Freewaregenius shut down by a possible Denial of Service (DoS) attack

33
37

If you recently tried but was unable to log into this site, it may have been due to a Denial of Service attack that occurred on Monday the 21st and spilled into the day after. As I write this on Tuesday the 22nd, it is still not clear that the issue has been completely resolved.

As I grow older I am coming to the conclusion that most of what happens in life and the roles we play boil down more or less to sheer dumb luck. We want to take credit for success, and fit bad things into some sort of pattern, real or imagined. And although have been busily trying to fit this DoS attack into some sort of logic (making up best guesses as to possible reasons), I still cannot fathom why anyone would do such a thing to my site: small site put together by 4 normal guys and struggling every single day for it’s life and it’s financial viability.

DoS is when a site is flooded and brought offline by millions of simultaneous, fake requests to view it. Most of what I learned about DoS attacks came from a great documentary called ‘We are Legion’, which shows how ‘normal’ individuals set about leveling the playfield against large institutions or corporations with deep pockets, using simple tools: social networks for organizing collective action, freely-downloadable programs that can initiate DoS attacks, and simply showing up in numbers bearing placards and wearing masks. It portrayed a brave new world where the ever-more-pervasive might of corporations and money can be challenged by tech savvy citizens, and where the excesses of banks, financial institutions and the like can be retaliated against by normal people. What they did was sometimes illegal (at least when it involved DoS attacks or hacking into private networks), but there was always the Robin Hood style suggestion that it was fundamentally a moral thing, and a good thing.

Which is why I never expected a DoS attack on my site in a million years. I had previously written about how my site was hit twice by Google’s Panda update in 2012, which had the effect of erasing the work we had put into the site over two years and reducing the site’s readership to the levels that it had two years ago. My argument was essentially that the secrecy and opaqueness of Google, designed to punish spammy and low quality sites, was hurting legitimate sites but especially smaller sites who could not hire specialized SEO staff to make sense of the unpredictability, and who, unlike larger sites, could not survive the short or medium term loss of revenue. To my mind it was an example of the excesses of a gigantic corporation who thought it knew better and did not have to answer to anyone, wreaking havoc on small publishers, without any dialogue involved (much less any accountability). But being small-fry may have had the advantage, I thought, of at least being nimble and under the radar, and the satisfaction of some sort of moral high ground, for whatever that’s worth.

I naturally wonder as to who might have the time and energy and inclination to attack my site. I am generally a very lucky guy, and have been fortunate and blessed throughout my life. My site was hacked into a few years ago and malware installed within it, but that was fairly easy to solve within 24 hours (even as I never quite figured out how they got in in the first place), and it didn’t cost money to fix. Protecting against DoS, insofar as it is possible to do so, looks like it might involve signing up with services such as DOSarrest or Cloudflare’s paid plans than could cost a couple of hundred dollars per month, and that would be a huge burden that I do not want to shoulder. When I was a college student in Boston years ago or so I was mugged twice within the span of a year, but I can truly say that these events were not as stressful as a site shutdown which happens for no apparent reason by random, anonymous people that you do not know or see. At least you know why the muggers do what they do.

It is difficult to imagine who these people are that are responsible. Questions and images abound: is it some 20-something living in their mother’s basement who cannot get laid and has nothing better to do to amuse himself?  Could it be some sort of comment spam campaign on steroids, triggering millions of hits and overburdening the site’s comment spam fighting resources? And then I wonder if we are in fact guilty of something: could it be someone who used a software recommended here that for whatever reason messed up their computer? Could it even be as easy as one individual doing this, or does it have to be many many of them in concert?

In conclusion, I would like to give thanks to the tech support guys at WPEngine, where the site is hosted, for helping get the site back up. It was they who informed me that they believe that the problem was indeed a DoS attack. I  have tried many hosting services but WPEngine is the most interesting and truly the one I would recommend (for many reasons not specifically tech support). I am also thankful to Cloudflare, whose free DNS routing service made it possible for this site to get back online.

As I write this the site is still not 100% and you may not be able to access it reliably. Fingers crossed that this issue will be over soon.