Denial of service attacks

We are aware of a number of recent denial of service attacks targeting our systems.

We apologise for any site outages during recent days, and have increased system capacity and added additional services to help avoid such problems in the future.

What is a denial of service attack?

A denial of service attack is where multiple computers send repeated, frequent, bogus requests to a single server or group of servers in an attempt to flood servers with more requests that they can handle.

Most commonly these attacks come from various compromised computers all over the world that can be controlled remotely (a 'distributed' denial of service attack).

Is there any risk to customer data?

No. There is no risk to customer data, nor any type of compromise to the security of our systems. We take security very seriously and ensure that our servers are frequently updated and security hardened.

The systems under attack were hosting our publicly facing website; these systems do not have any direct access to customer data. In any case, the method of the attacks was simply to overwhelm the servers with too many requests.

What problems would customers have seen?

There will have been times where visitors to the site may have experienced the site operating very slowly, or a failure to connect at all.

Some people will have seen a 503 error stating that the service is temporarily unavailable due to server overload.

Can you prevent this happening again?

In a rapidly moving technological future there will always be challenges, but we have made some significant changes that should mitigate future attacks of a similar nature.

On Wednesday we added additional resources to increase the system capacity of our web-servers, and by the end of Thursday afternoon we added additional services to filter malicious traffic and help maintain performance during periods of attack.