Recent Pressable Outages the Result of a Slow Loris Attack

photo credit: BBC Nature
photo credit: BBC Nature

Last week, Pressable was engaged in a 24/7 struggle to keep its customers’ sites operational. The recent outages caused some customers 24+ hours of downtime and many closed their accounts in favor of finding an alternative host. Today the company announced that the root cause of the outage customers experienced the week of January 19, 2015, was an intentional attack on Pressable’s systems.

A post on the company’s blog further breaks down the attack: “Ultimately, the reason for this outage was a well crafted attack on our systems. The attack was a variant of the “Slow-Loris” attack discovered in 2009.”

The attack went undetected because of the insidious manner in which it was executed. Pressable has been working with security professionals to get the attack under control and announced all systems operational on Monday.

A week ago, after hearing about Pressable’s continued struggle with downtime, I asked CEO Vid Luther if the company was being intentionally sabotaged. At the time, he didn’t think that an attack was a real possibility:

I do not believe that anyone who has an agenda against Pressable is behind these issues. I’m not aware of anyone who has an agenda against Pressable, besides the general competition in the WordPress hosting space, and currently, some of them are acting like vultures. But, I don’t think those guys have the ability to orchestrate something like this. So, unfortunately, no conspiracy theory from our side.

While working to mitigate customer downtime, the Pressable team discovered the coordinated attack on their systems. The attacker’s sophisticated method of sabotaging Pressable went undetected, because it was made to appear that the host’s infrastructure was being overloaded.

The knowledge of the attack came after multiple apologies from Luther, who originally identified Pressable’s lagging infrastructure as the cause. Luther told the Tavern that he has an idea of who the attackers are but will be digging into it further before calling out any parties publicly.


8 responses to “Recent Pressable Outages the Result of a Slow Loris Attack”

  1. Just spitballin’ here, but since nginx tends to handle things better and isn’t generally vulnerable like apache is to slowloris, does that mean Pressable was still running apache based web servers?

  2. Everyone has problems. Vid sent us an email offering to help a few years ago when we went through a rough patch, we have done the same. Had we took him up on his offer I have no doubt he would have jumped right in to help us back then.

    He is not joking about the vultures. I wrote this when GD took out half the interwebs:

    It’s sad that my industry is so shitty. It’s no secret I am not a fan of WPE, the reason is exactly in this ‘vulture’ context. When we had a bad day several years ago, like 2010, they hovered like buzzards @’ing every customer of ours who went to Twitter to vent or reach us. It shows such a lack of character.

    I’m all for competition and call me old fashioned but ambulance chasing is the worst way to try to win.

    Glad to see you made it out the other side Vid. Let’s get go get em.

  3. I am glad that they got everything fixed up. The next challenge will be damage recovery, and I hope they have a plan for it.

    • Jeffrey,
      We’ve listened to and had conversations with lots of people about the best way to recover from this, being more transparent and open like this, is one of the methods, improving the infrastructure and demonstrating the improvements of the new infrastructure is second. Everything else is something we should do, but the bottom line is that we’re still 5 people. If we were larger, we may have been able to find the root cause with a fresher pair of eyes, very quickly.

      We are talking internally, with new and existing investors, and our board, to see what’s the best way to this.

      • Vid,
        Have you thought about issuing a small amount of credits to those who were affected by the outage but chose to stay with your company?


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: