March 17 Maintenance Report

In the past week our service has experienced a couple of downtimes. This morning we finally got everything fixed. In the interest of full disclosure, I’m giving you an overview of the incident.

What happened?

On Friday, March 11, we had a hardware failure in our Texas data center. This would be business as usual, if it weren’t for the fact that, at that moment, we were under a DDoS attack. These two combined led to downtime on our website and the Classic dashboard. It lasted for a few minutes until our failover got the service back online.

Our initial plan was to fix the hardware failure and put ManageWP into maintenance so we could get the primary servers back online over the weekend. Unfortunately, the DDoS attacks did not relent, so we focused our effort on staying ahead of the hackers. They kept changing their attack methods, which caused periodic slowdowns and a couple of 1-2 minute downtimes over the next few days, so we decided to move the maintenance ahead of schedule.

The maintenance is over, our servers are up and running at full capacity, and we expect everything to be back to normal.

Was my account in danger?

No. A DDoS attack cannot put your account in danger or steal any information. Its sole purpose is to prevent ManageWP from functioning properly by overloading the server with millions of requests. This particular DDoS was sophisticated, specifically targeting ManageWP, so we suspect that the attacker (or attackers) behind it would profit from ManageWP users quitting our service. We’ve turned our logs over to the FBI and let them handle the rest.

Is ManageWP in danger of going down again?

No. We employ a team of seasoned security and DevOps experts that are used to tackle much more serious attacks, so there was no real threat here. It’s only because of the hardware failure that the attackers managed to cause this little disruption.

It’s worth noting that during all of this the Orion dashboard was up, and a lot of users kept managing their websites. Unlike the ManageWP website and the Classic dashboard, Orion is on AWS cloud infrastructure, which cares less for DDoS attempts than Marlon Brando did for line rehearsals.

We also store a backup of our data on a remote destination (practice what you preach, eh? :D), which allows us to quickly bring ManageWP back online on another infrastructure.

I apologize for not letting you know about all of this right away. We wanted to gather as much intel as possible before we turn this over to the authorities, so we didn’t want to tip off the attackers.┬áIf there’s one thing you can count on, it’s that we’ve got your back.

Nemanja Aleksic

Head of Growth at ManageWP. Marketing Manager at GoDaddy. WordCamp Belgrade organizer. But first and foremost, a father, a husband and a puck stopper.

4 Comments

  1. David Fraiser

    Awesome recon, thank you! You guys did everything right, no one could ask for more.

  2. Jeff

    When a business provides clarity and truth to unforseen events, it creates a natural respect that keeps customers and makes new ones. Thank you for the update.

  3. joey

    Thanks for the update and I’m glad you guys got everything back up!

  4. 1lifeincome

    Having been a victim of hackers, I appreciate you having my back!

Leave a Reply

Your email address will not be published. Required fields are marked *

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!