“Everybody has a plan until they get punched in the face.” — Mike Tyson

At 2pm on Monday our support guy, Lee, told me our site was down.

This worried me a little bit, since today is Cyber Monday and we’ve been planning a big promotion for a while. So far it’s been one of our best days of sales yet, and with the site being down no one can sign up for our classes.

“How long has it been down?” I asked.

“About two and a half hours.”

Fuck.

“Why?”

“DNSimple got hit with a massive DoS attack. Hundreds of sites are down including RubyGems and TravisCI.”

So our site’s down because hackers. I thought this would be a great opportunity to educate people about what’s going on and why.

Give me your next two minutes and I’ll teach you some really important things about the internet.

#1: How to attack multiple sites at once — go for the directory (DNS)

One key fact here is that sites themselves (including ours) aren’t being directly attacked. There’s actually only one site being attacked, and it’s DNSimple.com.

[Edit: Actually, it turns out that the attack was directed at one of DNSimple’s customers and the attack was so big that it took down DNSimple as well.]

DNSimple is where we keep our domains (where onemonth.com actually lives). This is called DNS (Domain Name System).

It’s not where our site is actually hosted though. Think of DNS like the contacts on your phone. People have cell phone numbers — and your contacts list tell you what phone number belongs to what person.

If someone takes away your contacts list, then you can’t call anyone because you don’t know how to reach them.

When DNSimple was taken down, it meant people couldn’t access a lot of other sites too.

#2: Hacking and volumetric attacks: overwhelming the system

So how was DNSimple taken down? It’s called a DoS attack, which stands for Denial of Service attack.

Basically, when you visit a site enough times, it gets overwhelmed and can’t handle any more visits.

Remember when Healthcare.gov went down because everyone went to it at the same time? Or have you ever had it happen that you tried to load a page at the same time as a bunch of other people (to buy tickets for a concert right when they go live, for example)and the site got really slow?

That’s basically the same thing as a DoS, but not on purpose.

Hackers usually do DoS attacks by secretly installing software on thousands of other peoples’ computers. They stay dormant until they’re activated by the attacker and then they all bombard the target website with web traffic.

Note that a DoS attack doesn’t do anything except just take a website offline (or slow it down a ton). It doesn’t get any passwords or payment information leaked.

#3: Why do these attacks happen?

So why would anyone do a DoS attack?

Mostly hackers use it to hold websites hostage. They basically tell a site, “We’re going to keep you offline until you pay us to stop.” It’s a form of digital extortion.

Because today is Cyber Monday, it’s possible they were targeting an e-commerce site that really needed the sales (more so than any other day) and unfortunately it hit us as well.

Hackers like to find the point of weakness, and DNS can sometimes be the biggest weak point.

At One Month we teach a course on web security that goes into more detail about how to protect sites and applications. Every website deals with issues of security, and even then, sites can still go down when they’re under attack, like so many sites did yesterday.

#4: Communicating with your users

One of the most important things to learn about when your site gets attacked is how to communicate it with your users.

Lots of communication is key. DNSimple has been fairly communicative through Twitter, but they’re not really saying much more than, “We are continuing to investigate all avenues for mitigating the attack.”

That can be frustrating to hear, but at least it’s something.

Fortunately they’re also working with our friends at StatusPage.io and have a status page set up at dnsimplestatus.com that tells people about what’s up. Lots of sites have one these days to let people know about stuff like this.

(Notice that it’s on a different domain so that if the main site goes down, the status page doesn’t also go down.)

This is one reason why redundancy is important — you don’t want your website to be the only way you can communicate with your customers. Having a Twitter account, email list, or some other way to update people when one system goes down is important.

In our case, we’ve gotten a lot of emails and tweets from people asking if we could keep our Cyber Monday deals open for a few extra hours because they weren’t able to sign up during the attack. In response, we’ve decided to keep our sales open the entire week so no one misses out.