Reddit was downed by record DDoS attack, motive is unknown
In order to relieve the curiosity of the huge Reddit community, systems administrator Jason Harvey has shared some details about the DDoS attack that recently hit the popular social news site and caused it to go down for a period of 50 minutes.
The attack started at roughly 0230 PDT on the 19th, and for the next eight ours the attackers and Reddit admins were “battling it out” by continually adjusting their attack and mitigation strategies.
Most of the users didn’t notice a great difference when using the site during that short period, but some login attempts and API calls failed, and the sysadmins chose to disable some site features.
“The pattern of the attack clearly indicated that this was a malicious attempt aimed at taking the site down. For example, thousands of separate IP addresses all hammering illegitimate requests, and all of them simultaneously changing whenever we would move to counter,” wrote Harvey.
“At peak the attack was resulting in 400,000 requests per second at our CDN layer; 2200% over our previous record peak of 18,000 requests per second. Even when serving 400k requests a second, a large amount of the attack wasn’t getting responded to at all due to various layers of congestion. This suggests that the attacker’s capability was higher than what we were even capable of monitoring.”
He pointed out that the attack was coming from thousands of IPs around the world, which means a botnet was used.
“I’d say the most likely explanation is that someone decided to take us down for shits and giggles. There was a lot of focus on reddit at the time, so we were an especially juicy target for anyone looking to show off. DDoS attacks we’ve received in the past have proven to be motivated as such, although those attacks were of a much smaller scale. Of course, without any clear evidence from the attack itself we can’t say anything for certain,” he added, commenting on Reddit users’ speculation about the motives of the attack, which ranged from “revenge” for getting involved in the CISPA blackout to attackers demonstrating the power of their botnets to a potential customer.
He answered some of the questions put forward by the users, but declined to answer others, saying they have to be careful on what they share in order not to provide next attacker with clear instructions on how to take Reddit down in the future.