On 25 May we were emailed a threat. There would be a distributed denial of service (DDoS) attack on our services, unless we paid a ransom.
We didn't pay and, later that morning, the attack started. This has hit our Sydney-hosted customers hardest, along with those who route traffic internationally.
Our team have been working around the clock on this, and it's our number one priority. We know how disruptive this has been, and we're sorry for the impact that these attacks have had.
Once we're fully through it, we'll share a proper post-mortem with all the details. For now, here's a quick update to let you know what’s been going on behind the scenes.
The demand
There was not a lot of time between the initial demand arriving and the attack beginning. The idea was to pressure us into making a rushed decision, but we didn't. So, let's look into why we didn't just pay up.
Even if we did send money to the blackmailers, there’s a strong chance that they would go ahead and cause mayhem anyway. If we succumb to the demands of anonymous criminals the first time, why wouldn’t they try again? We could have ended up becoming an even bigger target than before.
The Government strongly discourages ransom payments for these and other reasons. Depending where in the world the attackers are, ransom payments can even breach sanctions, putting us on the wrong side of the law. (If you open that link you’ll see that the Government advises ransom targets like us to report what’s happening. I can confirm that we’ve been in touch with the right authorities.)
On top of all that, there's a final reason that we can agree on: these malicious people don’t deserve anyone’s money.
Who it’s impacting
Overall there has been much more disruption to traffic coming from overseas, which includes traffic being routed internationally or through services like Cloudflare. New Zealand traffic has mostly been stable since the first couple of hours of the attack.
Affected customers have experienced intermittent interruptions. Some websites have been rendered unreachable from many locations, while others suffered degraded performance.
We’ve been providing updates
As our team has worked around the clock to keep this DDoS attack at bay, we've made regular updates to the SiteHost Status page. We know that you want as much information as possible, and when incidents like this one happen that page is the place to go for the latest details.
We have also been posting less regularly on LinkedIn, Facebook, Bluesky and X. These social media channels are useful in times like this, but secondary to the Status page.
It takes a village
We’ve been working with our upstream providers to optimise DDoS mitigation measures, and they have taken this attack as seriously as we have. Our thanks to our networking providers and others, here and overseas, who have made this a top priority and been in close communication with us throughout.
How you can help
It’s useful for us to know if you're still seeing issues. You can help our team by emailing support@sitehost.nz.
If there’s a SiteHost website or service that you can’t reach, let us know what is broken for you, and your IP address (which you can get from whatsmyip.com).
If your website is down, let us know your IP address and the website domain.
If you encounter network issues to our servers, please provide us with your IP address and traceroute to and from the server to your local network and forward it to support@sitehost.nz.
We have received a number of supportive and understanding messages, and even a box of doughnuts, from SiteHost customers. Your support means a lot to us when things are stressful. Thank you all for recognising our team’s hard work and putting a bit of extra wind in our sails.
And to close, thank you for your patience during this incident.