On Friday, December 15, we had major disruptions in our webshop platform. The internal memory of our load balancer was flooded and the system became slow and unresponsive. Our backup load balancer was not activated, which meant we could not deliver data on the requests.
Based on the logs, we could see that a sudden burst of requests in very short intervals came from all around the world. The origin was Wordpress sites, and we suspect that a botnet was used to carry out the attack. This botnet exploited weaknesses in Wordpress installations.
We managed to get our redundancy (the backup load balancer) started, which could handle traffic again. We replaced our load balancer and upgraded it's memory to handle extreme situations. We have also configured the system to ensure that redundancy is activated earlier.