1878 films and counting...

DDoS Attack - Blog


It seems our Security Report interested somebody, because early this morning alarms began going off.

2019-11-21 00:12AM - Several thousand simultaneous attempts to login to the server.

2019-11-21 00:13AM - The server sent a phone call, waking up staff.

2019-11-21 00:21AM - The server cut off external contact (apart from the website) in self-defense. This happens after 1 million failed attempts within 10 minutes.

2019-11-21 00:30AM - Remote access to the server is restored.

Looking at the list of attackers we found that they were mostly compromised servers. This isn't unusual - why pay to swarm a target when you can just make use of someone else's server?

All of these attacks targetted either the root user or a user that doesn't exist on our server. The root user is not accessible to remote login on the server, making this attack large-scale but completely ineffective.

All attacking IP addresses were automatically banned.

There was no downtime for the site associated with this attack.

Continue reading...