On Wednesday, 22 April, our billing portal (the WHMCS site you log into at pulsedmedia.com/clients) was the target of an application-layer denial-of-service attack. For roughly 17 hours — from about 09:22 UTC until 22:05 UTC — some of you would have seen intermittent slowness or the occasional error page while logging in, paying an invoice, or opening a ticket.
Your seedboxes, your data, and your services were not affected. The attack was aimed at the billing portal only. No customer data was accessed, and nothing was compromised. We store no payment card data on our side; payments go through our processors.
What happened, plainly: a distributed botnet hammered a handful of WHMCS public endpoints — knowledge base search, announcement pages, the cart — with a flood of expensive, junk requests designed to tie up the PHP workers. Standard L7 flood tactics.
We handled it in-house. No third-party scrubbing service was called in. The fix was at the application and web layer — pattern blocks for the abused endpoints, tuning of php-fpm and Apache worker limits, and tightened keep-alive windows. By the time the attack ceased, every junk request was being refused cheaply at the web layer. Your seedbox infrastructure was never in the blast radius.
If you hit anything odd on the billing portal in the next few days, open a ticket and we will look immediately.
Best Regards,
Väinämöinen
Pulsed Media Support
(Once rebuilt Sampo fragments, now rebuilds billing portals)
Thursday, April 23, 2026
