Dear Valued Customers,
vHost would like to provide details regarding the large-scale DDoS attack affecting our systems from May 23th to May 27th, 2026.
1. Incident timeline
May 23 – Attack Outbreak
From May 23th, the system recorded a massive spike in DDoS attack traffic, exceeding 10 Gbps. This caused uplink congestion and severely impacted BGP peering operations.
To ensure stability for other users, vHost rerouted traffic to redundant routers, mitigating the load and maintaining operations for most services.
May 24th – Urgent Coordination with Partners
On Sunday morning, May 24th, vHost worked urgently with our infrastructure partners to deploy an uplink upgrade to 40 Gbps to handle the escalating attack volume.
However, due to administrative procedures on the partner’s side, the deployment took longer than anticipated.
May 27th – 40 Gbps Upgrade Completed
By Wednesday evening, May 27th, 2026, the upgrade was successfully completed, raising the total uplink bandwidth to 40 Gbps. This enhanced the system’s capacity to absorb and mitigate larger attack volumes.
Current Status (As of June 3, 2026)
vHost continues to record daily attacks on the system. The peak occurred on June 2, with 3 separate attack waves reaching over 22 Gbps per incident.
2. Recorded Attack Types
Recent attacks have primarily focused on two vectors:
- ICMP Flood Attack
- UDP Flood Attack, including:
- DNS Amplification Attack
- DNS Amplification Attack
When traffic exceeded 22–25 Gbps, the system had to process a massive volume of malicious traffic, leading to overloads. vHost utilized hardware offload on dedicated firewall appliances to scrub malicious traffic, successfully reducing the load on the OS level and maintaining the most stable operations possible.
Statistics show that the majority of the attack traffic over the past month originated primarily from two countries:
- United States: 38.16%
- Vietnam: 29.76%
3. Temporary Solutions to Ensure Service Security
a. Block all ICMP (ping) across vHost IP ranges
To minimize the impact of ICMP Floods, vHost has temporarily blocked all ping requests across our entire IP range. If you are monitoring your services via ping, please switch to alternative protocols:
- HTTP / HTTPS
- TCP Port
- DNS
- Other end-services
b. Change DNS Resolver (Action required before June 5th, 2026)
To avoid DNS resolution disruptions while the system mitigates Amplification attacks by blocking UDP traffic, please switch the DNS Resolvers for your Servers/VPS hosted at vHost to:
➡️ 103.143.145.6
Note: This DNS Resolver update only applies to Dedicated Servers and Cloud VPS services that you operate at vHost. For Email, Hosting, and other Managed Services, vHost will proactively update this for you.
DNS Resolver configuration guide: https://vhost.vn/huong-dan-cau-hinh-dns-resolver/
To ensure your configuration is correct, you can contact us at support@vhost.vn for verification and support.
c. Update Time Server
For services requiring time synchronization, please use:
➡️ time.vhost.vn
4. Commitments from vHost
vHost will continuously:
- Closely monitor attack traffic volume.
- Optimize filtering and traffic scrubbing systems, as well as routing management when necessary.
- Coordinate with upstream providers to enhance resilience.
- Ensure your services operate stably.
We sincerely apologize for the inconvenience caused during this period and highly appreciate your understanding and cooperation.
