PlentyOfFish does NOT Negotiate with Criminals

http://blog.pof.com/wp-content/uploads/2014/05/503-Error.png

We hate downtime and work round the clock to keep our services up and running. Today, many of you experienced a rare service outage. This is what happened.

At approximately 6:54am PST we received the following warning:

Email from attacker 3

 

 

 

 

It’s not unusual for a large target like us to receive threats that often turn out to be fake, but at 8:13am we were hit by a very large distributed denial of service (DDoS) attack that initially took our website down and subsequently also impacted our mobile users.

These attacks come from thousands of computers around the world that have been infected with malware. Each computer, without the owner knowing, repeatedly sends bogus requests to our site and services.

By “very large”, I mean this thing peaked at 40Gbps (40 gigabits per second). If you are familiar with the TV show House of Cards (the modern version with Kevin Spacey), 40Gbps is like downloading the whole of series one in a single second.

This attack did not compromise anyone’s data in any way. That said, these requests can overload our servers and can even cause ISP problems, so we quickly worked with our ISP to identify the offending traffic and tried various means to block it.

By lunch time, we had received another message, which made it clear that it was a case of extortion:

Email from attacker 2

 

But we were certainly not interested in negotiating, and by 13:00 we had successfully blocked the attack and our services were all back to normal.

We’re still on high alert and working hard to respond to attacks like this more quickly in the future, but in the meantime I’m happy to report that all of you are back to doing what you do best; sending messages, going on dates, and forging meaningful relationships. Thanks for your patience today.

If you experience any site issues in the future, please tweet us @PlentyOfFish.

 




There are 5 comments

Add yours
  1. Sum Yung Gai

    Good on you for mitigating it without rewarding the extortionist. Another fairly large provider I know of has a similar policy as yours, and more should take it. It definitely involves upstream coordination and cooperation.

    That’s how it’s done.

    –SYG


Post a new comment