Moonfruit, a free website builder, has taken thousands of business and personal websites offline following a distributed denial of service (DDoS) attack.
The company’s users are disappointed by the slow pace at which it has communicated the problem, and the way it’s being handled.
The company said it had been threatened with a cyber-attack and had decided to make its customers’ websites unavailable for “up to 12 hours” to make infrastructure changes. In a statement on the Moonfruit website it was said that the company was actually attacked by a hacker group called the Armada Collective, which DDoSed the site for about 45 mintes.
One business owner told the BBC it was “very bad timing”.
Film-maker Reece de Ville said: “They have been slow to communicate via their website what is going on.”
“I’m going to have hundreds of people finding my site today but not being able to access it. I could be losing out on a lot of money from potential clients, and they may not come back if they think the company has gone. It’s incredibly bad timing, especially for businesses selling Christmas cards and gifts on their website.”
In an email to its customers, the company apologised for giving them “short notice” that their websites would be offline. “We have been working with law enforcement agencies regarding this matter and have spared no time or expense in ensuring we complete the work as quickly as possible,” the company’s director, Matt Casey, said in the official statement.
Ron Symons, regional director at cyber security specialist A10 Networks said: “Moonfruit has responded in the best possible way to this threat by taking its services offline. As the attack it suffered last week shows, distributed denial of service (DDoS) is extremely difficult to prevent. More worryingly, DDoS attacks frequently act as smokescreens hiding more invasive attacks as hackers exploit unguarded system backdoors to steal sensitive data.
“By making this bold decision to pre-empt another incident, Moonfruit stands a much better chance of protecting its clients’ private data. The shutdown may be inconvenient now, but by ensuring its infrastructure is equipped to deal with today’s increasingly powerful cyber attacks Moonfruit is acting in the best interests of those using its services.”
SEE ALSO: Throwback Thursday: Why Apple is called Apple Dave Larson, Chief Operating Officer at Corero Network Security said: “Unfortunately, the sheer size and scale of hosting or data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack.
“As enterprises of all sizes increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating DDoS attacks – even as an indirect target.”