Denial-Of-Service Attack Snags Meetup.com For Days
NEW YORK (CBSNewYork) — Meetup.com was back online Monday, after a series of massive denial-of-service attacks that lasted off and on for four days.
In a post on the blog for the social networking portal for common-interest group meetings, co-founder and chief executive officer Scott Heiferman said the denial-of-service attack began Thursday. The attack directed a massive amount of traffic to the site, and shut down the site for periods of several hours through Monday.
It all began on Thursday morning, when Heiferman said he received an e-mail with the subject “DDosS attack, warning,” and apparently attempting to extort the site.
“A competitor asked me to perform a DDoS attack on your website,” the e-mail said. “I can stop the attack for $300 USD. Let me know if you are interested in my offer.”
Meetup spends millions of dollars every year to maintain the security and stability of the website and app, Heiferman said in the blog entry. But while the company is able to prevent most attacks, he said, “the nature of these attacks is changing.”
Right away, the attack began and the site’s servers went down due to the overwhelming traffic. The site remained unavailable for almost 24 hours straight until service was finally restored at 9:30 a.m. Friday. But it took several hours for the changes the company implemented to defend against the attack to take effect, and many users did not see the site return before the second attack came at 4 p.m. Saturday, Heiferman said in the entry.
The second attack was resolved by midnight that night, but another strong attack began at 8:09 p.m. Sunday.
By late Sunday, the site had restored operations once again, but as late as Monday afternoon, the Meetup tweeted that it was still under a denial-of-service attack.
The site was active and running normally as of Monday night. As of Monday evening, Meetup tweeted that e-mail functionality still needed to be restored, and there will be a large backlog.
“While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead,” Heiferman said in the entry.
Heiferman emphasized that even though the amount of money the presumed attackers demanded in the e-mail was “ridiculously small” at $300, the company chose not to pay.
He said the company will not negotiate with criminals, and paying could have made the company vulnerable to further extortion demands.
Further, the dollar amount suggested the work of amateurs, but the attack was broad and sophisticated, he said.
“We believe this lowball amount is a trick to see if we are the kind of target who would pay,” Heiferman said in the blog. “We believe if we pay, the criminals would simply demand much more.”
During the period of the denial-of-service attack, more than 60,000 group meetings organized through the site went on as scheduled, Heiferman said.
“There were over 60,000 Meetups during the outage period — people meeting up about what’s important in their lives — and saw an incredible outpouring of support,” he wrote.
Meetup said on Twitter that authorities have been alerted about the attack.
You May Also Be Interested In These Stories