Cyber Incident Victim: Voat
Date:
Jul 2015
Location:
Switzerland
Summary
A Reddit alternative platform experienced multiple distributed denial-of-service (DDoS) attacks, including a layer 7 attack, causing significant service disruptions and intermittent accessibility issues for users. The incidents occurred during a period of rapid user growth following migration from a competitor's internal conflicts, overwhelming the platform's infrastructure and prompting emergency security measures that disabled third-party applications. The website previously faced abrupt hosting termination due to controversial content, compounding operational challenges amid its rise to become a top-ranked site in the US. Administrators implemented CloudFlare optimizations to mitigate attacks while acknowledging server capacity struggles from unprecedented traffic surges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2015, Voat, a Switzerland-based Reddit alternative platform, experienced sustained Distributed Denial of Service (DDoS) attacks that disrupted its services during a period of rapid user growth. The attacks began shortly after Reddit's internal conflicts in early July, which involved the firing of a key employee (Victoria Taylor) and subsequent protests that temporarily privatized 300 popular subreddits. This turmoil drove significant traffic to Voat as users sought alternatives, with the platform reporting over 700,000 unique visitors in the 30 days preceding June 25. By mid-July, Voat had risen from below 80,000 to among the top 2,000 websites in the US according to Alexa rankings. On July 13 at midnight GMT, Voat publicly confirmed via Twitter and its website that it was under an ongoing "layer 7 DDoS attack," attributing the information to a CloudFlare support engineer. The attack caused widespread service interruptions, with some users encountering error messages stating "Voat is currently being kicked by a botnet" while others experienced intermittent accessibility.
Voat's administrators implemented immediate countermeasures by increasing CloudFlare's security settings to maintain partial functionality, though this action disabled most third-party applications interfacing with their platform. During the attack response, the team focused on source code optimization while acknowledging the operational challenges posed by both the malicious traffic and organic user influx. This incident followed previous infrastructure disruptions, including June DDoS attacks and an earlier abrupt termination of hosting services by Hosteurope.de due to content disputes. The July attacks occurred during a critical expansion phase where Voat reported receiving investment interest from venture capital firms. Despite mitigation efforts, the platform remained offline at the time of the article's publication, with administrators framing the situation as an opportunity to strengthen their systems. The attacks highlighted the platform's growing visibility as it positioned itself as a censorship-resistant alternative to Reddit, which at the time commanded substantially larger traffic with 169 million monthly unique visitors.