On Monday, January 23rd around 3:30pm, we received a few odd emails, claiming to have found a vulnerability in our site. The email basically said go ahead and check, your site is down, pay us a small amount in Bitcoin and we’ll give you the solution. We work with bug bounty engineers all the time who report things to us and then we reward them with a bug bounty payment. This is a normal practice for most platforms of our size, but this was different. This was an extortion attempt. We checked the site, which was still online, and found no vulnerabilities.
Fifteen minutes later though a massive DDOS (Distributed Denial of Service) attack started and brought the site to a crawl and things started timing out. We can’t be certain these things are connected, and I can make a decent argument they are not; A DDOS is not a site vulnerability in the usual sense of the word, and it’s not something where you would pay a ransom for a “solution”. We think it’s more likely this was yet another state sponsored attack against the strongest bastion of free speech.
The attack was the largest, longest, and most distributed attack we’ve ever faced. For 8 straight hours, more than 12x the normal traffic we’d expect on a Monday was attempting to make requests to the site. The attack was coming from thousands of IP addresses from just about every country on the planet, along with US cloud providers like Google and Oracle and hosting providers like Digital Ocean and Linode. We got a pretty good handle on it within the first 30 minutes, but new sources and countries would appear and spike for the rest of the day causing occasional slowness. We played whack-a-mole and continued to implement temporary blocks and rate limits, focusing on providing a good experience for our core audience of US viewers.
During the event, we had 1.5 Billion hits to the site. The largest share of attacks came from IPs in: Indonesia, Russian Federation, Brazil, Hong Kong, Mexico, Tor, South Korea, India, Singapore, Germany, Colombia, Ukraine, Argentina, Japan, Ecuador, and the list goes on. We’ll continue to improve our infrastructure and software stacks to be able to handle these sort of attacks better, but we’re quite happy with our performance on this one. Imagine being the idiots behind this attack which barely affected us and instead galvanized the user base against the likely perpetrators.
Consider helping us spread the good word about Gab to new users by telling a friend, subscribing for GabPRO, or grabbing some merch from our shop. We’re only able to fight off attacks like this because of support from people like you which helps us continue to grow our in-house infrastructure.