Web host Moonfruit defies Armada DDoS crew … by (temporarily) defeating itself

Move follows 45-minute attack last Thursday

1 Reg comments Got Tips?

Web host Moonfruit last night began putting its systems back online after taking down customers’ sites in order to upgrade defences in the face of a threatened DDoS attack, with the firm blaming a recent assault (which prompted the self-takedown) on the Armada Collective crew.

The unusual move of temporarily pulling its own website – and customers’ sites – offline came in response to threats that Moonfruit faced an imminent internet attack.

Withdrawing services amid fears they might be about to be taken down anyway was designed to push customers to update settings, and make systems more resilient to abuse. The move follows a 45-minute DDoS attack against Moonfruit last Thursday.

The firm blamed the infamous Armada Collective crew for that assault. The cybercrime gang has recently been linked to DDoS extortion scams against secure webmail firms ProtonMail and Fastmail as well as a number of Greek banks.

Moonfruit concluded that caving into an extortion from the group would only invite further criminal demands.

Moonfruit began the process of bringing up systems on Monday evening, as its latest status message (extract below) explains.

We have been working hard on bringing all services up as quickly as possible, and have now reached a stage where customer sites have begun to come back online (if configured as we recently advised). They should all be available within the hour.

The previous configuration settings are still vulnerable and we will not be bringing these online again this evening.

We strongly advise making the recommended changes to bring your site back online as quickly as possible.

UK-based Moonfruit provides business and personal customers with a service allowing them to easily build websites or online shops, based on a common set of templates. Users expressed frustration about the lack of notice before services were withdrawn, the BBC reports. However security experts reckon the unusual “self-actuated DDoS” was sensible in the circumstances.

In a Facebook update, Moonfruit added that it was making “significant infrastructure changes” to offer best possible protection against these type of DDoS attacks.

Ron Symons, regional director at DDoS mitigation and load balancing tech supplier A10 Networks, commented: “Distributed denial of service (DDoS) is extremely difficult to prevent. More worryingly, DDoS attacks frequently act as smokescreens hiding more invasive attacks as hackers exploit unguarded system backdoors to steal sensitive data."

“By making this bold decision to pre-empt another incident, Moonfruit stands a much better chance of protecting its clients’ private data,” he added.

Further security commentary can be found in a blog post by security software firm ESET here. ®


Biting the hand that feeds IT © 1998–2020