The last few days have been quite interesting to say the least! Dezrez faced a sustained attack on our servers from the outside world! We have been operating on the net since our inception and have faced similar much smaller attacks in the past. This week however the threat was more severe and took a great deal of resource and expertise to avert. I am happy to report we did this successfully. I thought our customers were owed an explanation of what happened.
So what happened…? To spare you the technical jargon I will give you a simple analogy. When you ask Dezrez to do something (pull up an applicant card, create a brochure etc) you ask our servers to do something. It’s akin to somebody walking up to your front door asking to be let in. You open the door on the security chain, check you know them and then let them into the house (database). If two people come to the door you can deal with it in the same way, even if a busload of people arrived at your front door you would still be able to cope by filtering your friends from the strangers. This is a simple analogy to put into context what our servers do very quickly all day.
If someone were to empty the entire rowdy crowd from Wembley stadium 99.99% of whom were strangers, you wouldn’t be able to cope at the door. Even if you had 10 front doors and a further 5 backdoors you wouldn’t cope. The only option would be to close all the doors, lock them and make sure the contents of your house were safe. Unfortunately your friends are waiting at the back of the queue and can’t get in! That’s in essence what happened to us. Our servers were bombarded with many millions of requests for information every second. Our absolute priority was to ensure that all data was safeguarded, this meant letting no-one in. We had to sort out the friends from the strangers and only then could we open the door to you.
So what was the outcome? Well we are glad to report that no data was lost and none of the attacks were successful. Whilst the outage was a real inconvenience for our customers it was a real test of our resilience under a serious attack. One we passed. This kind of attack is something all internet companies are open to.
We are satisfied that we have put measures in place to combat further attacks, but we are keeping a very close eye on things. These events are sophisticated and often change and morph. I would like to apologize to our customers that were inconvenienced and would be happy to give you a more technical or thorough explanation should you require. In addition I would like to thank you for your patience during these events and thank you for your on-going custom.
Kind regards
Wilf Lewis
If all customers went over to fixed ips could it help? I guess that way you could have a list of the genuine ips and block all others.
Paul, it would be a great idea and would solve the problem, but I dont think its practical. People use Dezrez on laptops at various locations and with the new MyDezrez version being accessible on your Iphone its impossible to have every user on a fixed IP. (It also wouldn’t help with our feeds to our customers Websites!)
A great explanation, and well done in your responce to the attacks.