We are writing to update our customers about the recent slowness and outages experienced with all services – our CMS Websites, Auction Trak, Donor Trak and Curriculum Trak applications.
DIS | Faithwebsites has been the victim of a Distributed Denial of Service Attack (DDoS), or Denial of Service Attack. DDoS attacks are when a criminal targets a server or group of servers or network, and then works to overload the server so that it literally grinds to a halt. It is inoperative and sites and applications go down with it.
Starting last Friday (June 20), we experienced what was at first some minor server issues. Our technical teams did some maintenance work and services were quickly restored. That pattern repeated itself through the weekend, with the problem getting far worse on Sunday. On Monday, we began a full out defense against the DDoS attack and we are still fending off what may actually be more than one DoS or DDoS attacker. Each day we thought we had managed to successfully fend off the criminals, only to find out a matter of hours later that they were back with renewed attacks. It is what the engineers refer to as an “intelligent” DoS attack – so the bots and other means the criminals are using is outsmarting the typical steps to remove the attack.
This is why many of you experienced slowness of service and intermittent outages. At times, all sites and applications were running, but slow because the server was getting overwhelmed but still working. At other times, the server gave out and it would take the team time to bring it back up again. Other times, our firewall and other securities were forcing a complete shut-down to physically block the attackers from any more access. Sadly, the attackers are waiting for us, watching for us to come back online and waste no seconds in resuming.
At the time of my writing (Thursday, 11:00 am CT), we have several teams of experts full-out fighting to regain full control and block our DoS attackers. These teams consist not just of our own DIS team, but also of our cloud hosting provider and other third-party resources we’ve reached out to for additional help in fending the attackers.
What you do need to know is that your content – websites, database content, curriculum data, donor data and auction data – all of it – is safe. This is not a hacking type of attack where they work to gain access to your content. And even if that was – the great thing is that our firewall and other securities are in place and working well. And remember, all your data is backed up nightly and that data is moved to a totally different physical storage space, another added security for your data.
We know that this is not the service you expect from DIS and we profoundly apologize. We have securities in place, but as these criminals become more sophisticated in their attack and attack methods, those securities are breached. Ancestry.com, evernote.com, and feedly.com were all under DDoS attacks just in the past week to two weeks. Reports show that DDoS attacks have rapidly increased starting in May 2014 in the U.S.
Below is a screenshot of the top DDoS attacks on June 20th – and you can see the concentration on the U.S. You can view this map live and current at Digital Attack Map.
June 20, 2014, DDoS Map
You may find these links below of interest or informative:
We are still battling the DDoS attack. We will post on our Support Center announcement forum updates as we progress. We value your business, and most of all we value all the words of encouragement and support many of you have extended our way. Each of us here at the DIS team have been working long days (and little sleep!) and your words of prayers and encouragement have richly blessed us. We are honored to serve you and your ministries. May God bless you!