CafePress.com, which provides online stores for thousands of blogs and web sites, has been hit with a distributed denial of service attack (DDoS) which has disrupted service for many of its merchants during the critical final shopping days before Christmas. The attack began Tuesday evening and was continuing to cause "significant service interruptions" late Thursday. The cafepress.com main site and a sampling of online stores were accessible early Friday.
"Some customers have access that appears normal, some have intermittent access, and some have no access at all," Cafe Press reported Thursday on its customer forum. "Those of you who are able to access CafePress may be experiencing difficulties with certain functions, such as uploading images. This is normal based on the type of attack we’re experiencing."
The attack on CafePress follows a DDoS attack on web host Crystaltech on Cyber Monday, which has been heavily promoted by online retailers as the kickoff of the online shopping season. DDoS attacks are often timed to peak traffic periods when uptime is critical.
Industries conducting large volumes of transactions are frequent targets for a cottage industry of digital extortionists using distributed denial of service (DDoS) attacks. These attacks typically are preceded by a request for payment from parties who claim the ability to "prevent" an imminent attack. If no payment is made, a DDoS attack follows. Cafe Press did not indicate whether it had received a request for payment, or had any indication of the attackers' motives.
CafePress.com is an online marketplace that lets users create, buy and sell customized merchandise online using the company's print-on-demand and e-commerce services. The site says it has more than 2.5 million members who have created over 35 million products.