At approximately 21:10 UTC we started receiving a DDOS (distributed denial of service) attack, which ramped up and caused intermittent outages across the Upmind API and therefore frontend client and admin areas. We frequently receive DDOS attacks and they usually cause no issue, but today's attack was to an endpoint that didn't have all of our DDOS mitigations in place. This DDOS made Upmind functionality unavailable intermittently from 21:10 UTC, and fully from 21:30 to 21:54 UTC.
The issues were fully mitigated by 21:54 UTC. We continue to monitor to ensure no further performance hits.
A number of improvements to our DDOS mitigation will be enacted over the next week.
The aim of DDOS attacks is to overwhelm a network and cause services to go offline, usually with the only aim of causing disruption but sometimes with the aim of weakening security. In the case of Upmind there is no feasible scenario in which a DDOS attack would cause a security issue. However we understand that any disruption or performance issues are unacceptable for our clients and we will do our best to ensure we can mitigate future attacks fully.