Mastodon Says Its Main Server Was Hit by a DDoS Attack
The decentralized social media platform Mastodon stated that its flagship instance, mastodon.social, was hit by a large-scale Distributed Denial of Service (DDoS) attack on Monday local time, causing the website to be almost inaccessible for a period of time, with many users seeing error messages or full-screen outage alerts when opening the page.
The Mastodon team released a status update around 7 a.m. Eastern Time on Monday, confirming that it was under attack and launching an investigation. By around 9:05 a.m. Eastern Time, Mastodon said it had enabled “countermeasures” against the DDoS attack and that the site was now accessible, but also warned that the platform may remain unstable for some time due to the ongoing attack.
This attack on Mastodon comes shortly after another decentralized social service, Bluesky, finished dealing with its “tug-of-war” outage. Last week, Bluesky experienced frequent service interruptions due to days of DDoS attacks. The platform subsequently noted in an update on April 17th that the attacks were still ongoing, but that service had been generally stable since 9 p.m. Pacific Time on April 16th, and reaffirmed this stability in its latest statement today.
Mastodon has not yet made further statements to the media regarding the specific causes or sources of the attack. From the timeline screenshots published by Mastodon, this attack is concentrated on its officially operated large instance, mastodon.social, and has not affected the many small and medium-sized instances that make up the Mastodon federation network. This means that even if the flagship server is severely disrupted, the entire decentralized social network will not be completely paralyzed, and users on other instances can still use the service relatively normally.
A Distributed Denial of Service attack refers to an attack in which attackers launch a massive amount of junk traffic requests to a target application or website server from a large number of devices simultaneously, exhausting its resources and preventing normal users from accessing the service. These attacks are usually not aimed at stealing data, but can cause significant disruption to service availability and significant interference with the user experience. Security company Cloudflare announced last year that it had successfully intercepted the largest DDoS attack to date, with a peak bandwidth of 29.7 Tbps, equivalent to the amount of data that could fill tens of thousands of hard drives per minute, showing that the power of these attacks has grown exponentially in recent years.
In the context of decentralized social networks, DDoS attacks often lead to instability or outages of some service nodes, but because the network consists of multiple interconnected instances, not all users will be affected. For example, some Bluesky users migrated their accounts to other service providers (such as Blacksky) running under the same protocol and interoperating with Bluesky, and were largely unaffected by the previous round of attacks. Similarly, the current attack on Mastodon is mainly concentrated on mastodon.social, and some smaller, geographically distributed instances remain online.