Recently, several KLAS libraries were the target of a recent spate of DDOS attacks (Distributed Denial of Service).
A DDOS attack’s goal is not to take over or gain access to secure data, it’s about preventing things from working properly. Simply stated, it sends a flood of ridiculous requests to a server and makes it impossible for the server to handle its typical load of real requests. It is like having so many people continuously dial a company's phone number that many / most legitimate calls can’t get through.
Last Friday, KLAS’ OPAC servers were the target of a DDOS attack for several libraries. First Sacramento, CA and Albany, NY on Friday morning followed by Oregon on Friday afternoon. Additionally, Louisiana has been the ongoing target of a similar attack for nearly a month. All Keystone-hosted sites were brought back online within the same day, with additional mitigations in place to protect against attack, and we consulted with the self-hosted sites as requested.
So what does this mean for other libraries that were not specifically targeted?
Keystone firewalls reject all web traffic from outside of the United States, because DDOS attacks typically originate from outside of the US. Additionally, all US IP addresses are inspected with the most common threats prevented. With library staff and patrons spread across the United States, we typically allow most US based IP addresses access to the OPAC.
Last Friday’s DDOS attacks were outside the norm. They all originated from US-based IP addresses and were distributed across many regions and IP ranges making it much more difficult to shut down the bad ones. If you noticed your server traffic being a bit sporadic this is the likely reason.
In response, we started making changes early Friday morning to mitigate the attack and continued to monitor and adjust settings as needed throughout the day and into the weekend. Actions taken to address this situation include a much higher scrutiny of all connections to the OPAC servers and increasing protection tools to utilize a higher, more targeted mode for all IPs, including those within the US. It is possible that on rare occasions a valid request may be denied, but we now have far stronger protection against DDOS attacks. We also made adjustments to the OPAC’s 'load balancers' as a way to block the attack even farther out from the servers. We are sorry any libraries were impacted by these attacks, but now all libraries on KLAS Hosting Service are much better protected.
At this time, we consider the situation resolved and server connections stable since the adjustments we made, but also continue to monitor for any signs of another issue.
