As I’m sure you are aware, JVZoo sustained a major and malicious Distributed Denial of Service (DDoS) attack this past Friday, December 16th, which continued throughout the weekend and following week.
We are currently monitoring our system and are continuing to improve our ability to defend off these malicious attacks, but wanted to give you an update on what occurred and the steps our team has taken to get everything back up and running.
I realize that many of you may be frustrated with the fact that we have not released updates regarding the attacks, but rest assured that we have been working hard to ensure that your business continues without interruption.
What is a DDoS attack?
A Distributed Denial of Service attack is used by attackers to send artificial network traffic to a targeted service with the goal of overwhelming that service’s network bandwidth and server capacity. These attacks are generally conducted by first breaking into and gaining control of network enabled devices around the world. These devices are compromised without the person who owns the device being aware of the fact that it now responds to commands from the attacker. After the attacker has established this network of compromised devices, they are then able to begin the actual attack by ordering all of the compromised devices to send malicious network activity to the target’s web servers. This fake traffic is generally indistinguishable from legitimate traffic coming from actual users of the service.
The following analogy may add clarity:
If 500,000 people all around the globe began mailing you 1 very official looking letter once a second for every second of the day, what would happen? How would you be able to distinguish your real mail from the fake mail? Furthermore, how would the post office even begin to keep up? Now imagine that this is happening and the people sending the letters are unaware they are doing so.
JVZoo has been the victim of previous DDoS attacks and has been successful in fighting them off. This attack was much larger and much more malicious. This attack did not result in data loss or a security breach, rather it was meant to try to destroy our relationship with our users.
We are currently working with law enforcement to determine the attack’s origin.
On behalf of JVZoo, we would like to thank all of our users for their continued support, patience and understanding while we address this issue. We appreciate the users who reached out to us to offer any assistance. Without you, we would not be the company that we are today. We look forward to continuing our shared success.
In addition, we would like to thank our team and the professionals who worked all hours of the day to stop the attack and get our site back up and running for our users. We would like to thank our support team for assisting all the users who had questions and concerns. We know that there were numerous tickets opened and our support team worked around the clock to answer each and every one of them.
Thank you to our competitors and users who reached out to us with support and offered assistance, as many of them have also recently experienced similar attacks.
Lastly, thank you to the law enforcement agencies who have been working diligently to investigate the attacks. Unfortunately, as long as there are successful internet companies, there will be people out there who feel the need to try to bring them down. Together with the internet community, we hope to find a way to prevent these attacks.
Laura Casselman and the JVZoo Team