In recent days you may have noticed certain problems with the functioning of the Internet. Pages that don’t load, Webmasters who can’t access their domains, or stores that don’t accept payments with PayPal, are some examples. The responses offered by technical services are sometimes confusing or contradictory, either because they are overwhelmed or due to lack of knowledge. But what’s happening on the Internet?
For the past two weeks, a series of massive attacks have been occurring, which are causing problems in the normal functioning of the Internet. Obviously, we don’t have access to all the information, but some of the confirmed facts are as follows:
- March 27: The largest DDoS attack ever recorded in the history of the Internet occurred with a peak volume of 300Gbps. The attack slowed down the global functioning of the Internet by 10%, and highlighted the insecurity of DNS servers.
- On the same day, PayPal payment in Prestashop stores stopped working, due to PayPal IP bans. This incident still persists on some pages, which have been forced to suspend their activity for a period that has now lasted 10 days.
- April 11: A massive brute-force attack occurred to access WordPress-based sites, with the intention of inserting malicious code.
- On the same day, several hosting providers interrupted the service for several hours, registering crashes on hosted pages and even preventing users from accessing the control panel.
On the other hand, rumors of other attacks have occurred. The most notable occurred on April 12, where it is claimed that the Bitcoin exchange site, Mt-Gox, has suffered an attack that caused its value to plummet.
However, Mt-Gox denied the attack and attributed its downfall to speculative market activity.
We cannot be sure if these attacks are related, or if there is one that has not been reported to us. Hosting technical support services are of little help, giving their customers reassurances. We also cannot guarantee (although we can guess) what the relationship is between certain attacks and the problems mentioned. What we do know is that the Internet is in a period of heightened attack activity that creates an insecure situation for users.
Blogs based on WordPress from clients and friends have received more than 400 access attempts in the last 4 days, a significantly higher value than usual. In the last 24 hours, my own home server has received 11 unauthorized access attempts via SSH (even though it is a node for experimentation, with no relevant information or interest).
My advice is that over the next few days, you should increase security measures on your servers and websites. In particular,
- Make sure you have the relevant security measures updated on your systems.
- Monitor their proper functioning and access frequently.
- Make sure you have an updated backup of all your clients.
- If you notice abnormal traffic on a server, if necessary, temporarily interrupt the service.
What do you think of these attacks? Do you know of any other attacks that have occurred recently? Have you experienced any on your system or that of your clients? If you want to share your experience, feel free to leave us your comment.