We at Tendenci are sorry that the network outage that is affecting approximately 40 Tendenci websites remains unresolved. We understand that a website is critically important to every organization, and we take our responsibility – and the trust of Tendenci users – very seriously. We are mobilizing all available resources to address the situation as quickly as possible, but it is unlikely that affected websites will be fully functional for several more days.
Here is what we know:
• On Wednesday, 11/26 at least one Tendenci server experienced a URL redirect attack. Spammers use this type of attack to send website traffic to other desired websites. In this case, traffic to certain Tendenci websites was redirected to a website selling handbags.
• The Tendenci team quickly responded, but this was followed by an additional distributed denial-of-service (DDoS) attack on our network. This same type of high bandwidth attack took down Xbox Live this week.
• The network outage is affecting approximately 10 percent of Tendenci websites. Only websites on the legacy Tendenci 4 software.
• In our efforts to restore network service, we have uncovered a number of things that can be improved in our security systems and practices that left our network vulnerable to the DDoS attack. Addressing these vulnerabilities is a necessary first step in restoring the network and getting all Tendenci websites back up.
• We are working hard to have at least some of the affected websites back up in a limited capacity today, but it may be the end of the week or longer before all affected sites are restored.
We understand that having a website go down for days on end is unacceptable, and it breaks my heart to know that this week’s events may have shaken the community’s trust in Tendenci. We are working around the clock to restore our systems, and we will take what we learn during this process to improve security protocols for all Tendenci websites.