Spanglefish Logo
  • 12 Feb 2026 10:00
    The Spanglefish 3 system is currently suffering from a distributed denial of service attack. Please check this page for updates.
  • 12 Feb 2026 11:23
    We've worked out which specific site is being attacked and will shortly attempt to restart the system with that site disabled.
  • 12 Feb 2026 11:35
    That didn't work - we're now looking for a solution to block the domain before the traffic reaches the server.
  • 12 Feb 2026 12:29
    So far, that's not working either. The botnet is still attempting to target one specific website which we've now routed through Cloudflare, but it looks like the bots are using stale DNS and still hammering the system.
  • 12 Feb 2026 13:28
    Some sites should now be accessible - those which use Cloudflare's nameservers. Around 10% of sites on the system.
  • 12 Feb 2026 15:59
    No good news yet I'm afraid. Now that we're routeing the targeted domain through Cloudflare we can see that they are blocking 10 million requests per hour from over 4,300 different machines.
  • 12 Feb 2026 16:50
    A tiny bit of light at the end of the tunnel. Cloudflare is still blocking millions of requests from thousands of machines, but we think that the bots are slowly losing the stale DNS and sending their traffic through Cloudflare. Our server is slow, but it is at least just about coping. All sites should be available.
  • 13 Feb 2026 08:04
    The attack hasn't subsided overnight, but Cloudflare is now doing a very good job of blocking the malicious requests. Over 50 million requests per hour from around 20,000 compromised devices.
    Graph of Requests blocked by Cloudflare
  • 13 Feb 2026 11:56
    The attack has dropped from 50 million to about 10 million requests, and we hope that's the end of it. We've also tentatively think we've made progress in removing the BadIIS infection and preventing reinfection. The system is running well right now.
  • 14 Feb 2026 09:16
    After 15 hours or so with no BadIIS reinfection we're hopeful that we now have a clean server. The DDoS attack hasn't stopped, but it's at about 20% of the maximum level, and Cloudflare is preventing it causing any problems for the server.
  • 23 Feb 2026 09:10
    We have another Distributed Denial of Service attack. Working on it now.
  • 23 Feb 2026 09:45
    This is a slightly more sophisticated Distributed Denial of Service attack than previously. It seems to be attacking our IP address directly rather than a single website on the system, which removes our ability to block it as successfully. At the moment, if your domain's nameservers are hosted by Cloudflare then your website should be working as normal, because we've locked HTTPS traffic down to their IP addresses. For other sites, they'll be unavailable at the moment. The attack started around 06:15 this morning. Feel free to email info@spanglefish.com if you urgently need your site available and we'll see what we can do.