Dear SurveyGizmo User,
SurveyGizmo came back online a few minutes ago. We do have a few sub-systems that are still coming back online, like email invitations and some private domains, but we are still working to restore 100% functionality and the majority of our systems are up and running. We're sorry for the prolonged outage over the last two days. Thank you all for being so understanding. I know this must have been difficult for you.
We are reporting the attack to the authorities; but quite honestly the nature of such cyber-attacks make it unlikely that the criminal will be found and prosecuted. I doubt we will ever find out who did this, though it seems it was the same individual who attacked a number of services recently.
I know this email is a little long, but we've been so focused on a fix that we haven't given a complete explanation yet and we wanted to remedy that.
Here's what happened:
At 8:57AM MT yesterday, a denial of service attack began against SurveyGizmo's primary data center in Denver, Colorado. At first the attack was intermittent, then it took our services completely offline.
At 9:30AM MT we received an email demanding money to stop a Denial of Service (DDOS) attack on our service. I hope everyone understands why we would never consider paying or even replying to such a demand. People like this should never be rewarded. Besides which, he wouldn't have stopped and it would have created further incentive for him to attack others.
We already had plans to implement a protection service called CloudFlare (http://www.cloudflare.com) designed to protect against attacks like this. We were planning downtime for it's implementation but the attacker beat us to it.
It was difficult to restore service during the attack itself and it took us working with our service provider Viawest from the beginning until 12:30 MT today to complete the transition.
The CloudFlare solution will help to mitigate and protect us against future attacks of this kind. Viawest also added an additional service to the mix to make the solution even more effective and we can't thank them enough.
Just to reiterate my earlier email, this was a denial of service attack and not a security breach. Your data is (and always was) safe and sound.
I'd also like to point out that, while Viawest and our team had communication issues through this process their team was very committed to getting us online and they were awesome about it. I know we and the social media world have been rough on Viawest over the last 24 hours -- but they totally came through for us in the end.
Although I feel you, our customers, are the greatest victims in all of this, let's not forget that Viawest was a victim of the DDOS attack too! We are incredibly grateful to their efforts in bringing us back online and are very sorry that they and their other customers suffered as well.
I will follow up with another email this afternoon outlining our new defenses and architecture.
I know that many of you had surveys online over the last 24 hours that were critical to your business. Again, please contact our support team if there is anything we can do to help you recover. We will help in ANY way we can. As I mentioned last night, I am happy to communicate with your customers on your behalf to apologize and take ownership of these issues. It will take me a little while to get back to everyone -- but I will!
Thursday, March 27, 2014
SurveyGizmo - DOS Attack 2014
Posted by howarddevelopment at 9:55 PM