DDoS attack update: 14/12/2015

Update, Moonfruit Service Update: 21/12/2015, 10:30 AM (GMT)

Normal service has resumed however some users are still contacting us with loading issues. If this is affecting you, please make sure your domain is updated with the latest pointing instructions.

Any domains hosted by Moonfruit will have been updated automatically, so this only affects those of you with domains held elsewhere. If you’re unsure of your domain provider, you can check the registrar on WHOIS here.


Update, Moonfruit Service Update: 18/12/2015, 14:00 PM (GMT)

Our notification email service is now back online. Customers should expect to receive any notification emails that were sent over the last few days - they should arrive over the next few hours.

Any new notifications raised will be received instantly.

Any problems, please get in touch with the support team. They will get back to you as quickly as possible.


Update, Moonfruit Service Update: 17/12/2015, 6:00 PM (GMT)

Our notification email service is still out of service. Customers looking to reset/retrieve forgotten passwords, submit forms or send emails to members will not receive these emails until the service resumes. We continue to work on this issue and will provide an update tomorrow.

In the meantime, customers wishing to retrieve their form submissions can do so by logging into the editor, clicking on the form, navigating to the 'data' tab in the floating editor to download the form data.


Update, Moonfruit Service Update: 16/12/2015, 9:20 PM (GMT)

We are currently experiencing issues with our email service. Customers looking to reset/retrieve forgotten passwords, submit forms or send emails to members will not receive these emails until the service resumes.

We are working through the issue and will update on progress tomorrow am. In the meantime, customers wishing to retrieve their form submissions can do so by logging into the editor, clicking on the form, navigating to the 'data' tab in the floating editor to download the form data.


Update, Moonfruit Service Update: 16/12/2015, 4:45 PM (GMT)

After a huge effort from our entire team, it looks like we’re back to normal. Obviously after such a prolonged outage we’ll be monitoring very closely for some time to come.

You may experience some minor disruptions to the service while we continue to work bringing it back to its optimal operation, but as things stand all services are running smoothly.

We’ll, of course, keep you posted if anything changes. Once again, thank you all so much for standing by us through this.

Please note, if your domain is hosted elsewhere then you will need to ensure the domain is updated with the latest pointing information.

The guide is here: http://mfru.it/1JR5mnq


Update, 15/12/2015, 18:00 (GMT)

Although we are getting closer all the time, normal service has not yet fully resumed. Currently, sites are loading and should be visible to your visitors. However, it is still not possible to log in to make any edits.

We know that this is a busy time of year and one of the worst times for you to experience downtime. We couldn’t control the timing of the attacks, but we could control how we responded to them. Our first priority was the long term security of your websites. Huge DDoS attacks, such as the one we were subjected to, often mask more dangerous forms of attack that could put you at greater risk. The consequences of trying to ride out these attacks, without taking the type of decisive actions we have, can be incredibly serious, sometimes resulting in weeks of downtime. We truly believe the decisions we’ve made over the past few days have been in your best interest.

We'll continue to provide updates as more progress is made.


Update, 15/12/2015, 15:25 (GMT)

Our operations team is making steady progress and has overcome a number of issues, but there are still a few more to be dealt with. We know how difficult this is for you and we’re doing everything we can to help get you back where you need to be.

The service is currently intermittent, with sites loading in most cases, but it is still not possible to log in to your account.

Our support team is working through your email queries, but responses may take a little longer than usual due to a high number of requests.

We will provide our next update not later than 6 pm (GMT).


Update, 15/12/2015, 13:00 (GMT)

Our operations team is continuing to work on resolving the service issue. We are making progress but unable to provide specific details at this time.

Once again, we're really sorry for the disruption. Your patience and understanding is very much appreciated.

The next update will be posted no later than 15:00 (GMT).


Update, 15/12/2015, 11:00 (GMT)

Our operations team is continuing to work to resolve the service degradation. We will post another update at 13:00 (GMT), if no news before.

Thank you for your patience, and please accept our sincere apologies for the inconvenience caused.


UPDATE, 14/12/2015, 11:35 PM (GMT)

We have been working hard on bringing all services up as quickly as possible, and have now reached a stage where customer sites have begun to come back online (if configured as we recently advised). They should all be available within the hour. The previous configuration settings are still vulnerable and we will not be bringing these online again this evening. We strongly advise making the recommended changes to bring your site back online as quickly as possible.

Moonfruit.com is not available at present so you will not be able to edit your site for the time being. We’re continuing to work to bring this back up and will keep you posted. We hope to have this resolved shortly.

More updates will follow as and when we have them. Thanks again for your patience, we’re getting there!


UPDATE, 14/12/2015, 10:35 PM (GMT)

Your site will be available now, provided that you made the changes we recommended last week.

If you missed them they can be found at the bottom of this update, or you can also find our FAQ for pointing your domain here:

We will provide a further update soon. Thank you for your understanding.

Please be aware, whilst we have completed the work necessary for your sites to be available,it can take time for these changes to propagate across the internet. Should your site not be immediately online, please be assured your sites will be up soon


UPDATE, 14/12/2015, 5PM (GMT)

Dear Moonfruit Community,

We are getting close to resuming service and wanted to share our perspective on today’s events.

What happened?

DDoS (distributed denial of service) is a malicious internet attack designed to overload a website with manufactured traffic. It’s illegal, disruptive, and, unfortunately, a reality of the industry in which we operate.

We routinely rebuff DDoS attacks, most of which are invisible to you and do not impact your service. We study each and regularly upgrade our defences. We were attacked on Thursday of last week by a sophisticated and well-known group who promised, and delivered, a further attack today. This group has a history of successfully disrupting other well-known online businesses which often results in several days of downtime. These attacks required us to make major changes and quickly. The best way for us to achieve this was to bring our servers down to implement improvements, a decision we did not take lightly.

We know how painful this has been for you and your business. We have used the time well and our defenses have improved substantially. Thank you for your patience and support throughout this crisis. We are nearly there and hope to fully restore service by early evening.

As always, we care about the Moonfruit Community and will keep you informed. You have no idea how much the messages of support have meant as we’ve burned the midnight oil over the weekend to put things right, and to better position you for the future.

Once again, thank you for your patience and apologies for the inconvenience caused.

The Moonfruit Team


UPDATE, 14/12/2015: A statement from Moonfruit Director, Matt Casey

As a result of the threatened attack on Moonfruit, we have taken the decision to make significant infrastructure changes which will offer us the best possible protection against these attacks both today and in the future. Unfortunately as a result of these changes, Moonfruit.com and your own sites will be offline from approximately 10 am (GMT) today and will remain offline for up to 12 hours.

We appreciate this is very short notice, but we hope you understand the unusual circumstances we are facing. We planned for every eventuality over the weekend, but the final decision to go ahead with these specific changes was made this morning.

We’re genuinely sorry for the disruption this will cause, and please do bear with us. We have been working with law enforcement agencies regarding this matter and have spared no time or expense in ensuring we complete the work as quickly as possible.

Thank you all so much for you patience and support.



What is a DDoS attack?

You can read more about a DDoS attack here


Is your data safe?

Yes! The threat made to Moonfruit was to flood our servers (DDoS attack) to stop customers sites from being displayed. Your financial information, and your customers information, is protected from being accessed.


Will there be a holding page for my site?

We're working on putting this in place. The message will be unbranded, and give your customers an idea of why their site is not online.


Update, 12/12/2015

Further to our email (dated 11/12/2015), we wanted to confirm that it is a genuine update from Moonfruit.

The suggested changes required will need to be made by accessing your domain through your host. If you are unsure how to update your domain, your host will be able to help. You can send them this guide with the instructions:

We previously reached out to our customers in July 2015 about this issue, but it is now more urgent that these changes are made to your domain (if hosted elsewhere). You can read our previous post about these changes here:

Any domains hosted by Moonfruit will have been updated automatically. Also, some users may have already made these changes.


Original email, dated 11/12/2015


We’re getting in touch to ask for your support in defending us from a malicious and illegal attack that we’re facing. You may have noticed some brief down on Thursday afternoon (10/12/2015). This was caused by an organisation who call themselves the Armada Collective. This group carried out a DDoS attack on our servers for approximately 45 minutes. At the time of this attack, they contacted us to demand we pay them a large sum of money. They stated they would resume their attack on Monday should they not receive payment before then. Having investigated the group it is very clear that even if we were to pay them (something we would never consider) the attacks would not cease. In fact, whenever anyone has given in and paid them, the attacks get worse and the demands increase.

Since receiving the threat we have been working tirelessly to put in place any and all protection possible. We’ve also expedited a number of projects that will offer us long term protection from future attacks. We’re confident that we can fend off these attackers, but we do need your help.

How you can help us (and yourself!)

You can help us fight this attack, and at the same time protect your own site, by carrying out the steps below. Making these changes will push the traffic for your website site through a service that protects against the type of attack we are being threatened with. There’s also an added benefit that it will make your website faster to load and more reliable. This was a change we were planning to make in the new year anyway, this event has simply pushed it up the to-do list!

The steps you need to carry out to make changes vary depending on your domain provider. We’ve included links to instructions for a number of the main providers in the guides section below. The specific changes you need to make are as follows:

  • Change the Top Level A record (may be called an @ / Apex / Bare / Root record) to
  • Change the CNAME record type to www, and set the value to cdn.sitemakerlive.com. (including the '.' at the end)

GoDaddy: Click here for their guide

Fasthosts: Click here for their guide

123-Reg: Click here for their guide

If you have any problems making this change, please contact your domain provider and they will be able to assist you.

Thank you for your understanding, and continued support of Moonfruit.

Matt Casey Director of Moonfruit



Powered by Zendesk