Me too....


Payment Method (Credit/Debit Card or PayPal Account)

An error occurred while recording your order. Try again or press "<Back" to select a different payment method or press "Cancel" and contact us with your order details. The error was: 408 Request Timeout

Cheers Jo... Question is, is anyone else using Shared SSL getting the same error on their site? And is it an issue on my side of things or Actinics? Am currently trying to setup and run on local SSL to eliminate us from the equation...

Righty..... tis solved and here's what it was...

We were under continuous DDoS attack throughout most of last week. For the majority of that time Cisco's PIX FloodGuard was enabled and the hostile traffic filtered out so we felt very little of it. Sunday however things got extremely bad and we effectively lost the server for a while. We still had very slow access to work on it but insofar as serving pages go it was useless. Hantai (one of my tech gurus) was at that time able to deal with the source of the attacks and put a stop to the problem.

Since, a minority of users, apparently all on Telewest and NTL, have been finding that pages on any and all sites on this server have a tendency to start reloading in a loop rather than just accessing directly. Users globally have been unable to process orders thru our Actinic Shared SSL Checkout. Our best guess at the time is that this is a combination of the following factors:

1. FloodGuard is on high alert since the aggravated incident on Sunday.
2. We have a strong concentration of Telewest and NTL users on several sites hosted on this server.
3. And most crucially, Telewest and NTL force their users to connect to the web via their proxy/cache, resulting in all these users showing up as hits from a VERY small number of IPs (i.e. 400 users doing a single hit looking like 100 hits from only 4 users each)
4. All users checking out come form the Actinic Shared SSL Server - a single IP - thus showing a LOT of consecutive hits from one IP, which then triggered floodgaurd as it was the highest scoring likelihood to be another DDoS after the main attack was over.

The key to the weird symptoms, I suspect, is a behaviour of the Telewest/NTL cache, when enough people hit the server FloodGuard denies the connection, but rather than returning a failed load result to the user the cache retries the connection and send the user a refresh page instead. It returned a timeout to the Actinic Shared SSL Server.

Our ISP have now disabled the PIX Floodguard, and all issues have vanished.

Soooo..... the word of warning is, if you use Cisco PIX Floodguard protection at any level (eg: daughterboard in a 7500 / 6500 series router, or the standalone PIX itself), ensure you get the IP of actinic's shared SSL server added in to be excluded from all DDoS Protection rules... otherwise when it's in "alert" mode, it thinks Actinic passing on succesful checkouts is actually a DDoS in progress.