Freewaregenius shut down by a possible Denial of Service (DoS) attack

If you recently tried but was unable to log into this site, it may have been due to a Denial of Service attack that occurred on Monday the 21st and spilled into the day after. As I write this on Tuesday the 22nd, it is still not clear that the issue has been completely resolved.

As I grow older I am coming to the conclusion that most of what happens in life and the roles we play boil down more or less to sheer dumb luck. We want to take credit for success, and fit bad things into some sort of pattern, real or imagined. And although have been busily trying to fit this DoS attack into some sort of logic (making up best guesses as to possible reasons), I still cannot fathom why anyone would do such a thing to my site: small site put together by 4 normal guys and struggling every single day for it’s life and it’s financial viability.

DoS is when a site is flooded and brought offline by millions of simultaneous, fake requests to view it. Most of what I learned about DoS attacks came from a great documentary called ‘We are Legion’, which shows how ‘normal’ individuals set about leveling the playfield against large institutions or corporations with deep pockets, using simple tools: social networks for organizing collective action, freely-downloadable programs that can initiate DoS attacks, and simply showing up in numbers bearing placards and wearing masks. It portrayed a brave new world where the ever-more-pervasive might of corporations and money can be challenged by tech savvy citizens, and where the excesses of banks, financial institutions and the like can be retaliated against by normal people. What they did was sometimes illegal (at least when it involved DoS attacks or hacking into private networks), but there was always the Robin Hood style suggestion that it was fundamentally a moral thing, and a good thing.

Which is why I never expected a DoS attack on my site in a million years. I had previously written about how my site was hit twice by Google’s Panda update in 2012, which had the effect of erasing the work we had put into the site over two years and reducing the site’s readership to the levels that it had two years ago. My argument was essentially that the secrecy and opaqueness of Google, designed to punish spammy and low quality sites, was hurting legitimate sites but especially smaller sites who could not hire specialized SEO staff to make sense of the unpredictability, and who, unlike larger sites, could not survive the short or medium term loss of revenue. To my mind it was an example of the excesses of a gigantic corporation who thought it knew better and did not have to answer to anyone, wreaking havoc on small publishers, without any dialogue involved (much less any accountability). But being small-fry may have had the advantage, I thought, of at least being nimble and under the radar, and the satisfaction of some sort of moral high ground, for whatever that’s worth.

I naturally wonder as to who might have the time and energy and inclination to attack my site. I am generally a very lucky guy, and have been fortunate and blessed throughout my life. My site was hacked into a few years ago and malware installed within it, but that was fairly easy to solve within 24 hours (even as I never quite figured out how they got in in the first place), and it didn’t cost money to fix. Protecting against DoS, insofar as it is possible to do so, looks like it might involve signing up with services such as DOSarrest or Cloudflare’s paid plans than could cost a couple of hundred dollars per month, and that would be a huge burden that I do not want to shoulder. When I was a college student in Boston years ago or so I was mugged twice within the span of a year, but I can truly say that these events were not as stressful as a site shutdown which happens for no apparent reason by random, anonymous people that you do not know or see. At least you know why the muggers do what they do.

It is difficult to imagine who these people are that are responsible. Questions and images abound: is it some 20-something living in their mother’s basement who cannot get laid and has nothing better to do to amuse himself?  Could it be some sort of comment spam campaign on steroids, triggering millions of hits and overburdening the site’s comment spam fighting resources? And then I wonder if we are in fact guilty of something: could it be someone who used a software recommended here that for whatever reason messed up their computer? Could it even be as easy as one individual doing this, or does it have to be many many of them in concert?

In conclusion, I would like to give thanks to the tech support guys at WPEngine, where the site is hosted, for helping get the site back up. It was they who informed me that they believe that the problem was indeed a DoS attack. I  have tried many hosting services but WPEngine is the most interesting and truly the one I would recommend (for many reasons not specifically tech support). I am also thankful to Cloudflare, whose free DNS routing service made it possible for this site to get back online.

As I write this the site is still not 100% and you may not be able to access it reliably. Fingers crossed that this issue will be over soon.


 
 
 
‘Freakonomics Experiments’ wants to help you with those big, life-changing decisions
Free Windows 8 Ebook Giveaway
Jan 22, 2013
Samer Kurdi
33
flattr this!
  • ade

    Good luck, hope everything is back to normal soon..

  • rob

    if it were revenge for recommending software that messed up someone’s computer i doubt that such a person would have the ability to launch an attack as complicated as this. as i get older i never exclude the possibility/probability that some stuff happens because there are some truly evil people out there that take joy in screwing normal, good people for the reason that they can find nothing about them that is worth hating or even disliking, as if that is the criteria for causing harm. call me cynical but when it comes to the human condition, there are no limits to the good AND bad we can do. hope everything gets resolved quickly.

  • Ulf

    Sorry to hear about your problems. I really hope you don’t give up. At present your “donate” button does not work.

  • Dave Baxter

    Love your site. Thanks for all the hard work you put into it.

  • http://mahalasoft.co.za Mpumelelo Msimanga

    As I grow older too I realise it is not worth stressing over silly individuals who have nothing better to do. Sorry about the pain and inconvenience caused to you, hope to see the site back in full flight! Good luck and ignore the idiots.

  • http://roadha.us haliphax

    I would think that your site is small enough (since you do not host the files you link to for freeware downloads) that you could get away with CloudFlare’s free plan… is that not the case?

    • Samer Kurdi

      @ Haliphax: I think its not how large or small my site is; rather, its the number of illegitimate requests that are out there, flooding the server.
      Anyway, Cloudflare is keeping my site open, but browsing it is a bit of a nightmare, since every other page cannot be accessed at first and has to be refreshed a dozen times,

  • Greg

    Keep up.

  • Straus

    Unless you’re on a dedicated server it’s quite possible (very likely even) that you weren’t the target of the DoS attack but just happened to be sharing resources with the actual target.

    Interesting quote from WPEngines infrastructure page: “First is a DoS appliance — hardware that detects Denial of Service attacks where hackers try to make a website unavailable by flooding it with packets from servers around the world. This appliance blocks all such attacks from reaching the back-end system (keeping it healthy), and is rated for 1.5 million packets per second of attack while still allowing normal traffic through.”

    Between that quote and other marketing claims on the WPEngine site you shouldn’t need to even consider signing up to a paid service to stop DoS attacks. They should have you covered.

    • Samer Kurdi

      Thanks for this. It made a lot of sense to me, until I ran it by the WPEngine people. This is the response I got:

      “It is not possible that another site on the server was the target for the attack. You can review the access logs provided to you via the user portal and your wp-admin dashboard, to confirm that the traffic was intended for your site. While we do have measures in place to prevent DDOS attacks from bringing down your site, this was a very large scale attack. Today, the backend hits are around 2 million, which the server appears to be managing well. Yesterday, it was over 14 million – so CloudFlare is helping considerably.”

  • Starlight Dreamwalker

    Keep on keeping on Samer. My friends and I like your site and will still be here even after things like this happen. Just to put this into context though I realise this may seem to be an enormous inconvenience for you and the other 3 people but analysing it too much will get you nothing but a headache.

    If you imagine your site is a car travelling from A to B, well you have just had a puncture. And you would repair the puncture and once back on your way, even if someone had done it deliberately by throwing tacks or nails etc on the road, you would dismiss any further thoughts about the puncture and carry on with the rest of your journey and life,

    And that is what you need to do here too! Anyway good luck and all the best to you

    Yours respectfully

    Starlight

    • Samer Kurdi

      Quite. A puncture and we move along. Thanks Starlight.

  • http://rchapanis.wordpress.com RogerC

    I hear your shock, sadness, and disappointment. It’s hard to imagine why anyone would do this, but I’m guessing that whoever did it feels pretty disconnected from life–from his thoughts, his feelings, and his relationships with others.

    For this person, who lives in a world without feeling, everything becomes a target — an enemy. And, since he can’t see your face, your site makes a perfect target. (Like an automobile driver, who cannot hear other drivers or see their faces well, he views you and your site as a nameless, faceless, enemy–subject to his rage.)

    ‘Just a thought, but what would you think of putting your picture (with a smile) at the top of your web page? ‘Might not prevent future attacks–but who knows. Anything you can do to show that your site has a person (a smiling person) behind it could help.

    Anything each of us can do to see each other as human beings and to shorten the distance between us can only help to connect us.

    Forgive me for saying so much–particularly if you didn’t want to hear it.

    ======
    Roger
    P.S. I’ve been studying and trying to practice compassionate communication for years. And, what I’ve learned and practiced has truly changed my life. (If you’re curious, check out http://www.cnvc.org.)

    • Samer Kurdi

      @ Roger: I’ve been thinking about replacing the Lincoln picture next to the ‘Like on Facebook’ with a smiling picture of me. Or perhaps I will add an ‘about me’ box in the sidebar.

      Thanks for your kind words :)

  • Toni

    What can I say that isn’t already been said. Just that your site is still the best freeware site on the net, and an almost daily visit for me. Keep making it, it’s worth it.

  • Uh huh

    So when I tried your site in Chrome, up pops this bizarre message telling me I can’t visit you because I’m infected with malware(?) The message came from YOU, not from my system and I’m NOT, btw. When I tried your site in Firefox, everything is OK.
    WTF, dude??

    • Samer Kurdi

      It’s not coming from me. I don’t have any code on my site that would provide this functionality. I’m afraid I can’t help you there.

    • http://www.paleografie.tk Cerberus

      Sounds like you may have a virus or an annoying browser add-on in Chrome. You might consider reinstalling Chrome, and/or running a virus scanner. Probably the latter first.

    • http://www.404techsupport.com/ Jason H

      CloudFlare has this functionality built in. When a site is under attack, it scans visiting machines to make sure they’re legitimate and not part of the problem. CloudFlare is far from perfect but it had some reason to believe your computer was infected and a bad visitor when browsing websites.

      Install an antivirus if you don’t have one already. Run a scan with MalwareBytes Anti-Malware and MalwareBytes Anti-Rootkit to be sure. Of course, if you share an IP address with somebody else in your house/building/complex, it could be their computer that is giving the IP a bad reputation.

  • http://www.paleografie.tk Cerberus

    That’s terrible! You have my sympathy. I’m sure the attack will end eventually. The theory mentioned above, that this is an accident, that the attack was aimed at another website with whom you happened to share a server, seems logical. You are the last site in the world anyone would ever target! For what it’s worth, the site is faster for me now than it usually is! The site is normally quite slow for me (Netherlands), but now pages load quickly. Take care!

    • Samer Kurdi

      Apparently it wasn’t another site (see my response above). I am still somewhat reluctant to believe that this attack was intended for my site, though.

      Glad it is faster for you. That’s one bit of great news!

      • http://www.paleografie.tk Cerberus

        How odd. I really wonder who could be behind it. Or could it be some kind of mistake? I can’t explain it.

        Now the site is a bit problematic: sometimes pages load fine, at other times pages don’t load at all, where the title becomes something like “cannot reach page” and I see a blank page.

        Unrelated: have you considered adding Flatter buttons to your site? Perhaps this is something for the intermediate future. With Flatter, a browsing person pays a small monthly sum (between € 1 and € 500, I think), which is to be automatically divided between websites he has visited at the end of the month. Whenever he clicks on a Flatter button on a website, that website gets part of his monthly sum. All clicks over an entire month determine which website gets how much, it’s proportional. I really like this kind of micropayment: I want to reward websites I like, even if the amount will be small for me. If many people use it, it could generate some nice revenue. I am used to clicking the Flatter button on Techdirt articles, and I would certainly click it on various FWG articles!

        • http://www.paleografie.tk Cerberus

          Oh, I misspelled: it is Flattr. I love it. Websites, take my money!! *throws money at screen*

  • Gonzo

    I wonder if it was one or more bigots who launched the attack.

  • Underseer

    This might be a dumb suggestion Samer, but have you tried the free WordFence plug-in for WordPress? It’s a firewall that’s supposed to block the ip address of any DDOS attempt and sends you an email when it detects suspicious activity .

    It may not stop a sophisticated attack, but at least it’s a first line of defence.

    Of course, if you do have WordFence already and it didn’t work, that’d be good to know too, since I have it implemented on my websites and if it doesn’t work at all I need to rethink security.

    • Samer Kurdi

      @ Underseer: I was not aware of WordFence, so thanks for pointing it out. I installed, tweaked, and ran it but it made no difference whatsoever. My site was as erratic and impossible to browse as without it, with every other page being offline.

      • Underseer

        Guess I might have a sense of false security then!

        Can I make one last suggestion? Since your issue still isn’t solved (I’m seeing pages down), have you tried posting on WordFence’s support forum? It’s on the WordPress.com site, and seems to be fairly regularly monitored. I don’t know if they’ll be able to help you, but it can’t hurt to try.

        I’ve gotten some amazing support for other WP plugins (of course some terrible support from others), so it might be worth a shot. At the very least, if the plugin doesn’t work, people should know.

        • Samer Kurdi

          @ Underseer: it is not really fair to judge the plugin based on my experience, because I was able to get the site back up by routing my DNS through Cloudflare, which provides a good deal of protection. In the WordFence settings you can choose some sort of filtering based on Cloudflare, so perhaps that does the same thing.

          But in any case, I think I am well on my way to a solution, which I will not discuss for now until the problem is resolved.

          PS. I also have had very good luck with the WordPress support forums; they’re great!

  • Wadhah

    The site is working fine for me so far (all the posts I visited load normally)
    Good luck for the future, and I hope it doesn’t continue further.

  • Tom

    oººo WinNuke ’95 NOW UNLOADED oººo

    Sorry.

  • http://www.war59312.com/ Will

    Looks like you are back up and running. :)

    Cloudfare has saved me a few times as well. It’s awesome!

  • john

    it was not a ddos attack but because your site has become popular overnight and it cant handle all of the traffic

    • Samer Kurdi

      My site in the first half of 2012 had three times the traffic it gets today. Did you read the article? My host confirmed it was a ddos attack despite my initial inability to believe that it was.