In recent days, you may have noticed certain problems with the functioning of the Internet. Pages not loading, webmasters unable to access their domains, or stores not accepting PayPal payments are some examples. The responses from technical support services are sometimes confusing or contradictory, either due to being overwhelmed or lack of knowledge. But what is happening on the Internet?
For about two weeks now, a series of massive attacks have been taking place, causing problems in the normal operation of the Internet. Naturally, we don’t have access to all the information, but some of the confirmed facts are as follows.
Attack Timeline
- March 27: The largest recorded DDoS attack in the history of the Internet occurs, with a peak volume of 300 Gbps. The attack slowed down the global functioning of the Internet by 10% and highlighted the insecurity of DNS servers. (Source: http://alt1040.com/2013/03/mayores-ataques-ddos-de-la-historia-internet)
- The same day, PayPal payments in Prestashop stores stop working due to PayPal IP bans. This issue still persists on some sites, which have been forced to suspend their activity for a period that has now extended to 10 days.
- April 11: A massive brute force attack occurs to access WordPress-based sites, with the intention of inserting malicious code. (Source: http://ayudawordpress.com/ataque-masivo-de-fuerza-bruta-para-acceder-a-sitios-wordpress/)
- The same day, several hosting providers interrupt service for several hours, causing downtime for hosted pages and even preventing users from accessing the control panel.
The Rumors
On the other hand, rumors of other attacks have emerged. The most notable one occurred on April 12, where it was claimed that the Bitcoin exchange site, Mt-Gox, suffered an attack that caused its value to plummet. (Source: http://www.genbeta.com/seguridad/mt-gox-sufre-un-ataque-ddos-peor-de-lo-normal-y-el-valor-del-bitcoin-se-hunde)
However, Mt-Gox denied the attack and attributed its crash to speculative market behavior. (Source: http://www.eleconomista.es/mercados-cotizaciones/noticias/4740151/04/13/Que-explica-el-crash-del-Bitcoin-El-sitio-de-intercambio-MtGox-victima-de-su-propio-exito.html)
Conclusion
We cannot be sure if these attacks are related, or if there are any we have not been informed about. Hosting technical support services are not very helpful, giving vague answers that worry their customers. We also cannot confirm (though we can suspect) the relationship between certain attacks and the mentioned problems. What we know is that the Internet is in a period of high attack activity, creating an insecure situation for users.
WordPress-based blogs of clients and friends have received over 400 access attempts in the last 4 days, a figure considerably higher than usual. In the last 24 hours, my own home server has received 11 unauthorized SSH access attempts (even though it is a node for experimentation, with no relevant information or any interest).
My advice is that in the coming days, you should tighten security measures on your servers and websites. In particular,
- Ensure you have updated the relevant security measures on your systems.
- Frequently monitor their proper functioning and access logs.
- Ensure you have an updated backup of all your clients.
- If you observe abnormal traffic on a server, if necessary, temporarily interrupt the service.
What do you think about these attacks? Do you know of any other attacks that have occurred recently? Have you suffered any on your system or on your clients’ systems? If you want to share your experience, you are invited to leave your comment.
