Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
From the carrier: Although we still have further detailed investigations to carry out, we are now confident we have isolated the underlying cause of today’s issues which eventually caused problems to both our inbound and outbound service to various extents plus resulted in some clients being unable to amend routing on numbers.
Our team have checked all systems are operational and will continue to monitor for some time yet. Meanwhile we will be working hard to understand the cause, the impact and the mitigation steps we need to take. This will take a little time and we ask that you bear with us for a couple of days to complete this work but we will ensure you have a full report on Tuesday at the latest.
Our usual monitoring, support and callout processes will remain in place all over the weekend and, due to today’s issues, we will have additional engineers doing manual checks throughout too but we do not anticipate any further disruption.
Please accept our sincerest apologies for the problems our network has caused you and your customers today, we take any outage extremely seriously but we appreciate this one was particularly disruptive for many clients and we assure you that we will be doing our utmost to prevent a similar situation from recurring in the future.
Further details as sent out from Draytek:
If you are experiencing this issue, please follow the steps below to troubleshoot:
Disconnect the WAN cable.
Log into the router’s Web UI and check the system uptime. If the uptime is lower than the last known reboot, this indicates the router recently restarted.
Disable Remote Management by going to [System Maintenance] > [Remote Management].
Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control].
Reboot the router and reconnect the WAN cable.
Monitor the connection to see if the WAN remains stable.
Firmware check and update:
Verify your router’s firmware version. If it is outdated, update it to the latest version.
Before updating, note your current firmware version. If you do not have a copy of the current firmware, download it first.
Take a configuration backup to avoid losing your settings.
If your WAN connection is stable:
Even if your device is not disconnecting, it is good practice to ensure you are on the latest firmware.
If your router is already on recent firmware and the newest version is not marked as Critical, an update may not be urgent but is still recommended for optimal performance and security.
For further assistance, visit our support page or contact our Customer Support team.
Thank you for your patience and cooperation.