Starting at 12:30 on June 20h 2024 a distributed denial of service (DDoS) attack began hitting several FlexBooker services at increasingly high rates, leading to diminished performance (longer API calls and page loads). FlexBooker reached out to Amazon AWS (the hosting company) for assistance. This led to Amazon's initial reaction to begin terminating Internet-facing network adaptors, leading to a total outage. The attack only hit public-facing endpoints, and created service and app overloads, but at no point was any data (merchant or client) ever exposed.
After initially working with AWS to block the attack to turn the network adaptors back on, we felt that the support response times were too slow. This led us to explore other options while also pursuing AWS support. A complete migration of a new environment to Microsoft Azure was initiated, along with all app services, queues, data, and cache layers. This was completed on the evening of June 25th. DNS aliases were switched to Azure, which over the proceeding hour or two of propogation led to the restoration of all services.
The Azure environment was set up in close coordination with Microsoft Azure security and support to ensure resistance from future DDoS attacks, including tuned Azure DDoS Protection. The AWS environment has been restored also, which will be kept as a completely independent emergency environment.