The day-to-day existence of the Internet faces a new kind of threat. Anyone attempting to use popular services like Twitter, Reddit, Amazon, AirBnB, Github, or Spotify on October 21st has now heard the term “DDoS attack”.
A massive Distributed Denial of Service (DDoS) attack (NYT story) from an unknown source targeted just one major DNS provider. However, it took all of these major services on the top-level .com domain out of service, starting with the east coast United States in the morning, and eventually blacking out much of the country by that afternoon.
After a quick look at what a DDoS attack is, we’ll demonstrate why this particular attack should act as fair warning that large providers like WordPress.com are just as vulnerable.
What is a Distributed Denial of Service (DDoS) Attack?
DDoS attacks are a brute-force method of taking down Internet content. In essence, they enlist an army of infected Internet-enabled devices of all shapes and sizes — known as a botnet — to access one service so many times that it buckles under the load.
This type of offensive complicates law enforcement investigations and mitigation of the attacks, because the sources appear to be everything from home computers to company mail servers, all across the U.S. or around the world.
Top Level Providers: The New Target
It’s a style of attack almost as old as the Internet itself, but while the method remains the same, the tactics are changing. Previous notable DDoS takedowns of years past like the Sony Playstation Network hacks targeted just one or a few specific services.
The October 21st attack represents a different tactic. The actors responsible targeted DNS provider Dyn‘s United States servers, with a wave of attacks spreading from east to west as the day dragged on. As one of the major DNS providers, top-level domains for countless services went offline at once.
The affected services themselves were largely ready and willing to accept connections. However, without functioning DNS, potential users’ Internet browsers could not locate the intended web sites.
Stay Out of the Line of Fire
Whether the attacks originated from a private hacker group, a business interest, or state actors, the result was a level of disruption so high that many targets likely completely unfamiliar to the perpetrators were offline for a full working day.
These kinds of attacks will only increase, as the power and scalability of botnets increases in light of thousands of new always-online consumer products that lack the security features of PC and smartphone operating systems.
While WordPress.com was not connected to the October 21st incident, previous attacks have taken it down in the past. There was a multi-day outage in 2011. In that event, a particular website was the target. But it created havoc for millions of unrelated, fellow WordPress.com hosted bloggers and businesses.
Important: There are Two Kinds of WordPress
Let us be honest – your e-commerce store or company blog are probably not on the radar of international hack groups. If you happen to be collateral damage by affiliation with a wide-reaching Internet provider like Dyn or WordPress.com, nasty aggressors are more than willing to sleep with that knowledge.
Smart businesses are self-hosting their WordPress websites by moving to independent web hosts with fewer customers. This setup carries less risk of attack, meaning more uptime for your web presence. Many site owners are surprised to hear that they can move away from WordPress.com and still have the same exact features and design. An open-source version of WordPress (known to industry folks as WordPress.org) allows for an even more robust user experience and a wider array of admin management tools.
Choose a web hosting provider who has experience transitioning websites from WordPress.com to their self-hosted environment. Be sure to ask them to first audit your website or blog and identify any changes that may apply to your particular situation. Being separated from the millions of other WordPress.com customers will mean malicious minds face a significantly smaller payoff for their action.
WordPress Self-Hosting: Now You Know a Guy
FYNE‘s sister company, JEAH, has been hosting, developing and designing websites for approaching 20 years, and they would be happy to discuss how self-hosting your WordPress website or blog could be in your best interest.