Network Issues

Incident Report for VPSBlocks Pty Ltd

Postmortem

Summary

On 29 May 2026, network services within the Melbourne datacentre experienced a large-scale, sustained Distributed Denial of Service (DDoS) attack targeting infrastructure within the facility.

The attack resulted in periods of increased latency, packet loss, and intermittent connectivity issues affecting VPSBlocks services hosted within the Melbourne datacentre environment.

The incident was managed by the datacentre network engineering team in conjunction with their upstream DDoS mitigation provider. Multiple rounds of mitigation tuning and traffic filtering were required due to the scale and evolving nature of the attack.

Normal service levels were restored following the successful implementation of enhanced mitigation measures.

Customer Impact

During the incident, some customers may have experienced:

  • Increased network latency
  • Packet loss
  • Intermittent connectivity issues
  • Temporary service degradation

No customer data was compromised, modified, or lost as a result of this event.

Timeline

29 May 2026 – approximately 12:55 PM AEST
A significant volume of malicious traffic was detected targeting network infrastructure within the Melbourne datacentre.

29 May 2026 – approximately 1:25 PM AEST
Initial DDoS mitigation measures reduced congestion levels and improved network stability.

29 May 2026 – Afternoon and Evening
Additional waves of attack traffic were observed. The datacentre and mitigation provider implemented further filtering policies, traffic engineering changes, and enhanced scrubbing measures to address evolving attack vectors.

30 May 2026 – approximately 8:21 PM AEST
Mitigation measures successfully suppressed the remaining attack traffic and network conditions returned to normal operating levels.

Root Cause

The disruption was caused by a sustained, multi-vector DDoS attack targeting network infrastructure within the Melbourne datacentre.

The attack generated traffic volumes and attack patterns that required multiple rounds of mitigation tuning and threshold adjustments by the datacentre's upstream DDoS protection provider before traffic could be fully filtered.

This was an external network attack and was not caused by any VPSBlocks systems, customer infrastructure, or configuration changes.

Resolution

To restore service stability, the datacentre and upstream mitigation provider:

  • Routed traffic through dedicated DDoS scrubbing infrastructure
  • Applied enhanced filtering and rate-limiting policies
  • Performed multiple rounds of mitigation rule optimisation
  • Continuously monitored and adjusted protection thresholds as attack patterns evolved

These measures successfully filtered malicious traffic while allowing legitimate customer traffic to continue reaching services hosted within the datacentre.

Post-Incident Actions

Following the incident, VPSBlocks has worked with the Melbourne datacentre and upstream mitigation providers to review the event and identify opportunities to improve response effectiveness for future large-scale network attacks.

Actions completed are as follows:

  • Review of the incident timeline and mitigation effectiveness with datacentre network engineers.
  • Validation of escalation procedures between the datacentre, DDoS mitigation provider, and VPSBlocks operations team.
  • Review of traffic routing and scrubbing policies used during the incident.
  • Confirmation that enhanced mitigation profiles developed during this event remain available for rapid deployment should similar attack patterns reoccur.
  • Internal review of customer communication processes to ensure timely status updates during major network incidents.

Moving Forward

VPSBlocks worked closely with the datacentre network engineering team throughout the incident and remained in continuous communication while mitigation activities were underway.

We appreciate our customers' patience during this event and will continue to work with our infrastructure partners to ensure appropriate mitigation measures remain in place for future large-scale network attacks.

Posted Jun 05, 2026 - 13:58 AEST

Resolved

We have not endured any further issues with this since Saturday 30th of May. We are now closing this event and will be providing a further report as soon as it is finalised.
Posted Jun 04, 2026 - 18:38 AEST

Update

The UDP storm activity observed has now largely subsided, with services remaining stable for approximately the last 2 hours.

Mitigation measures remain active, and we continue to monitor the network alongside the datacentre and upstream providers. While the situation has stabilised considerably, we will continue monitoring before formally closing the incident.

Further updates will be provided should the situation change.
Posted May 30, 2026 - 22:28 AEST

Update

We are still monitoring the current UDP storm wave coming through.
Posted May 30, 2026 - 20:11 AEST

Update

Unfortunately we are seeing signs of a further UDP Storm wave coming through. We are currently talking with the Datacentre (DC) and Upstream network providers to ensure mitigation measures and filtering of traffic is continuing.
Posted May 30, 2026 - 19:52 AEST

Update

The services have returned back to normal. The UDP storm activity observed has now subsided, with services remaining stable for quite some time.

Mitigation measures remain active, and we continue to monitor the network alongside the datacentre and upstream providers. While the situation has stabilised considerably, we will continue monitoring before formally closing the incident.

Further updates will be provided should the situation change.
Posted May 30, 2026 - 17:48 AEST

Monitoring

The UDP storm affecting services remains ongoing, and mitigation efforts continue with the datacentre and upstream providers.

While the situation has improved compared to earlier stages of the incident, we are not yet in a position to declare the event resolved and we will post further updates as they become available.
Posted May 30, 2026 - 17:14 AEST

Investigating

Unfortunately we are seeing signs of a further UDP Storm wave coming through. We are currently talking with the Datacentre (DC) and Upstream network providers to ensure mitigation measures and filtering of traffic is commencing.
Posted May 30, 2026 - 15:29 AEST

Update

The services as of around midnight did return back to normal. The UDP storm activity observed yesterday has now largely subsided, with services remaining stable for approximately the last eight hours.

Mitigation measures remain active, and we continue to monitor the network alongside the datacentre and upstream providers. While the situation has stabilised considerably, we will continue monitoring before formally closing the incident.

Further updates will be provided should the situation change.
Posted May 30, 2026 - 10:14 AEST

Update

The UDP storm affecting services remains ongoing, and mitigation efforts continue with the datacentre and upstream providers.

While the situation has improved compared to earlier stages of the incident, we are not yet in a position to declare the event resolved and we will post further updates as they become available.
Posted May 29, 2026 - 23:45 AEST

Update

We have been advised that the attack is still ongoing. It is being mitigated upstream by the upstream providers however the attack is susbstantial in size. We do not have a firm ETA as yet but once is known we will be updating the information on here.
Posted May 29, 2026 - 21:54 AEST

Monitoring

Network services have largely been restored following the earlier UDP storm event.

Mitigation measures implemented by upstream network providers remain active and the majority of affected services are now operating normally. While stability has significantly improved, we continue to observe intermittent UDP storm activity and SYN flood traffic targeting portions of the network.

Upstream providers are actively filtering malicious traffic and monitoring network conditions to ensure legitimate traffic continues to flow with minimal disruption.

Our team remains in close contact with the datacentre and upstream providers and will continue to monitor the situation until the incident has been fully resolved.

We appreciate your patience and understanding during this event.
Posted May 29, 2026 - 19:00 AEST

Identified

We are currently experiencing an ongoing UDP storm affecting network infrastructure at the datacentre level.

The issue has been identified and is impacting multiple customers and services within the datacentre environment. Upstream network providers are actively implementing mitigation measures and filtering traffic to isolate and allow legitimate traffic to continue flowing while the event remains in progress.

Customers may experience intermittent packet loss, increased latency, or temporary connectivity disruptions during this time.

We are working closely with the datacentre and upstream network providers and will continue to monitor the situation until normal service levels have been fully restored.

Further updates will be provided as additional information becomes available.
Posted May 29, 2026 - 16:52 AEST
This incident affected: VPSBlocks Website, Management Portal, High Availability VPS Services, Regular VPS Services, Network, and Cloudlets.
Current Status Powered by Atlassian Statuspage