This morning, around 6:00 AM CST, we received alerts from our web host that our website was unavailable. Unfortunately, due to our monitoring system hitting a cached URL, we didn’t get notified immediately. After reviewing the server logs, we found that a single IP address from Singapore was bombarding our site with over 190,000 requests within a few hours.

Part of the server logs from the malicious IP

While our web host has a robust firewall, this traffic wasn’t flagged as malicious, which led to our site going down temporarily.

In the past, we’ve blocked traffic from countries known for cyberattacks at the server level, and if these attacks persist, we’ll implement country-level blocks across all our web servers again.

Rest assured, the attacker did not gain any access to our site’s backend. This seems to have been an attempt to either take the site down or find a security hole, possibly through an outdated plugin (which we never run on our site).

To prevent this from happening again, we’ve added an extra layer of security at the application level that will automatically ban these types of attacks. We’ve also updated the URL we use for monitoring to avoid similar issues in the future where we don’t get a notification due to server caching.

You can see our status page that is hosted on a different provider than our main site here at any time: https://status.th3dstudio.com/public.php

Thank you for your understanding and continued support.

Leave a Reply

Your email address will not be published. Required fields are marked *

SHARE YOUR CART