Operations

Denial of Service (DoS) Attack: Continued Adventure

·2 min read

Continued from the previous post (Sept 9th, 2024): Denial of Service (DoS) Attack: A brief summary.

See the latest post for the most recent updates (Sept 13th, 2024): Denial of Service (DoS) Attack: Day 5.


Day 4: The Attack Continues

Edit @ 2024-09-12 10:30 PDT: See updates at the end of the post.

Onetimesecret.com has been under attack going into 4 days now. This graph below shows the past 24 hours of traffic. There was a break for several hours and then the attack resumed. According to the network team at our hosting company, Hetzner, the peak so far has been 4 million packets per second. This level of attack is more typically seen targeting large enterprises or major online services. So we definitely feel honored in that regard.

Hetzner Dashboard - The Past 24 Hours - Sept 10, 2024

Cat & Mouse Game

As often happens in online security, the perps change up their tactics and patterns. We've been adjusting our defenses accordingly. The changes happen pretty quickly after we react so it's been a bit of a cat and mouse game. We took down the banner notice at the top of the website yesterday after the attack had subsided for a while. But we had to put it back up this morning.

What's Next

We're still monitoring the situation and making adjustments as needed. We're also working on a more detailed post-mortem to share with you all. We'll be sure to include the technical details of the attack and our response. We're also looking into ways to improve our infrastructure to better handle these types of attacks in the future.

We appreciate your patience and understanding as we work through this. We're committed to keeping Onetimesecret.com up and running and will continue to do everything we can to make that happen.

Updates

14:22 PM PDT

Not much new to report. The attack continues. I've been updating the professional quality requests chart every hour or so.

10:23 AM PDT

Here is another graph showing the professional quality requests chart since around 09:30 PDT today (Sept 12th). It's been going on a lot longer than that today. This is just since I've been tallying in real-time. I'll go back and get the day's worth when I have a chance.

For context our usual traffic is around 50 requests per second. So 20k+ peaks are a little higher than normal.

Requests Chart Professional - Sept 12, 2024

Here's a link to the python script that generates the chart: requests_chart_professional.py data data file: requests-per-second.txt

Discussion on Hacker News