Explanations and Lessons from the Ddos Attack

This last weekend was a tough one for our team as Scoop.it was sadly added to the growing list of websites that have been recently targeted by Ddos attacks. Following the first attack on Friday and our post on Monday, we’ve been up and running without interruptions but we nevertheless wanted to come back on some of your questions and give you as much clarity as we can.

What happened exactly?

As we explained over the week-end on Twitter and right here on Monday, Scoop.it underwent Ddos (distributed denial of service) attacks. In each of these attacks, the protocol seems to be similar: the (same?) hacker sends an email explaining (s)he just launched an attack and promise to stop it in exchange of a relatively modest amount of money. Of course, we’re told that people who complied and paid only gave a signal that they were an easy target and were asked higher and higher ransoms following that.

Ddos attacks are a form of internet attacks consisting of spamming servers with automated requests from hundreds or thousands of bots distributed around the world. They’re nothing new but as explained in this post, they’ve grown much stronger this year. To give an idea, while in the past, it was rare for such an attack to exceed 5Gbps, it’s now grown to much higher bandwidth: as TechCrunch explains, Meetup’s attack last March was 8Gbps.

Ours was a significant multiple of that.

Is this over?

The downtime we had on Saturday was because we decided to completely overhaul our protection system. We can’t give details for obvious reasons but let’s just say it was pretty intense and I’m grateful to our team to have been able to complete that in 6 hours. Of course, when doing a major project like this which should normally take days in just a few hours, you can have a few things go wrong. In this case, precisely two:

- we forgot to transfer the sco.lt domain – our url shortener – to the new infrastructure: this was fixed on Saturday as it was immediately reported but explains while following the downtime some of the links shared on social networks took another hour before they worked again.

- we left one vulnerable point which was attacked Monday morning and caused two 45’ downtimes before being also resolved Monday morning.

Since then, we’ve been good.

Wait… I’m still having problems

Some of you have reported problems after the attacks were resolved. A couple of things can have happened that are usually solved by emptying your browser’s cache and relaunching it. Here is a curated How-To that covers most desktop and mobile browsers.

If you have problems following that, it might be something unrelated but of course, we’re here to help so reach out at http://feedback.scoop.it/.

Is that HeartBleed?

No.

HeartBleed is a different thing: a security bug in the OpenSSL authentication protocol that many web sites – including Scoop.it – use. In our case and as many other sites, we’ve corrected the HeartBleed bug weeks ago and the attacks are not exploiting anything on our end related to HeartBleed.

Now, HeartBleed having rendered a lot of servers vulnerable everywhere on the planet, we’ve heard it might have indirectly helped attackers perform larger Ddos attacks because it made it easier for them to access these servers. But whether it’s true or not, this would be an indirect consequence: we were not attacked because of any problem dealing with HeartBleed on our end.

Are our data safe?

Yes.

Ddos attacks are attempting at saturating and exhausting our servers with requests but attackers didn’t have access to any data.

No data was compromised during the attack.

What will happen next?

We don’t take these past few days with a service up and running as a sign that we’ve won the battle forever. We continue not only to monitor the situation very closely but we’ve put together a plan to strengthen our protections even further.

In the process, we’ve been helped by many other tech startups which had also been under attack: I’m not sure they want to be named and be reminded of these sad events but we’re nevertheless grateful for all the help and advice we’ve received. It’s great to see so much solidarity in the tech world.
I also want to thank you for your patience while dealing with this. We understand how frustrating the situation has been and we’re sorry you had to undergo such problems. Again, rest assured we are committed to win this fight and will do what it takes.

Last, I want to thank our entire team for having saved the day with such dedication and commitment. All hands have been on deck but I’d particularly want to highlight the work done by Steph – who heads our Ops – and Doume who leads our engineering team.

About Guillaume Decugis

Co-Founder & CEO of Scoopit. Entrepreneur (Musiwave, Goojet). Skier. Gamer. Blogging without blogging here: http://scoop.it/u/gdecugis
  • M. Edward (Ed) Borasky

    What’s being done to bring these thugs to justice?

  • http://www.scoop.it/u/robert-kenkel Robert Kenkel

    Nothing like an unscheduled security overhaul. Glad to hear it wasn’t too painful…

  • Michael Gerth

    Well done. And helpful post, thank you.

  • Amaury Lainé

    Very helpful post! thanks a lot and well done!

  • http://www.sasfor.com/ Election Analysis Team

    Great Job. As M. Edward said “What’s being done to bring these thugs to justice?”