Their note today attempts to explain why they were down throughout most of yesterday (again).
May 20, 2014
We wanted to give an update on yesterday’s outage. Just before 9am EST, we were hit with an attack. Our mitigation tools kept the attack at bay early on. Your blogs, andtypepad.com,(sic) may have been slow or occasionally shown an error, but services were mostly up. At about 10:40am ET, the attack grew massively in size — large enough that our upstream providers dropped all of our traffic.
This was unexpected and came without warning. We don’t blame our partners — they were also feeling the brunt of this attack and it was in their best interest to drop our traffic. We worked with our providers to find a solution that would bring us back online. It was a significant effort, but with the help of our partners, we were able to get everything back online by the end of the day.
Why did Typepad get attacked again? Similar to other popular sites, we are the target of a criminal trying to extort money. The attack this time was much larger, with the goal of forcing us to give in. Typepad has been working with other impacted companies to share information and help end these attacks.
Some of you have asked why we did not give more details in our status updates on Twitter and Facebook. Simply put, we are trying to avoid leaking information that may make it easier for criminals to attack us in the future. We have heard from other victims that the attacker may follow social media and has adjusted attacks based on information found in updates on networks like Twitter and Facebook. We did not want to make it any easier for them to attack us, so we chose to keep the technical details to a minimum.
We believe that we have a solution in place that will be sustainable in the long term.
That remains to be seen. Thus far, the explanation seems rather implausible. They’re hardly blameless in all of that. Since they claim to have been attacked by botnets before, one would expect them to have exploited those opportunities to harden their systems, which it is abundantly clear they did not do.
The original MaxRedline site at typepad is active, but no new material is being posted there at this time. I’m weighing the options of either continuing to maintain that site (assuming they can regain some degree of reliability) or migrating all of that content here. Neither option is particularly appetizing.