Website development service Moonfruit has admitted that it is still having problems after taking thousands of websites offline in response to DoS threats.
Moonfruit said in an update posted at 23.35 on Monday that customer websites would be "available within the hour". However, service has remained intermittent and many customers have complained of still not being able to access their accounts.
The firm acknowledged the problem and said that it is working on a fix for the "service degradation".
@moonfruit update please? This issue is now a real worry/major problem!— Patricia (@belgo1978) December 15, 2015
@moonfruit my site was available 11pm last night. When will the back door be available? Do I understand if your site works nothing me to do— Stephen Howden (@skhowden) December 15, 2015
"Our operations team is continuing to work on resolving the service issue. We are making progress but unable to provide specific details at this time. Once again, we're really sorry for the disruption. Your patience and understanding is very much appreciated," Moonfruit said in its latest update.
V3 contacted the firm for additional comment but had not received a response at the time of publication.
Moonfruit took thousands of personal and business websites offline for "up to 12 hours" earlier this week in anticipation of a cyber attack.
This was in response to an incident last week when the UK-based company was hit with a denial-of-service (DoS) attack by a hacking group known as Armada Collective, and was offline for roughly 45 minutes.
The hackers responsible for the attack demanded a ransom and warned that if it was not paid the attack would recommence this week.
Moonfruit instead decided to take thousands of websites created using its service offline in order to strengthen security and bulk up its infrastructure.
"Moonfruit.com and your own sites will be offline from approximately 10am (GMT) today and will remain offline for up to 12 hours," said Matt Casey, Moonfruit director, in a statement.
"As a result of the threatened attack on Moonfruit, we have taken the decision to make significant infrastructure changes which will offer us the best possible protection against these attacks today and in the future.
"We appreciate this is very short notice, but we hope you understand the unusual circumstances we are facing. We planned for every eventuality over the weekend, but the final decision to go ahead with these specific changes was made this morning."
Moonfruit said after the initial attack that it had no intention of paying the ransom.
"Having investigated [Armada Collective] it is very clear that even if we were to pay them (something we would never consider) the attacks would not cease. In fact, whenever anyone has given in and paid them, the attacks get worse and the demands increase. We're confident that we can fend off these attackers," said Casey.
The company explained that the infrastructure changes were planned for the new year but were brought forward after the attack.
However, many customers have taken to social media to complain about the downtime affecting their business or personal websites.
@moonfruit notice of 12 hours downtime 8 minutes after its happened - seriously? Long term customer far from happy— Thomas Lubbock (@thomaslubbock) December 14, 2015
@moonfruit massively ill timed for this to happen right on Christmas. Probably cost me a grand today. Understand the situation tho— #LENG GOODMAN (@amnediel) December 14, 2015
@moonfruit I've just launched a promo concerned that clients are visiting blank webpage at least give us customers a way of informing them— HAGH Apparel (@hagh_apparel) December 14, 2015
Ron Symons, regional director and cyber security specialist at A10 Networks, said he believed that Moonfruit made the right decision in taking the websites, including its own, offline.
"Moonfruit has responded in the best possible way to this threat by taking its services offline. By making this bold decision to pre-empt another incident, Moonfruit stands a much better chance of protecting its clients' private data," he said.
"The shutdown may be inconvenient now, but ensuring its infrastructure is equipped to deal with today's increasingly powerful cyber attacks is in the best interests of those using its services."
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons