Overview of the Targeted Attack of the Past Year

2 posts / 0 new
Last post
puravida's picture
Jedi Warrior
Joined: 09/01/2007
Visit puravida's Website

In short, ShrinkTheWeb was the victim of a very targeted attack that caused system instability over an 8 month period. Due to the sneaky way that the 1.5 billion requests per month attack was executed, our hired "experts" kept citing service growth as the culprit. It took months, and running through several so-called "experts", to get to the bottom of the technical reason we were experiencing outages and system instability.

So, we set out to migrate to a clustered, server farm solution similar to what big companies have but having to do it on a small company budget. It was rough and our consultants kept disappearing for days or weeks at-a-time, so it took nearly 4 months. But now, ShrinkTheWeb is running on a powerful, redundant server farm that increased concurrent connection capacity by 500% and allows for tripling that with a few clicks of a mouse (and spending more money, naturally! hah!).

Fortunately, I discovered the on-going attack shortly after we began planning for the massive server farm migration and was able to write some code to mitigate it. System stability instantly returned. However, our impeccable uptime record had been shattered by then thanks to someone who wanted to destroy ShrinkTheWeb. Hooray for becoming popular, I suppose. Smile

This particular attacker left a lot of tracks in order to compromise our system. It was required in order for them to go undetected for so long --basically posing as a typical user and providing their domains and IPs. The perpetrator was someone located in Canada who used fourteen(14) powerful servers to bombard the service with legitimate looking requests so fast that pushed our servers past their concurrent connection limit. This person spent a lot of money on resources to kill our company, so it may have been a somewhat personal vendetta. Regardless, the new code renders this type of attack useless and even prevents distributed attacks of this type.

ShrinkTheWeb was the intended victim but we were saddened that our customers were the ultimate victims --free and paid alike. Customers who cached locally or had good retry logic did not notice as much, but others did. I am offering a full month of credit for those who were upgraded at the time, affected, and want to claim the credit. Just open a support ticket and request a credit. It is a small token of our appreciation for riding out the trying times while we dealt with the attack, migrated to a new solution, and overcame a mountain of hurdles.

Now that the system is running better than ever and we feel that future attacks will be stopped in their tracks, we are committed to restoring user's faith, confidence, and trust in ShrinkTheWeb. I want to send a HUGE thank you out to all of our loyal users and especially those who wrote in with words of encouragement while we struggled to figure out what was wrong and how to overcome it. You all mean the world to us! Smile

Joined: 01/22/2014
Visit TheInter's Website

They only maked a prank Hat

ShrinkTheWeb® (About STW) is another innovation by Neosys Consulting
Contact Us | PagePix Benefits | Learn More | STW Forums | Our Partners | Privacy Policy | Terms of Use

Announcing Javvy, the best crypto exchange and wallet solution (coming soon!)

©2018 ShrinkTheWeb. All rights reserved. ShrinkTheWeb is a registered trademark of ShrinkTheWeb.