When any ECS instance is under a massive DDoS attack, and if its traffic exceeds the Alibaba Cloud Security black hole threshold value, the ECS instance is then black-holed, which leads to server unavailability.
In this situation, follow these steps to view the duration and know the reason as to why the ECS instance was black-holed.
Note: Currently, the black hole threshold values of ECS instances may vary across regions. For more information, see Alibaba Cloud black hole policies.
Log on to Alibaba Cloud Security console.
Go to Anti-DDoS Basic, and find the ECS or Server Load Balancer instance through IP address.
The Security Information column of the instance is displayed as abnormal at this time. Click the instance IP address or View details.
View the duration time and reason for this black hole event. You can also verify the instance’s black hole threshold value.