Phoenix Protocol RP - Notice history

Still working with our host on this.

We have temporarily reverted the changes while we await answers from the vendor. The server is joinable, but timeouts are likely still

We are implementing some changes that may temporarily cause connection lost until complete.

We are still working with HostHavoc in trying to mitigate this. Due to security policies, updates are limited.

Phoenix Infra and HostHavoc have identified UDP Flooding against our FiveM services. The flooding is only causing randomly occurring timeouts. We are working on correcting this issue. Updates will be limited per our security policy.

We are continuing to work on a fix for this incident. Updates will be limited for security purposes.

After nearly two months of a long term DDOS attacks, we believe the situation has been mitigated. HostHavoc reported this as one of the largest attacks they have encountered. The initial attack was 1.4 Terabits a second (Tbps) For simplicity, that would be the equivalent of steaming all 62 episodes of Breaking Bad in 4k at the same time 1,129 times a second. The attacks were taking their entire NYC center offline. To protect their network, they would nullroute our server. The practice of nullrouting is basically disconnecting our server from their network and shunting all that data into the void for a predetermined time.

During this, HostHavoc and ourselves increased protections to mitigate the attack, especially once the attacks started to escalate into a cyber attack with attempted brute forcing into our servers. We currently do not believe that there was any unauthorized access into our systems and player data is safe.

We will continue to monitor our network and work with HostHavoc and partners to continue strengthening our security.

We do apologize for the inconvenience over the period of the incident and thank you for sticking it out with us.

This incident has been resolved.

We are aware of several security concerns that we are addressing, including that the attacker may be monitoring our lines of communications. There is currently no threat to users. We will be limiting our updates to very generic updates and may omit updates to maintain operational security.

We are continuing to work with our service provider on the attacks.

We have been tracking our data along with HH and believe that our defense structure has mitigated any further attacks over the past several days. We will continue to monitor.

Null routing removed

Null routing in effect

Null routing removed. Periodic outages are very likely.

Another attack is occurring, null routing in effect.

Null routing removed. Periodic outages are very likely.

Null route in effect

HostHavoc has notified us that the FiveM ports appears to be the primary target in the attack. They are working on strengthening their infrastructure to continue mitigation of the attacks on a daily basis. Phoenix Infrastructure and HostHavoc believe we will soon be at a point where things will return back to normal operations.

Frequency of the attacks resulting in null routing is increasing. Periodic outages are very likely.

Attack mitigated. Periodic outages are still likely.

Toaster brigade is attacking again

Attack mitigated. Outages are still likely.

Attack occuring

Null routing removed. Outages are still likely.

Another attack occuring

Null routing removed. Outages are still likely.

Null routed due to a 200Gbps attack

HostHavoc has confirmed they are having some issues and they are working on it.

Appeared to be a network outage. Will continue to monitor.

Connection is restored. Periodic outages is still likely.

Another attack is occurring. The same botnet has been attacking and HH has been able to ward off until now.

Null routing removed. Periodic outages is likely

Null routing in effect.

We made it 24+ hours before we took another attack. We just processed an attack where it appears to not overwhelm the DDOS protection as the previous attacks has. These microbursts may cause timeout, but shouldn't take us fully offline.

Null route is removed from out. HH has identified that the attack is coming from a South American botnet.

HostHavoc has placed a longer null route on us as this attack is still affecting their entire NYC data center. They are communicating with their T1 upstream providers to investigate further and find ways to mitigate.

Another DDOS attack is occuring

The current attack has passed and we will continue to monitor.

We are being attacked… again

HostHavoc fully mitigated the attack over night. Both HH and PPRP Infra will continue to monitor throughout the day for any potential secondary issues.

HostHavoc is still working on mitigating this attack as it has saturated the T1 upstreams. They are constantly making tweaks to combat the attack that is flooding terabits of data every second. Our services may periodically become inaccessible until the attack is fully mitigated.

HostHavoc is still working on mitigating this attack as it has saturated the T1 upstreams. They are constantly making tweaks to combat the attack that is flooding terabits of data every second. Our services may periodically become inaccessible until the attack is fully mitigated.

According to R* all services are operational?