|Posted: Sunday Aug 4th, 2013 at 8:38 pm #55171|
I’ve been having a few strange issues with my server today. It went down 3 times, which my host attributed to a ddos attack on another site on the same switch. During my conversations with the host, they mentioned the following IP has been blocked since yesterday around 11:58pm:
They said the “messages” log shows incidents of it being blocked
We both did a whois lookup on the IP and it resolved to CyberSource dot com (CyberSource Corp), which, as you probably already know, owns Authorize.Net.
Today I’ve had an uncharacteristic drop in sales processing activity even though the traffic has been steady. My traffic on the pages that display the s2member Authorize.Net pro forms is also down a bit, but that may just be noise, although I’ve never seen such a page view decline on those forms before.
So, my question is, is the 18.104.22.168 a legit Authorize.Net IP that’s being blocked that’s been the cause of my woes today? Does s2member’s API actually connect to a domain that resolves to that IP? Or perhaps s2member connects to another domain, but the “response” domain or IP is unable to connect back due to it being blocked somehow?
By the way, I upgraded s2member v130617 to v130802 a little after midnight today, but I don’t know if that has anything to do with it.
I’m actually thinking about downgrading to v130617, as a precautionary matter. When I go through the site, it seems fine, but since I’ve had a good experience with that version, I may want to try going back. I don’t want to steer focus away from this matter, so I’ll open a separate topic about that.
- s2Member® Products