You can now add Typepad, the blogging service owned by SAY Media, to the growing list of technology companies that have undergone DDoS (distributed denial-of-service) attacks, which crash websites and other online services for what are now days a time. In Typepad’s case, the company is entering its fifth day under attack, after a series of on and off again hits began on Thursday night, just ahead of the long Easter holiday weekend.
The attack appears to be similar in nature to those which have hit several other high-profile tech companies in recent weeks, including Meetup, Basecamp, Vimeo, Bit.ly and others. Though Typepad has not yet publicly shared much information about its attackers, the typical scenario involves an attacker knocking the victim’s site offline using a flood of traffic, then refusing to stop the barrage until the victim company pays a small amount of “ransom.” The initial amount is usually fairly insignificant, but once the victim agrees, it tends to go up, as they’ve now confirmed themselves as an easy mark.
While DDoS attacks have always been difficult to handle, many victims today are facing a newer, more powerful sort of attack that exploit flaws in older Internet protocols which were never secured particularly well. Meetup.com, for example, fell after being hit by an NTP-based DDoS attack – meaning, an attack that leveraged NTP (Network Time Protocol), which is used to sync time clocks between multiple servers.
It’s not uncommon for NTP attacks to be in the 10 Gigabits range, which only a couple of years ago would have been a record-breaking size, said Matthew Prince, CEO at CloudFlare, a company which has been stepping in to help get victims’ sites back online. (Meetup’s attack was 8 Gigabits in size, and knocked the site offline for several days in March).
In Typepad’s case, the company confirms on its official blog that its attack is similar to the one that affected Basecamp, and they have now “put in place some roadblocks to mitigate the attack, but we are on high alert as attackers change their tactics regularly,” the post says.
Typepad blogs and its application were restored yesterday afternoon, the post also claimed, but noted that some slowness would remain. However, in the early morning on Monday, the company announced on Twitter that it was again experiencing issues with the app and blogs. Some seem to be coming back up now, but further tweets indicate that trouble remains.
The company is also working with CloudFlare, which is powering the error pages that appear when the Typepad.com domain cannot load up properly – such as in the case of a network timeout (Error 522) errors still appearing this morning. It’s also working with Fastly, we’re told.
Additionally, the homepage for Typepad’s parent company SAY Media, the digital publisher and acquirers of Six Apart (Typepad makers), VideoEgg, ReadWrite.com (previously ReadWriteWeb.com), and others, is also failing to load. According to CrunchBase and Google, the SAY Media domain is saymedia.com. This website offered the usual company info, like an About page, Careers page, advertising details list of brands (including also xoJane, Fashionista, Cupcakes and Cashmere), and more.
However, now the domain comes up as a blank page, with text that reads only “unknown domain: www.saymedia.com,” perhaps indicating that changes to its DNS are underway.
We requested more information from Typepad and SAY Media and will update if either responds.
UPDATE: SAY Media has responded that they, too, received a “ransom” note which didn’t specify an amount. The company ignored the note and focused instead on mitigating the attack. They are also cooperating with the FBI on this investigation. “We’ve made excellent progress this morning, but still have some customers impacted and we’ll keep you posted when there’s more news to share,” a spokesperson said.