Imagine a call center and
Posted: Wed Dec 18, 2024 4:48 am
HTTP/2 Rapid Reset Response: SiteGround's Quick Reaction to a New Vulnerability
In the dynamic world of cybersecurity, it is not uncommon to encounter new challenges. Recently, a new vulnerability, dubbed the “HTTP/2 Rapid Reset” attack, has been discovered. Since HTTP/2 is considered a relatively new protocol , we see more modern and clever ways of performing attacks every day. But this latest vulnerability has the potential to disrupt web services on an unprecedented scale.
Before we dive into the details, let’s discuss what this means for website owners.
What is the HTTP/2 Rapid Reset Attack?
HTTP/2 is a protocol that helps your website load faster and handle more visitors simultaneously. HTTP/2 allows clients to request multiple website resources (CSS files, JS files, images, etc.) with a single query. However, some clever attackers found a way to exploit this mechanism. They developed a technique to send a request to a server and then immediately cancel it, repeating this process at an extremely high rate. This stream of requests and cancellations can overwhelm a server, causing it to slow down or even crash – a classic Denial of Service (DoS) attack. The attack not only overloads the web server that offers HTTP/2, but all the backends that are also involved in handling website requests such as PHP executions, application servers, static file delivery, etc.
a caller dials the call center and then hangs up immediately after an operator france whatsapp number data picks up the call. The operators waste precious time handling the fake calls and are unable to handle the legitimate requests. The entire call center grinds to a halt and is unable to handle customer requests. That is exactly what this new attack was causing at server scale.
Quick Response from SiteGround
At SiteGround, we always try to stay one step ahead in terms of web security. This time is no exception, and we were among the first web hosting companies to fix this vulnerability. As soon as the HTTP/2 Rapid Reset attack was reported, our security engineers jumped into action. The official announcement was published no more than 24 hours ago, on October 10, 2023, with Google, Amazon, and CloudFlare simultaneously announcing the issue. The web server software we use for all hosting servers, Nginx, also released a blog post .
Our dedicated team of security experts worked tirelessly to patch all of our web servers within an hour of the vulnerability being disclosed. This quick response ensured that our clients’ websites remained secure and operational, with minimal disruption. Right now, just a day later, all of SiteGround’s servers (web hosting servers and CDN) are using patched Nginx code that protects all websites using our services.
Conclusion
The HTTP/2 Rapid Reset attack is a serious threat, but thanks to our fast response and commitment to security, SiteGround customers can rest easy. We’ve got your back and are always ready to tackle any new challenges that come our way. At SiteGround, your security isn’t just a priority, it’s a promise.
In the dynamic world of cybersecurity, it is not uncommon to encounter new challenges. Recently, a new vulnerability, dubbed the “HTTP/2 Rapid Reset” attack, has been discovered. Since HTTP/2 is considered a relatively new protocol , we see more modern and clever ways of performing attacks every day. But this latest vulnerability has the potential to disrupt web services on an unprecedented scale.
Before we dive into the details, let’s discuss what this means for website owners.
What is the HTTP/2 Rapid Reset Attack?
HTTP/2 is a protocol that helps your website load faster and handle more visitors simultaneously. HTTP/2 allows clients to request multiple website resources (CSS files, JS files, images, etc.) with a single query. However, some clever attackers found a way to exploit this mechanism. They developed a technique to send a request to a server and then immediately cancel it, repeating this process at an extremely high rate. This stream of requests and cancellations can overwhelm a server, causing it to slow down or even crash – a classic Denial of Service (DoS) attack. The attack not only overloads the web server that offers HTTP/2, but all the backends that are also involved in handling website requests such as PHP executions, application servers, static file delivery, etc.
a caller dials the call center and then hangs up immediately after an operator france whatsapp number data picks up the call. The operators waste precious time handling the fake calls and are unable to handle the legitimate requests. The entire call center grinds to a halt and is unable to handle customer requests. That is exactly what this new attack was causing at server scale.
Quick Response from SiteGround
At SiteGround, we always try to stay one step ahead in terms of web security. This time is no exception, and we were among the first web hosting companies to fix this vulnerability. As soon as the HTTP/2 Rapid Reset attack was reported, our security engineers jumped into action. The official announcement was published no more than 24 hours ago, on October 10, 2023, with Google, Amazon, and CloudFlare simultaneously announcing the issue. The web server software we use for all hosting servers, Nginx, also released a blog post .
Our dedicated team of security experts worked tirelessly to patch all of our web servers within an hour of the vulnerability being disclosed. This quick response ensured that our clients’ websites remained secure and operational, with minimal disruption. Right now, just a day later, all of SiteGround’s servers (web hosting servers and CDN) are using patched Nginx code that protects all websites using our services.
Conclusion
The HTTP/2 Rapid Reset attack is a serious threat, but thanks to our fast response and commitment to security, SiteGround customers can rest easy. We’ve got your back and are always ready to tackle any new challenges that come our way. At SiteGround, your security isn’t just a priority, it’s a promise.