On Monday, October 27, 2014 EventEspresso.com was targeted by a distributed denial of service attack. This works by flooding our servers with dummy requests so that authentic requests from real website visitors are not processed. If you tried to access our website earlier today, then you may have experienced one of the following:
- slow website loading
- 502 bad request
- partial loading or broken styling on various pages
No customer information has been affected and all customer data is safe.
Some initial findings on this attack has been posted here: http://status.eventespresso.com/update-on-service-interuptions/
We will be conducting a full investigation of this attack over the next few days and will provide another update once this has been completed. We are very sorry about any inconvenience that this may have caused today.
Additional availability by our team will be made for tomorrow (October 28th). If you recently created a support post in our support forums, then you’ll receive a response soon. Have a question about your Event Espresso account or a recent purchase? Get in touch with our team through our contact page: https://eventespresso.com/contact/
This is an unfortunate way to start out the week and we are very grateful for your patience.
My IP has also been attacked a few times. It is annoying and scary at the same time. I had to purchase a new IP and move all my websites to the new IP to avoid it. What is the point of these stupid attacks anyway. Glad to see you got it sorted.
Thanks Judy! Sorry to hear that you have faced the same situation. Fortunately, we were able to pinpoint how it was happening and patch up the server and some inefficient code that made the DDOS attack possible.
Hey Guys,
Sorry to hear about the attack – we got hit also.
Would love to hear what your findings are and your methods moving forward to stop the problem happening again. It might help us to formulate a plan ourselves.
Chris
Thanks lutand!
In our case, the attackers were able to expose an attack vector on our server using the api we have in place for recording stats and for receiving update requests to the plugin update engine. Our developers spent the majority of the day putting in place some measures to prevent DDOS attacks in the future and implemented some rate-limiting on the api endpoints for our plugin update engine. While doing this, we also noticed an inefficient query that compounded the server problems and we fixed that.
Preventing attacks in the future
I’m not sure of the attack vector used in your specific case, but the primary fix for us was that we implemented rate-limiting on the exposed api endpoints and added some ddos rule protection to protect against wp-login.php flooding.
In addition to the above, we also installed the WP Spam Shield plugin to prevent spam user registrations. On average, a new spam account was added every three minutes. Since adding the WP Spam Shield plugin, our spam user registrations have dropped substantially.
I hope this info helps. We will try to post more about the situation as soon as we can.