Someone attacked our company

  1. 5

    Wow that was a wild story Jack, thanks so much for sharing.

    I had no clue that AWS would be that hands on with a customer either!

    1. 2

      Thanks Chris, so glad you enjoyed it :) And even though we're paying a good chunk of cash each month now, AWS have exceeded expectations. On Saturday, the response & assistance was incredible. It was a big adrenaline rush to have such competent, highly specialized engineers on our side.

  2. 4

    the interactions with the AWS heavy-hitters are exactly right

    there are some capable people inside that org, and when you have an interesting problem and some cash they're very accessible.

    especially the "Attackers don’t have unlimited resources" line and their willingness to play ball on privacy in the logs. These are people you want on your side in a crisis.

    1. 2

      Definitely Abe :) We'd never spoken to AWS engineers on the phone before. I've spoken to plenty on Twitter etc., and they're all great, but to have someone handling the evaluation of our super-limited access logs & finding patterns. It was marvellous. It's obviously a significant expense, we're still a small company, but the ROI is gigantic.

  3. 3

    Very interestin read, thanks for sharing!

    One question, what makes you view Cloudflare as a competitor?

    1. 2

      They offer "free, privacy first analytics". They are a multi-billion dollar company who can offer "free". We are indie hackers and can't compete with free. So we are competing for analytics customers in that way.

  4. 3

    Talking about privacy first, Tutanota had a DDoS attack too a couple of months back, maybe there's a pattern 🧐

  5. 2

    Wow quite a story. Since this is obviously a crime, have you considered reporting it to the authorities? Or is it pointless for this kind of stuff?

    1. 1

      We can't say anything publicly about this stuff but, yes, it's a crime.

  6. 2

    What kind of shithead does this and what do they even gain? Were they going to send you some ransom note?

  7. 2

    Related, Indie Hackers has been DDoS'd a few times in recent weeks. Very annoying that people spend their time doing stuff like this. They're most often kids, or lonely adults who've found purpose by joining communities that support this kind of stuff.

    1. 1

      That sucks Courtland. And it's funny you mention that because there is a part of me that is empathetic. Someone who launches a DDoS attack isn't someone who is happy in life. Similar to trolls online, they are often empty individuals. Hope things are going okay for you!

  8. 2

    Damn, I can't afford even the cost as startup to handle DDos attack of this peak. I would better shutdown service for some moment.

  9. 2

    Exhausting! Good on you.

  10. 2

    Crikey, that sounds incredibly stressful, but kudos on making such massive strides in learning about heading off these kind of attacks.

  11. 2

    Hey Jack! I discovered Use Fantom recently and will be using your services for my new platform. Thank you for sharing your experience. I'm so sorry for what happened. It's crazy to think that someone would want to destroy an online business like that. This makes you think about the protection investments one should make to avoid this sort of incidents.

    1. 1

      Absolutely. We're excited to see you sign up to Fathom, Victoria!

  12. 2

    It was really educational (in a way) reading how you folks handled the issue. Yay for more transparency.

  13. 2

    That's a fascinating post Jack.

  14. 2

    I got the "we need to store access logs" email from Fathom last week and I thought to myself "Ohhhh, an interesting new blog post is coming". I wasn't dissapointed 😂

    I'm sorry you guys had to go through all that stress but glad you came out stronger in the end. But I'll be honest - this is exactly why I decided to use cloudflare for my product. I am just so scared of shit like this happening that I've decided it's worth it.

    1. 1

      For sure, Val. I totally get it. Cloudflare offers a good service for this kind of thing!

  15. 2

    What a thrilling story! Well done fighting back those attackers. 💪

    The lack of human redundancy it's a significant downside of small businesses. You can't even quietly eat dinner with your family. I'm afraid to hit a similar situation at some point. Nevertheless, good to know that you could hire DDoS mitigation experts so quickly.

    1. 2

      Thanks Lukasz! We had one person saying we shouldn't share the human aspect but we run our business in a very transparent way. When we write about something, we aren't trying to look perfect, our intention is to be transparent and share our experience.

  16. 2

    Man, that has to have been super-annoying.... Thanks for writing it up!

    Did you ever figure out the motivations of the attacker? Or find out who they were?

    1. 1

      Can't comment on this publicly, sorry Tommi!

  17. 2

    Thanks for writing and sharing this story, it's sad that some people just want to see the world burn.

    I really like that you see this as an opportunity and you don't let it get the better of you, I guess this is the mindset everyone needs to adopt, turn every disadvantage into an advantage.

  18. 2

    Scenario of a future movie....
    However, I would be interested to know what cloudflare team can do for that. You mentionned "it's free", but they have paid package, and I guess it's to handle this kind of ddos.
    Also, I don't see cloudflare as your competitor, they added the analytics only few weeks ago, and it's not their main features, instead of your service. I see their analytics as a "nice" feature, but I'm not sure that peopl will rely only on that analytics

    1. 1

      Oh wow, Cloudflare doesn't offer the same service for free, I was wrong. We have 24x7 access to AWS for DDoS support, Cloudflare only includes that on Enterprise. So this isn't the same at all, AWS Shield Advanced is way better.

  19. 2

    been followin you guys for a while, thank you for including the post about the expenses. Hopefully, those expenses will prove to be worthy in a long run.

    1. 2

      Thanks for reading David! We see our costs as investments. Even the DDoS Attack. We learned a ton & are now building an epic spam detection system :)

  20. 2

    Reads like a thriller! Props.

    1. 1

      Haha, thanks Moritz, I appreciate the feedback :)

  21. 2

    Hey Jack,
    Thanks for sharing. This is really interesting to read.
    Thank you again.

    1. 1

      No problem JC, thanks for reading :)

  22. 2

    Good post. I have also been DDoSed before. I've always considered it to be inevitable when you grow to a certain point. Better to be prepared.

    Halfway through the post I kept wondering - why not use Cloudflare 🤣

    Good call though - sticking to your guns.

    1. 2

      Haha! I’m super happy with AWS. It’s costing us a bit. But the level of service is incredible. Plus Cloudflare wouldn’t have been able to pull off the solution we ended up with on Saturday 😝

  23. 2

    Hey. Very useful and entertaining post. Not being from a tech background...this is one of my fears. It is good to know that you CAN fight back and win.

    1. 1

      Thanks! I appreciate it and I’m glad you enjoyed it :)

  24. 1

    I read this on twitter. Crazy story and glad I read it. Thanks.

Trending on Indie Hackers
Just crossed $2000 on my first indie app. Here’s what I’ve learnt 26 comments I bootstrapped a cohort-based writing course to 1,400 members in 6 months (while working full-time). AMA! 17 comments Seeking feedback on MVP. Is value prop obvious? 15 comments The Best Collection of 99+ Tools for Product/UI/UX Designer, Maker & Indie Hackers 7 comments Download Product Hunt Upvoters List in 2 Mins 7 comments Roast My Idea: Widget to track order progress 4 comments