The past 24 hours have been pretty eventful. We’ve undergone 2 pretty nasty DDoS attacks (and another half-hearted DDoS attack) on our servers. And as a result we had about 2 hours of downtime.
And for this I’m truly sorry.
The good news is we’re back up and running now. If you’re having trouble accessing your LimeLM accounts (or even just accessing wyDay.com in general) then make sure you do the following:
Make sure your network is not caching old DNS entries. Our IP addresses have been swapped out and we’re now behind CloudFlare. If you try to access wyday.com using an old IP address nothing will happen.
Make sure you’re not hard-coding IP addresses to a whitelist. Never do this. Always use the DNS servers. Our IP addresses have changed in the past, they’ll change again in the future. I guarantee it.
Quick FAQ for people who don’t know what a DDoS is
A DDoS is an acronym for “distributed denial of service”. Or, in plain English, it means someone with a grudge wanted to throw a whole bunch of traffic at our servers so that no one else could access our servers.
A DDoS is not a hack. No data was accessed; our servers remain secure.
The long and short of it is that DDoS attacks are a blunt, ultimately harmless, weapon used by small-minded people.
What we’ve done
The 2 big things we’ve done is:
Swap out our old IP addresses.
Put our servers behind CloudFlare.
This means that the brunt of future attacks will be handled by CloudFlare. Meaning more uptime for us (and less angry customers calling you).
In addition to everything we’ve done to successfully stop this DDoS attack, we’re also going to further improve our backend so that there is never any 1 “point of failure”. Before these latest attacks there was 1 “point-of-failure” in that all traffic was being routed through a single IP address.
So, even though we have several servers spread across the United States doing the hard work of processing activations, verified trials, API requests, and everything else that LimeLM does, all traffic had a common “entry point” in our systems. This was a mistake and didn’t account for the cynical nature of the Internet.
In the coming weeks we’re going to add several new entry-points world-wide so that if a subsequent DDoS attack effects us at all it will last minutes rather than an hour (because all we’ll have to do is “flip a switch” and legitimate traffic will be routed through new entry points, while the attacked entry-point will be shutdown).
What else is coming
TurboActivate and TurboFloat 4.0 are almost out. We’re just finishing 2 last-minute bug fixes, and then going through one last round of testing. These are significant releases that we’re very proud of. I’ll post a long detailed blog post when they’re released.
The announcement blog post will also talk about the infrastructure improvements we’ve already done.
– Wyatt O’Day
Founder & CEO of wyDay
Subscribe to Wyatt Says...
Subscribe to the 'Wyatt Says...' RSS Feed and keep up to date on on my articles on updaters, usability, open source C# components, and software licensing.