On Tuesday night, June 12 at approximately 7:51p ET, a distributed denial of service (DDoS) attack was directed at a site hosted on Acquia infrastructure. More specifically, the attack was directed at a shared load balancer that also serves requests for your site. Acquia is in the process of identifying the target of the attack and will work with the appropriate customer once their identity has been determined.
The original symptom was a failed load balancer and immediate action was taken by the Operations team to fail over to the secondary load balancer. This resulted in approximately 2 to 4 minutes of downtime.
After the failover, it became apparent after approximately 10 minutes of load increasing, but not yet impacting site performance, that a Distributed Denial of Service (DDOS) attack was in progress. As the Operations team was in the process of provisioning a significantly more powerful load balancer the DDOS traffic reached a point at which some sites became unresponsive for approximately 7-10 minutes. Sites recovered and normal operations resumed at approximately 8:30p ET soon after the secondary load balancer was brought online.
The cost savings of shared load balancers carries with it some risk that a significant traffic spike or DDoS attack of this type may impact all customers on the same hardware. Dedicated load balancers mitigate this risk and are available from Acquia at modest additional cost. Please speak with an Acquia sales representative if you are interested in more information on dedicated load balancers.
We are continually improving the resilience of the Acquia Cloud environment and we are reviewing the details of this incident to see if there are additional measures we can take to mitigate the effects of such attacks. If you have further questions about this incident then please feel free to set up a call to speak with one of our Client Advisors.