As our popularity begins to grow more and more, 2Performant gets a lot of attention and that is a very good thing, most of the time. Other times, that attention is distinctly less good, as when we get targeted for distributed denial of service (DDoS) attacks.
In a DDoS attack, a large number of compromised computers (collectively called a botnet) repeatedly sends many simultaneous web requests to a website, which overwhelms the site’s ability to process regular traffic.
During the night 25-26 Aug 2022 a DDoS attack was launched on one of our public API endpoints. The attack continued on 26 Aug 2022 evening. An attacker leveraged a very large botnet to trigger a very expensive query. Some back end servers hit 100% CPU utilization during this attack. What made this extra challenging is that the attack was distributed over a huge pool of IP addresses.
The first wave of the attack began on the 25th of Aug around 9:30PM and lasted until 03:30AM. During this time, our API servers received over 1 million requests from a botnet of tens of thousands of IPs from around the world. This caused unusual high response time of our services. The botnet included IPs generated from China, Thailand and US.
From the moment we were notified by our monitoring systems that we are being attacked, we took several actions to mitigate and contain the attack.
To a regular 2Performant user, it appeared like the platform was unresponsive or in the best case really, really slow. Though such an attack was annoying and potentially costly to everyone in our community including ourselves, it’s important to note that in no way was any 2Performant user data compromised. Also, all attribution systems have continued to work without failure, though slower, during the entire length of the attack.
We recognize that 2Performant is an essential tool for our users and we invest a lot of effort in making sure it is available 24/7. We’re taking several steps to reduce downtimes and improve resiliency to DDoS attacks in the future.
We’re continuing to learn more about these events, and will continue to update this post with additional details that may be of interest.