Last week, Pressable was engaged in a 24/7 struggle to keep its customers’ sites operational. The recent outages caused some customers 24+ hours of downtime and many closed their accounts in favor of finding an alternative host. Today the company announced that the root cause of the outage customers experienced the week of January 19, 2015, was an intentional attack on Pressable’s systems.
A post on the company’s blog further breaks down the attack: “Ultimately, the reason for this outage was a well crafted attack on our systems. The attack was a variant of the “Slow-Loris” attack discovered in 2009.”
The attack went undetected because of the insidious manner in which it was executed. Pressable has been working with security professionals to get the attack under control and announced all systems operational on Monday.
A week ago, after hearing about Pressable’s continued struggle with downtime, I asked CEO Vid Luther if the company was being intentionally sabotaged. At the time, he didn’t think that an attack was a real possibility:
I do not believe that anyone who has an agenda against Pressable is behind these issues. I’m not aware of anyone who has an agenda against Pressable, besides the general competition in the WordPress hosting space, and currently, some of them are acting like vultures. But, I don’t think those guys have the ability to orchestrate something like this. So, unfortunately, no conspiracy theory from our side.
While working to mitigate customer downtime, the Pressable team discovered the coordinated attack on their systems. The attacker’s sophisticated method of sabotaging Pressable went undetected, because it was made to appear that the host’s infrastructure was being overloaded.
The knowledge of the attack came after multiple apologies from Luther, who originally identified Pressable’s lagging infrastructure as the cause. Luther told the Tavern that he has an idea of who the attackers are but will be digging into it further before calling out any parties publicly.
Just spitballin’ here, but since nginx tends to handle things better and isn’t generally vulnerable like apache is to slowloris, does that mean Pressable was still running apache based web servers?