Not much progress this week, because we suffered from a DDOS (distributed denial-of-service). It’s a website problem caused by a botnet: many thousands of user machines that downloaded something malicious (probably years ago). Now they connect to the Internet and do whatever a bad actor tells them to do.
For unknown reasons, someone decided to take us down. 30,000 different desktops and phones kept sending complex database requests to the shopping cart at SmartKnives.com. The server that runs both of our sites could not keep up with the load. Everything became painfully slow, or stopped working entirely. The worst part was total loss of email for a week.
CloudFlare has an easy way to block DDOS attacks, but it didn’t work. This attack used direct database requests, rather than regular page views, so they got past the safety checks. I guess it’s a vulnerability in the Prestashop cart system that we use. Prestashop has many other flaws, and we’d love to replace it some day with something more sturdy. If and when that exists.
Because the attack continued, diagnosing and fixing the problem took forever. Each step required a five minute wait. Sometimes it would time out, and needed to start from the beginning. We finally had to shut the cart down for a few days while we looked for a solution.
The answer was a WAF (website application firewall). It examines incoming requests, and routs the bad ones to an error page. The text-matching is not perfect, but it catches about 95% and that’s good enough for now.
This is only the third time we’ve had serious website troubles. The first happened about 20 years ago, when Turkish hackers found their way into the local ISP hosting TurtleSoft. They replaced our home page with their banner, but otherwise did no harm. The second was when a different hacker totally wiped all files at the same local ISP. We were almost done with the transfer to a different hosting company, so that wasn’t too bad either.
Back in the Aughties I spent a lot of time looking at raw website traffic. Part of it was SEO (search engine optimization): tracking what users typed in to find us. Part of it was because we spent a couple thousand monthly on pay-per-click advertising, and wanted to see whether it actually worked. Nope. Almost all the traffic was from old machines in 3rd world countries, click-farming for a living.
It appears we will need to be more vigilant, and watch raw traffic more closely from here on out. Whomever doesn’t like us (or Prestashop) may find other ways to be a nuisance.
Dennis Kolva
Programming Director
TurtleSoft.com
