At the start of the weekend – a particularly busy time for all online retail businesses – some hackers decided to use ‘vulnerable’ items like CCTV cameras, Door Bells and even Baby Monitors to attack DYN a major DNS re routing service used by the big boys.
So, why do these big boys use such a service. To put it simply, they need to have fast connections wherever the user accesses their services. DYN provide a service that routes the user at ultra speed to the nearest server – hence a twitter user in the far reaches of outer Monglia (you know what I mean) gets to reach twitter at the same speed as a user in New York City. The problem is, the hackers know that the big boys use such a service and if they want to take down a ‘major’ player, all they have to do is take down their service provider – annoying right?
In our case, some services that were hit were our own servers (from a speed perspective) as we are on an Amazon server. Thankfully, our server techs swapped out the main server location and we were back up to normal speed within an hour of the attack on DYN happening. We also noticed that PayPal was not connecting so basically turned off that facility until we were comfortable it was stable – Coincidentally, we had decided a few months ago to offer Stripe as a payment alternative – and most transactions went through that facility during the PayPal outage.
In reality, Stripe now accounts for 1/3 of all our transactions so it was a good decision to offer an alternative in any event.
Some internet service providers were down and we know a number of sites were down too and, if you are an online business even the loss of one days revenue can cause cash flow and other issues. Extra calls in to say your site is not working or that PayPal is not completing or connecting and a whole lot of of other issues that can effect your business – AND it always seems to be on a weekend, right when support is thin on the ground.
So, what do we take away from this?
Have a good idea of where your DNS is being routed from and through, then you can make a decision based on vulnerability to similar service provider attacks
Its a good idea to look at alternative routing options like Cloudflare and similar services
Be ready with an alternative payment option be it Stripe, WorldPay or similar
Boost your security options on your site – we have pretty heavy security and yes it can effect some users access but would we rather be hacked?- No, so we deal with issues of connectivity on an individual basis and make sure we are as secure as is possible in these internet days.
And finally, take a back up regularly as you never know when its going to happen to you.
Feel free to leave comments and connect with us either on the Divi Theme Users Facebook Group or on our own Facebook and Twitter Channels
The point we made to clients in our follow up to the outage was that no credentials were compromised and no client data was stolen. Many of our clients simply heard the term “hacked” used, and assumed the worst. It was important to explain to them how the outage happened, which was also part of the email we sent.