If you had problems with the internet today, you are not alone. A large DNS provider, DynDNS, also known as Dyn.com, has been hit with a series of DDoS attacks today. Initially, the attacks started on the East Coast of the United States in the morning, but most were resolved within a few hours.
What is a DDoS attack?
A denial-of-service (DoS) attack can take sites down or bring them to a slow crawl as it floods the internet with traffic via bots. The perpetrators of such attacks breach unmanaged DNS servers on the webs and create massive amounts of traffic which flood the targets with requests and make it difficult for legitimate parties to access the site as expected.
A larger scale distributed denial-of-service (DDos) attack, such as today’s, ramps that up and uses more than one, often thousands, of unique IP addresses to cause havoc.
Who perpetrated the attack?
Today’s attacks seem to be well planned and executed, according to Dyn and were coming from IP addresses numbering in the tens of millions at the same time.
There was chatter online earlier today that the attacks may have been state-sponsored attempts to disrupt services in the United States. However, a senior U.S. intelligence official told NBC News late this afternoon that the current assessment is that this is a classic case of internet vandalism. The official went on to say that it does not appear at this point to be any state-sponsored or directed attack.
Many large brand names were affected.
The attacks hit some major players hard today and disrupted services for millions of people. So far the strike has affected:
It has also affected many other large, well-known brands.
How did this DDos attack affect your website?
Chances are it didn’t, to be honest, unless your site uses some external servers to handle transactions such as PayPal or Shopify.
We received a few notifications of temporary outages on some of our maintenance clients’ sites. However, these occurred in the middle of the night and were for less than five minutes at a time. Because of the short duration, it is more likely that those brief outages were related to routine maintenance on servers where your sites are housed, then due to a cyber-attack.
But, to be on the safe side, we checked the sites of our clients who subscribe to our WordPress Monthly Maintenance packages and they were all up-and-running as expected.
If you have hosting services with us and are not on a maintenance plan, your sites are also unaffected and up-and-running as they should be.
If you aren’t on one of our monthly packages or are not hosted directly by us, please double check your site and make sure all is working correctly.
Does your site use external services?
If your site accepts payments through PayPal or other online payment providers your shopping carts may have been temporarily affected by the attacks. Transactions can be stalled if your payment processor goes offline. Paypal was hit earlier in the day but appears to be running now.
Other offsite services that you may be running on your websites, such as social media integration (Twitter’s API became unavailable at times) and offsite backups could have been affected.
Are the DDoS attacks still occurring?
As of 4:30 PM (EST) Dyns was on their third wave of DDoS attacks. By mid-afternoon Europe also started experiencing the same sort of outages. Dyn is continuously working to mitigate the attacks. The status of updates from DynDNS is available here and on Twitter.
The source code for the Mirai malware that infects a vast (1 million plus) Internet of Things botnet was released last Friday to the general public. This could mean that the web may soon become flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders, and other devices that are easy to hack. Some speculate that today’s attacks could have been related to that source code release.