On January 25, 2023, ISAB's website, https://isab.run/, was targeted by a distributed denial-of-service (DDoS) attack. The attack was a type of DDoS known as a "hosted queries" attack, which involves overwhelming the website's servers with a large number of requests from multiple sources.
The IP addresses used in the attack were traced back to various countries, including the United States, Russia, Japan, Hong Kong, Spain, Singapore, Germany, China, and others. The attack was primarily directed towards the US and Singapore, but had also come from various other countries.
The ISAB Engineering Team immediately activated countermeasures to mitigate the attack and protect the availability and performance of the website. These measures included implementing access rules based on the IP addresses, countries, and regions of the incoming traffic, as well as using firewall rules to block malicious traffic.
Despite the attack, the website remained available and fully operational throughout the duration of the attack, thanks to the well-structured and resilient infrastructure designed by Joe Fang.
To further optimize our countermeasures and prevent future attacks, the ISAB Engineering Team will be conducting a thorough analysis of the attack and implementing additional security measures, such as regularly updating software and implementing two-factor authentication. We will also continue to monitor the website for any suspicious activity and work closely with our hosting provider to ensure that their security measures are up to date.
In summary, ISAB website was targeted by a DDoS attack on January 25, 2023, which was successfully mitigated by the well-structured and resilient infrastructure and countermeasures implemented by ISAB Engineering Team. The attack was primarily directed towards the US and Singapore, but had also come from various other countries such as Russia, Japan, Hong Kong, Spain, Germany, and China. The attack was primarily composed of hosted queries and JS (JavaScript) inquiries, which were identified as automated program attacks.
Our team immediately implemented firewall rules and access rules to block the incoming traffic from the identified IP addresses. Additionally, we also utilized a variety of other tools such as automated program attack mode and custodial inquiry to further mitigate the attack.
We have also conducted a thorough analysis of the attack to determine its origin and methods used. Based on our findings, we believe that the attack was orchestrated by a group of individuals or entities with a high level of technical sophistication.
Moving forward, our team will continue to monitor the situation and implement further measures to enhance the security of our website. We will also optimize our existing countermeasures and explore new technologies to better defend against such attacks in the future.
We would like to remind our communities that the safety and security of our website is of the utmost importance to us. We will continue to work tirelessly to ensure that our website remains available and accessible to all.