanding.
Affected Services
ANTIDDOS PROTECTION
FirstColo Datacenter
Incident Timeline
Incident opened
Dear customers,
We want to share a short update regarding the ongoing DDoS situation.
Our upstream datacenter has confirmed that they are working on a better solution for handling these large-scale attacks. Their team is already taking measures to keep any possible downtime as small as possible, and they are also in discussions with their carriers for more efficient blackholing and improved mitigation.
Starting from Tuesday, their network team will continue working on a more stable and improved solution together with their colleagues.
Thank you for your patience and understanding.
We want to share a short update regarding the ongoing DDoS situation.
Our upstream datacenter has confirmed that they are working on a better solution for handling these large-scale attacks. Their team is already taking measures to keep any possible downtime as small as possible, and they are also in discussions with their carriers for more efficient blackholing and improved mitigation.
Starting from Tuesday, their network team will continue working on a more stable and improved solution together with their colleagues.
Thank you for your patience and understanding.
As an update from yesterday, based on what we observed, the datacenter has made some changes to the blackhole system. When the attack occurred, the blackhole no longer lasted for hours as it did before, but only for a few minutes.
The technicians are still working on fully mitigating the attack and improving the overall protection.
The technicians are still working on fully mitigating the attack and improving the overall protection.
Hi,
There was hanges in the datacenter were applied today wich should mitigate most of the attacks ( this not mean all there are still chances of dropping ) but most of them should be mitigated.
There was hanges in the datacenter were applied today wich should mitigate most of the attacks ( this not mean all there are still chances of dropping ) but most of them should be mitigated.
Together with our datacenter and our own tehnicians we setted up aditional filters today to mitigate most of the attack.
Things should be much better from now on!
Things should be much better from now on!
Community Reactions
Let us know how this incident affects you