Hello everyone! It's @ddrfr33k, here with @chiren to deliver a long overdue update. This was an update that I didn't look forward to writing. Take a wild guess why...
All jokes aside, I'm going to run you through what happened since August, what we're doing, and what we're going to do going forward. TL;DR: we got screwed over, hard. But, we're rebuilding and will need your help to do so.
At the end of August, the whole internet was hit by a new type of Distributed Denial of Service (DDoS) attack. It's known as HTTP/2 Rapid Reset. While I won't bore you with the details, Cloudflare and Google both recorded record breaking levels of attacks and do a fantastic job explaining what happened and how it worked. These guys were targeting anyone and everyone. And we were included in the target list.
Attacks like this are designed to cause financial harm to small businesses and website owners, and we were no exception. This attack ran up a tab on our Amazon server that totaled more than $50,000. Far more than our normal day to day operations. As a result, Amazon shut down our instance, and said we needed to pay to get back into our servers. @chiren reached out to support right away, and they started investigating. Within a few days, we had received confirmation that the spike in traffic came from a malicious attack (nah, ya think?) and that Amazon would be issuing a refund. That was on September 9th, with an ETA of the 11th. Which came and went, very quickly. @chiren, to his credit, hounded our support contact. He sent regular emails and pressed them for more details. Which were rather mum. We didn't get much information from our AWS support person. To say we were disappointed is an understatement. They kept dragging their feet, saying that it needed approval from support who were higher up on the totem pole than the person we were talking to. For a month and a half. Yeah...
Things came to a head on the 13th of October, when @chiren received an email stating that our account would be suspended on the 18th of October for nonpayment. While we're waiting on our refund to return our funds that were drained and get us out of the red with AWS. As I'm sure you guessed, that time period came and went. They didn't suspend our account due to our open support ticket, but we're still not able to turn our site back on. So we're more or less up a creek without a paddle in terms of where we were.
So! Let's talk about what's next. First things first, we were able to get into our backup server and secure our database. Your account and status on Vimm is safe. We need to do two things:
- Move the Vimm website to another host
- Set up a new CDN for distribution
The first is easiest to do, as we have all the codebase and databases to do it. We're just broke because of the nonsense that went down in August. For that reason...
Our overall costs prior to the attack were around $500USD per month. We're going to start a DHF proposal requesting around that amount for 2 months to help us get on our feet. We're going to need a shipload of upvotes to get this proposal up and running, but this is what we're going to need to get our site online on a new host. Every upvote will help us get the funds we need to start fresh elsewhere.
The second part, the CDN, is a tougher nut to crack. We have plans in mind that we can't talk about just yet. But what I can say is that we're going to work on decentralizing our infrastructure. We want Vimm to be a global service, with a global network of streamers. It's going to happen, slowly but surely. We will have more details regarding that soon. In the mean time, make sure you're part of our Community Discord. Any of our updates will post there. We'll have more community town hall meetings in the near future with further updates. Be there!