Donny Webb

Donny Webb

Hudson ISD's website was down throughout the weekend and Monday after a cyber attack affected the website's host.

"The Hudson ISD website is hosted remotely by a third party, Gabbart, in the AWS cloud," Superintendent Donny Webb said. "The sites hosted by our vendor have been under attack by a distributed denial of service (DDoS) attack causing them to be inaccessible. Our host has been in constant contact with us and the FBI and other federal agents are involved in the investigation."

The attacks were off and on for about a week increasing in size, he said.

"At the moment the site is up and running and we will stay in constant contact with our vendor through this," Webb said. "This was not a random act, but a strategic act on the part of the perpetrator. At the moment there are no details available as to who is behind the attack or why. Again, this attack is on the website host, not the district directly."

Webb said the issue is only with the website host and is only affecting access to the website in general, not within the system, so parents should rest assured their information is safe and it is safe to continue registering their children for school.

An email sent to the district from Gabbart president and CEO Teddy Gabbart at 12 a.m. Tuesday stated that the web server cluster is currently built to support 50 million requests per day with an average of 14 million requests.

However, the DDoS attack was hitting the servers at approximately 10,000 requests per second or 36 million requests per hour.

"We began today with seven webservers and a massive database cluster," the email states. "As of 3 p.m., we now have 12 webservers and also increased our database cluster, and it still wasn’t enough to handle the brute force of this attack.

"DDoS attacks of this magnitude consume all server resources from typical website users. Throughout the day, we were successful at stopping the attack 26 times, therefore your sites would load for a short time and then go back down as the next attack began."

This attack was designed to make it very difficult to determine if requests were part of the actual attack or just a massive increase in a school's website traffic, the email states.

"This DDOS attack was not hacking to access data, it was simply requesting over 500,000 pages to load every minute from a multitude of school websites. We are seeing IP addresses from across the U.S., U.K. and Russia, disguised as actual website traffic," the email states.

"At one point this afternoon, we turned off the entire system for a few minutes in hopes that if BOTS were controlling the attack, they would quit upon failing to reach our servers. When we brought everything back up, we were good for about one minute and the attack hit again and maxed out servers."

The attack is still going on as they continue to attempt solutions, so there may still be outages, the email states.

"As mentioned in the previous email, the FBI Cyber Action Team has been called in to investigate this attack as it has had a major impact on so many school districts, parents and students," the email states. "Many indicators point to a possible competitor in the industry could be behind this attack. We take this very seriously and hope to have a resolution very soon."

Grace Juarez's email address is grace.juarez@lufkindailynews.com.