Experienced My First DDoS Attack

Something interesting happened yesterday, while writing about cyber security and CDNs, I experienced my first DDoS attack, that hit two service providers, whose plug-ins I use for my WordPress website. I currently host my WordPress site on WPEngine, the best WordPress hosting service on the planet. Their okay, nothing happened with WPEngine.

However, I use many WordPress plug-ins for my site, including Aweber and Statcounter. Unfortunately, these two providers got hit by a DDoS attack yesterday, and recovered in a day or so. Aweber is the leading opt-in email marketing service provider, and Statcounter is one of the the leading web stat tools for WordPress websites.

Aweber has an Alexa ranking of 176, and Statcounter is 184, both have a better ranking than Techcrunch. What makes this case interesting is that Aweber and Statcounter are totally separate companies. Aweber is based in the US, and Statcounter is in Ireland. Was the attack a sheer coincidence?  Or did the attacker focus on hitting two of the most popular WordPress plug-in providers.

The lesson learned, any highly ranked Alexa website needs to be using a CDN. A hardware based firewall isn’t going to cut it, especially when the attacks are global in nature, coming in from different regions. There is no way a Palo Alto firewall, or Barracuda WAF is going to handle a large DDoS attack. Only a CDN with a global footprint can absorb this kind of attack.