Yesterday evening, Moonfruit was subjected to a second DDoS attack in as many days. This caused our servers to be oversubscribed – as a result, many sites were not loading. We’d like to apologise for any inconvenience that these attacks have caused our customers – we know a number of you had websites that were affected. We also wanted to explain what DDoS attacks are, why they are happening and what we’re doing to stop them.
What is a DDoS Attack?
A DDoS (Distributed Denial of Service) attack is an attempt to make a website unavailable by directing a large amount of traffic to it from multiple sources. A DDoS attack usually employs what is known as a ‘Botnet’. This is a large network of computers that have been compromised by malware, often spread throughout the world. The computers are controlled remotely and instructed to carry out a set of instructions that include sending a large number of requests to the website or service that is the target of the attack. This overwhelms the server and stops a site (or sites) being accessible to its usual traffic. Unfortunately, because we have multiple sites hosted on our servers, when an attack takes place it can affect a large number of our customers at once. This is what happened on Tuesday and Wednesday evening, and why customers saw a 504 error when they tried to access their site.
Why are they happening?
DDos attacks are becoming increasingly popular as a way to bring down a website. In fact, about 1/3rd of website downtime experienced by companies is due to DDoS attacks. All types of companies can be affected by DDoS attacks, including companies much larger than Moonfruit. The reality is that the capability to carry out these attacks is becoming increasingly accessible but defence against them is still as difficult as ever.
Are my site and personal details safe?
Absolutely. None of your personal information is compromised during a DDoS attack. The thing to remember is that the people who cause these attacks are not trying to steal personal or sensitive information. Instead, they’re trying to wreak havoc for the site in question. No one has access to your account information, nor do DDoS attacks result in website content being wiped out or lost.
What are you doing to fix the issue?
The SysOps team were alerted immediately when the attacks started and began working to mitigate the effects straight away. Going forward the engineering team is looking at new solutions that could counter future attacks.
I’m frustrated that you’re posting other things on social media instead of fixing the problem.
Posting on Facebook and Twitter is done as a way of sharing useful information with our users. Although this may not be appreciated when there are problems with the service, it does provide a useful resource for many of our customers. You have our assurance that posting to our social channels does not lessen the amount of work our SysOps team are doing to deal with the servers, at any point.
If you are still having trouble with your website, please get in touch with us through support or our social channels and we’ll do our best to assist you.