YorkHost - Targeted DDoS Attack on Website and Panel – Incident details

Post-Incident Report — Client Area Infrastructure Hardening

Over the past 24 hours, our infrastructure was targeted by a large-scale Layer 7 attack generating several billion requests. This event was part of a broader increase in high-intensity attacks observed since the start of the month. Our teams worked continuously to isolate the affected systems, deploy mitigation on Cloudflare, and maintain service availability for all production environments.

Root Cause

The attack primarily focused on the client-area application endpoints, aiming to exhaust backend connections and session handlers. While the attack traffic was filtered upstream, the resulting request floods temporarily overloaded one of the backend pools dedicated to the client area.

Mitigation Actions

1. Cloudflare Mitigation Rules — Advanced rate-limiting and bot-detection policies were enforced in real time to reduce traffic at the edge.

2. Backend Segmentation — We deployed multiple independent backend nodes behind the load balancer to distribute session and API load more efficiently.

3. Redis Handler Fix — The Redis session handler was reconfigured and isolated on a dedicated instance to prevent bottlenecks during high I/O conditions.

4. High-Availability (HA) Restoration — The HA layer for the client area was rebuilt, allowing automatic failover between nodes.

5. Monitoring Reinforcement — Additional telemetry points were added to track backend latency, session throughput, and Cloudflare challenge rates.

Outcome

The attack was successfully contained, and all critical services (hosting, network, and game infrastructure) remained operational. The client area experienced temporary slowdowns but is now fully restored.

Next Steps

• Ongoing real-time monitoring of backend health and request rates.

• Continuous refinement of Cloudflare WAF and caching rules.

• Expansion of backend node capacity to handle future peaks with greater resilience.

Service stability has been confirmed, and the situation remains under close supervision.

Over the past days, we faced a large-scale and highly sophisticated targeted attack generating several billion requests. Since the beginning of the month, such attacks have increased significantly in both frequency and intensity, affecting not only our infrastructure but also our teams, who are working relentlessly to maintain service continuity.

Thanks to rapid mitigation measures deployed through Cloudflare and our internal systems, the attack was contained and redirected to non-client services. The client area was temporarily affected, but core hosting, network, and game infrastructures remained fully operational throughout the incident.

Our HA systems for the client area have now been restored, and the overall situation is stable. We continue to monitor network performance and adjust protections to prevent further impact.

Everything should now be fully operational. We’ll keep monitoring system behavior and logs to ensure stability.

Currently resolving an issue with the Redis session handler.

Currently deploying new PoPs — billing system is temporarily under maintenance.

For the Client Area, we are deploying one new PoP today to increase capacity in addition to the existing infrastructure and Cloudflare filtering.

Facing a targeted attack on our website and GAME NODE. Mitigation is active, and all services should remain unaffected.