We’re standing up against a DDoS attack
No doubt, this has been a tough weekend for Meetup. Since Thursday, we faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We’ve had many hours of downtime over several days, a first for us in 12 years of growing the world’s largest network of local community groups.
While the site was down, the Meetup community was not. There were over 60,000 Meetups during the outage period- people meeting up about what’s important in their lives- and saw an incredible outpouring of support.
Who does a DDoS on @Meetup? Do they hate kittens, too?
— Sean McCann (@mccannst) February 27, 2014
— Alexander Tran (@alexstran) March 2, 2014
Feeling for the @Meetup team. The site is still down. Fight back Meetup, we need you.
— Kris Angell (@kangell50) March 2, 2014
We’ve been fighting hard since the attacks began.
A little background: We spend millions of dollars every year keeping the Meetup website and apps secure, stable, and reliable. At Meetup HQ we have an amazing team of systems experts who build and manage our secure data centers — they are on-call 24/7 and have been very successful at making Meetup reliable year after year.
We were prepared for most DDoS attacks, but the nature of these attacks is changing (example here).
Here’s what happened. On Thursday morning, I received this email:
Date: Thu, Feb 27, 2014 at 10:26 AM
Subject: DDoS attack, warning
A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.
Simultaneously, the attack began, our servers were overwhelmed with traffic, and our services went down.
We got to work mitigating the attack, but we remained unavailable for nearly 24 hours. Service was restored Friday at 9.30am EST, but it took many hours for the changes we implemented to defend against the attack to be distributed across the Internet. Many folks did not see us come back up before we were hit again.
On Saturday at 4 pm EST, we received another severe DDoS attack. By midnight EST, the engineering team implemented a new solution, and Meetup’s website and apps were widely accessible again.
On Sunday, at 8:09 pm EST, another strong attack began again, taking Meetup down for a third time. We spent the past several days taking every step to ensure the site and apps are available. While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead.
The natural question I know many of you will ask is why didn’t we pay, especially since the amount of money demanded was ridiculously small ($300 USD).
We chose not to pay because:
- We made a decision not to negotiate with criminals.
- The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more.
- Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.
- We are confident we can protect Meetup from this aggressive attack, even if it will take time.
Please know that while we will not pay the criminals, YOU CAN COUNT ON MEETUP to be stable and reliable soon. We’ll continue to work diligently to restore the site and the apps, to bring back all features, and to minimize the effects of the service outages.
This is an attack on everyone who believes that people are powerful together. We live in a world where criminals can make extortion threats against an organization like ours and temporarily frustrate millions of people. But we also live in a world where organizers start new Meetup Groups, members show up, people start talking, and communities form. Our platform is built around a simple idea — that if Meetup helps people to find the others, we will all be more powerful and will create the kind of world we want to live in together.
Co-Founder and CEO, Meetup