Popular news aggregator Feedly was taken out of action for several hours after two DDoS attacks this week.
The site informed its users of the first attack at 2.04 (Pacific Time) on Wednesday morning.
“The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can,” the firm said in a blog post.
“We are working in parallel with other victims of the same group and with law enforcement.”
After “making some changes to our infrastructure”, the DDoS attack was neutralized by 15.00 the same day. However, the attackers struck again the following morning.
The second wave was stronger than the first, but the Feedly ops team was able to contain it quicker than the initial attack. By 11.30 the “second line of defense” was up and the DDoS neutralized.
“You should be able to access feedly via feedly.com, feedly mobile apps and third party apps,” the blog post noted. “These criminals are determined to try to extort some money and we are determined to say no to extortion and focus on building a stronger feedly instead.”
The DDoS came just a day after popular archiving service Evernote was taken out of action in a similar attack. The platform was down for several hours on Tuesday.
Kevin Linsell, head of service development at managed services provider Adapt, argued that a DDoS protection strategy is essential for any firm on the web today.
“This could involve signature analysis and dynamic profiling to identify and classify malicious activity,” he added. “Organizations also need to take the time to understand their normal demand patterns, build a profile of their legitimate traffic, improve mitigation response times and effectiveness.”
Trey Ford, global security strategist at Rapid7, praised Evernote and Feedly for the way they handled the respective attacks.
“Companies should take note of the positive user responses to their honest and upfront communications,” he added.