Over the last weekend we have been hit by a spam attack and as a result, had to temporarily shut down our servers. Here is our detailed report to what has happened. Note: This incident was a spam attack which flooded our platform with random events and no data has been compromised, breached or leaked.
On Saturday September 8th, around 12pm European time we discovered an unusually high amount of user signups and event creations. As it happened on a Saturday, it took us a little longer than usual to dig into the issue.
After analyzing what exactly was happening, we assumed the attack was about to get worse and there was little we could do at this time. We had to make the tough call to take our servers offline and with that, temporarily shut down out site to mitigate the problem. While this meant that no one would be able to access the site, we believe it was the best call we could make, to avoid any further issues caused by the flood of spam that came down on us. It also meant that the attacker would not have any further success in placing SEO content on our site and thus would hopefully stop.
What it means for your data
During this attack, nothing was exposed and no data has been leaked. The attack was not a hacker attack, but a spammer who tried to create a lot of spam content on our site. All events created during this time have been successfully identified. All current valid events and our users should now be able to use Colloq as usual.
The user accounts and events in question have been flagged as spam and will be deleted soon.
What are we doing now
We’ve learned a lot from this event. Even though it’s been a tough decision, we still believe that completely shutting down our service was the best option that we’ve had.
To go back online and mitigate such attacks we had to build quite some new infrastructure. From now on we are able to handle spam attacks like this one a lot better and without the need for shutting down access to our platform. We will write a separate, more technical post with more details soon, so we can share our useful learnings from this type of attack.
In the near future we will implement a way to shut down write access to our platform, while being able to serve something, instead of only showing a white, non-responding page. We will also evaluate how we could serve a separate status page that reflects our the current service availability without increasing our service costs a lot.
Thanks for your support!
We’re sorry for the long downtime and inconvenience. We appreciate your ongoing support and want to say thank you for being patient. This incident was exactly the kind you’d always think would never happen to you. Well, it easily can and as mentioned, we still don’t have all the answers to our questions of how to best prepare for things like this. But one thing is for sure: Despite all our previous implemented measures to avoid exactly this, a spam attack is very difficult to control or even avoid, and can happen easier than you’d think.
We hope everything works as expected again and that we’re now able to prevent spammers from affecting our service from humans, for humans. Not bots.