The wyDay blog is where you find all the latest news and tips about our existing products and new products to come.
The past 24 hours have been pretty eventful. We've undergone 2 pretty nasty DDoS attacks (and another half-hearted DDoS attack) on our servers. And as a result we had about 2 hours of downtime.
And for this I'm truly sorry.
The good news is we're back up and running now. If you're having trouble accessing your LimeLM accounts (or even just accessing wyDay.com in general) then make sure you do the following:
Make sure your network is not caching old DNS entries. Our IP addresses have been swapped out and we're now behind CloudFlare. If you try to access wyday.com using an old IP address nothing will happen.
Make sure you're not hard-coding IP addresses to a whitelist. Never do this. Always use the DNS servers. Our IP addresses have changed in the past, they'll change again in the future. I guarantee it.
A DDoS is an acronym for "distributed denial of service". Or, in plain English, it means someone with a grudge wanted to throw a whole bunch of traffic at our servers so that no one else could access our servers.
A DDoS is not a hack. No data was accessed; our servers remain secure.
The long and short of it is that DDoS attacks are a blunt, ultimately harmless, weapon used by small-minded people.
The 2 big things we've done is:
Swap out our old IP addresses.
Put our servers behind CloudFlare.
This means that the brunt of future attacks will be handled by CloudFlare. Meaning more uptime for us (and less angry customers calling you).
In addition to everything we've done to successfully stop this DDoS attack, we're also going to further improve our backend so that there is never any 1 "point of failure". Before these latest attacks there was 1 "point-of-failure" in that all traffic was being routed through a single IP address.
So, even though we have several servers spread across the United States doing the hard work of processing activations, verified trials, API requests, and everything else that LimeLM does, all traffic had a common "entry point" in our systems. This was a mistake and didn't account for the cynical nature of the Internet.
In the coming weeks we're going to add several new entry-points world-wide so that if a subsequent DDoS attack effects us at all it will last minutes rather than an hour (because all we'll have to do is "flip a switch" and legitimate traffic will be routed through new entry points, while the attacked entry-point will be shutdown).
TurboActivate and TurboFloat 4.0 are almost out. We're just finishing 2 last-minute bug fixes, and then going through one last round of testing. These are significant releases that we're very proud of. I'll post a long detailed blog post when they're released.
The announcement blog post will also talk about the infrastructure improvements we've already done.
- Wyatt O'Day
Founder & CEO of wyDay
Subscribe to our blog's RSS Feed or follow Wyatt (CEO of wyDay) on Mastodon (@wyatt@hachyderm.io) to keep up-to-date with our latest posts.
Hey guys, great work on the mitigation. You know you've made it when you are the target of a DDoS. I am impressed with the turnaround. Presumably this was your first such attack and on that basis, you should be proud that you recovered so quickly.
Minor suggestion: get a status page going.
Looking forward to 4.0 (but also... getting my support requests handled :))
Yeah, it was our first DDoS of this scale. But we're good now. And improving our backend even further to prevent future simpletons for wreaking havoc.
We're thinking about that. We're still working out the best way to handle it.
Yeah, 4.0 is a pretty great release. I'm excited about it. Also, the Linux bug you reported is being fixed in 4.0.