Typepad Claims Extortion Effort

Their note today attempts to explain why they were down throughout most of yesterday (again).

May 20, 2014

We wanted to give an update on yesterday’s outage. Just before 9am EST, we were hit with an attack. Our mitigation tools kept the attack at bay early on. Your blogs, andtypepad.com,(sic) may have been slow or occasionally shown an error, but services were mostly up. At about 10:40am ET, the attack grew massively in size — large enough that our upstream providers dropped all of our traffic.

This was unexpected and came without warning. We don’t blame our partners — they were also feeling the brunt of this attack and it was in their best interest to drop our traffic. We worked with our providers to find a solution that would bring us back online. It was a significant effort, but with the help of our partners, we were able to get everything back online by the end of the day.

Why did Typepad get attacked again? Similar to other popular sites, we are the target of a criminal trying to extort money. The attack this time was much larger, with the goal of forcing us to give in. Typepad has been working with other impacted companies to share information and help end these attacks.

Some of you have asked why we did not give more details in our status updates on Twitter and Facebook. Simply put, we are trying to avoid leaking information that may make it easier for criminals to attack us in the future. We have heard from other victims that the attacker may follow social media and has adjusted attacks based on information found in updates on networks like Twitter and Facebook. We did not want to make it any easier for them to attack us, so we chose to keep the technical details to a minimum.

We believe that we have a solution in place that will be sustainable in the long term. 

That remains to be seen. Thus far, the explanation seems rather implausible. They’re hardly blameless in all of that. Since they claim to have been attacked by botnets before, one would expect them to have exploited those opportunities to harden their systems, which it is abundantly clear they did not do.

The original MaxRedline site at typepad is active, but no new material is being posted there at this time. I’m weighing the options of either continuing to maintain that site (assuming they can regain some degree of reliability) or migrating all of that content here. Neither option is particularly appetizing.

Advertisements

About maxredlines

experience: biology, zoology, psychology. authored/co-authored papers appearing in peer-reviewed scientific journals, as well as numerous professional proceedings. authored articles appearing in computer-oriented publications. featured in publications ranging from books to New Yorker magazine to television.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

2 Responses to Typepad Claims Extortion Effort

  1. On Blogger you can download your whole blog with one click then upload to other services. Maybe typepad has the same function the you can just upload to here

    • maxredlines says:

      It’s a little more complicated, because there are so many other features tied in. I used to use Blogger, but went to Typepad because of the increased flexibility – and for a decade, it worked pretty well. But exporting those components is kind of tricky, which is why I’m prevaricating. If they can guarantee me a deal with less downtime, I might stay there to avoid the hassle. For now, I’m looking at porting here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s