SpaFinder fights off an attack and gets back to business

The spa service vendor enlisted help in fending off a denial of service attack.

Allison Enright

SpaFinder.com in mid-August was attacked by a group of hackers that overwhelmed its servers and knocked the site offline. The distributed denial of service attack meant SpaFinder’s real customers were unable to use the site to make spa appointments, purchase gift certificates or access their accounts.

That led consumers to call customer service for help. However, customer service agents, who use the web site to help customers, couldn’t access the site either and were left taking numbers and promising to call back. “The attack was a double whammy on our sales and on customer service,” says SpaFinder CEO Pete Ellis.

Before the attack, Ellis thought the site was protected through an application the company subscribed to through its web hosting company. But after the application couldn’t quell the attack after the first four hours, Ellis decided to enlist the help of another vendor.

He contacted Prolexic Technologies Inc.’s emergency hotline and the distributed denial of service mitigation vendor, working with SpaFinder’s tech team, quickly rerouted the site’s traffic through Prolexic servers, which were able to identify and sort legitimate site traffic from the traffic generated by the attack. It then relayed the good site requests to SpaFinder.com’s servers so consumers could access the site, and blocked the bad requests.

The denial of service attack continued intermittently for two more days. “As we deployed our mitigation tools and monitoring, the attack would trickle down to almost nothing, and then another wave of attacks with a different signature would start,” says Neal Quinn, vice president of operations at Prolexic. After Prolexic blocked the hackers’ site requests repeatedly, the attackers moved on, Quinn says.

Ellis says the attacks didn’t result in any data breaches. “I don’t think that these attackers were after any kind of financial gain,” he says. “I think the attack on SpaFinder just got someone a merit badge, but that doesn’t lessen the damage they did to our revenue and customer service.”

After the August attack, Ellis decided to subscribe to Prolexic’s ongoing monitoring service to help it fend off future attacks. The monitoring service looks for suspicious activity around the clock. It then reroutes traffic through Prolexic if an attack begins, keeping sites like SpaFinder.com available to legitimate customers. Ellis says the extra level of protection is essential to his business, especially going into the holiday season, SpaFinder’s busiest period. “We do 20% of our business online, with 50% of that revenue coming in the fourth quarter. If there were any interruption to business at that time, it would cost us millions of dollars,” he says.

Prolexic declined to provide pricing details but Quinn says it is based on site traffic levels.


Denial-of-service attack, Prolexic, site performance, SpaFinder, Spafinder.com, Web hosting