Our Forums have been down for the last few days and we apologize for the interruption. We did communicate on this in the Matrix room but that quickly fades away in the backlog.
Here is the full story:
On Saturday the 29th of July, at 05:08 am GMT, we have noticed that our main puri.sm website was not responding anymore. After investigating, we realized that a huge amount of requests where being sent to the server. Our Systems team reported that 10000 requests from 3500 different IP address have hit the server in 10 minutes. That is 1000 requests per minute or around 16 requests per second. Requests where hitting random pages where most of them would not even exist and return a 404 error. We figured that we could possibly face a Distributed Denial-of-Service (DDoS) attack.
After a few minutes the shop was down with the same symptoms. Followed by the Gitlab repos, the Forums and the entire PureOS infrastructure, including the pureos.net website, the repos front-end and the repos themselves. At that point, PureOS users where not able to update their systems nor to install new software from the PureOS repositories.
After a few hours, we realized that there were hundreds of thousands of different IP addresses involved in the attack and it was pretty difficult to filter out the requests related to the attack from the requests from real visitors.
We are obviously not a big multinational company and our servers resources are not unlimited. We decided we would deal with each website one by one. Therefore, we have setup some logic on our servers to analyze the requests in order to guess as good as possible what would differentiate an attack request from a normal visitor’s request. After almost two days of analyzing and filtering, improving the servers configurations, we managed to block most requests from the attack and were able to have the main website, along with the shop back online.
What was a first victory, then became a non stopping effort as requests kept coming from always different IP addresses.
By now, the attack has lowered its intensity and our forums, that was the last piece to restore is back online.
We had never experienced DDoS attacks before and those numbers we got hit by were quite impressive for a first try. A huge thanks to our team who managed to brilliantly handle this situation and bring back our online services to the people!