8Chan fallout causes collapse of CDN & DDoS specialist

Olorin Avatar
bulb in the dark

Yesterday we reported that the notorious ‘free-speech’ site 8Chan was booted from Cloudflare’s service, where it hid behind layers of Cloudflare’s Anti-DDoS and Web Application Firewall technologies to stay online. Today we’ve learned that the fallout between 8Chan and Cloudflare has resulted in the collapse of an alternative Cloudflare-like DDoS, CDN and WAF specialist hosting company, BitMitigate.

Yesterday when Cloudflare’s CEO, Matthew Prince, reported that his company had issued a termination notice to 4Chan, the termination became effective immediately and as a result the 8Chan website instantly tumbled into darkness. What actually happened, from a technical standpoint, is that Cloudflare had ‘turned off’ their protection via DNS, and had pointed DNS records directly to the hosting origin of the website, N.T. Technology Inc, where the 8Chan site is ultimately stored and processed. For some reason, likely for security, the hosting origin at web host nttec.com did not respond directly to web requests, thus taking the 8Chan website down.

We understand from openly public discussions that the 8Chan website was a frequent target of DDoS attacks, which basically means, hackers would send more data to the website server than it could process, taking the website offline in a “Denial of Service” attack. This isn’t surprising considering some of the foul-mouthed discussions and hate crimes frequently bolstered on 8Chan. Behind Cloudflare’s protection, however, the site was safe, but without it… no dice. After the Cloudflare termination, the 8Chan site owners began their quest to find a “Cloudflare alternative” that would help keep their site online, safe and secure. 

To that end, along came BitMitigate, a DDoS, CDN and WAF specialist hosting company.

Unfortunately, at the time of publishing, BitMitigate’s website at www.bitmitigate.com is offline, however, a recent capture by Archive.org’s infamous Wayback Machine helps us see what they were all about. In a nutshell, BitMitigate was like Cloudflare, offering many of the features like DDoS mitigation, WAF, CDN, load balancing, automatic SSL and so forth. Early yesterday afternoon, when 8Chan began its switchover to BitMitigate’s platform, the 8Chan website started to come back online, no doubt much to the praise of hate speech lovers around the world. However, no sooner was it back online than hitting yet another snag to take it down once more. 

BitMitigate, who are owned by Epik Inc., used a third-party provider called Voxility to assist them with the safety and protection of running their platform. Voxility are one of the world’s largest providers of DDoS mitigation services, selling their protection to hosting providers, business organisations and even high profile banks. As you can imagine, with a high profile of clientele, Voxility endeavour to keep a squeaky clean image and ensure all of their customers are happy with their neighbours sharing the protection services. 

Unfortunately, once word got out that BitMitigate’s parent, Epik, were using Voxility to keep the lights on over at 8Chan, the web and Voxility’s customers went into a frenzy. To keep the peace, in a public Twitter post yesterday afternoon, Voxility announced the full ban and suspension of all Epik’s services with the company.

Then, unfortunately, the lights went dark once again at 8Chan. Even worse, the lights also went dark for all of BitMitigate’s other customers, including another controversial site The Daily Stormer, which itself was booted from Cloudflare back in 2017 for its Neo-Nazi free-speech. So what just happened? 

Could Voxility’s ban of Epik really have caused the complete collapse of a security hosting specialist? Well, not quite.

Over the course of the afternoon and evening, BitMitigate and Epik made several attempts to get itself and its customers back online. Though Voxility was its primary provider of DDoS protection services, other partners including Choopa, TerraHost and RETN also helped to run and secure its platform.

These other providers were quickly invoked in an attempt to resume BitMitigate’s service, however, a close source to Techzim informs on good terms that both Choopa and TerraHost also suspended Epik’s service very promptly after being informed about the involvement with 8Chan. As it stands, armed with only 2 providers out of 5, BitMitigate’s service and part of Epik’s network remains completely offline, unreachable to all of its paying and free customers.

Is this the end? Will BitMitigate return? Or will Epik call it quits and shut down the already decimated brand name? Will 8Chan find a new security provider and resume its website once more? 

We know one thing for certain; BitMitigate have lost the trust of the masses for their extended outage, and the respect of the masses for hosting two foul and extremist websites. If a large provider like Cloudflare won’t host extremist sites, and a small provider like BitMitigate can’t keep the lights on, then who can?