Hi folks, as the developer responsible for finding out the cause of our recent server interruptions I just wanted to give you an update on what we’ve discovered and what we’re doing to hopefully prevent this from happening again.
As you are no doubt aware from some of the high profile sites that have gone down over the years, no matter how big or small you are in the internet worlds, there are always people out there who think its okay to cause harm to others on the internets (for whatever lame reason they may manufacture).
What was the cause?
What we discovered, is that there was a ddos attack against eventespresso.com and the attack vector they used was the api we have in place for recording uxip stats and our plugin update engine (used for autoupdates of plugins, and key verification).
How are we addressing this?
Temporarily, we have added site-wide rate limiting to the api. This means that for many of our clients, auto updates and uxip stats (if you opted in) will not function as normal. This will not impact your EE code hosted on your site. You just won’t be able to auto update until we get the fix in place.
Within the next 48 hours, we will be implementing a more permanent solution that will hopefully prevent this from happening again, we’ll update here and on our blog once that is in place and you’ll be able to resume normal auto-updates again.
Please Note: The changes we’ve put in place temporarily should not affect your ability to interact with EventEspresso.com and download plugin files from your account or post on the forums. Again, all this will affect (temporarily) is the ability to do one-click updates via your site dashboard.
Thanks for your patience while we’ve been trying to resolve this. The timing of this attack was unfortunate as much of our team (including myself) was traveling back home from WordCamp San Francisco this weekend and we were unable to address the problem sufficiently until we arrived home.