WP Florists Under DDoS Attacks Leading Up to Valentine’s Day

Where’s the Love? Florists Under DDoS Attacks Leading Up to Valentine’s Day

Where’s the Love? Florists Under DDoS Attacks Leading Up to Valentine’s Day

Valentine’s Day is the busiest day of the year for florists, followed by Mother’s Day, Easter, and Christmas. Industry experts estimate that consumers will spend close to $20 billion during this year’s Valentine’s Day.

What we’re seeing

As you would expect we are seeing an increase in traffic to all 34 of our online florist customers. You can see this in the graph on accumulated bandwidth below.

But we noticed something alarming over the past week. Notice the yellow line in the visits graph below showing the increase in bot traffic. This is the beginning of the problem. It seems that not even love is immune to attack. Ninety-one percent of the sites showed attack traffic during that period.

increased traffic[2]

Of those sites, 23% showed a sharp increase in attack traffic. There does not appear to be a trend in attacks against all online florists, but rather targeted attacks. In fact, one of our customers reported receiving a ransom note.

The graphs below shows the sharp increase (red lines) in attack traffic against two of our customers.



In one interesting incident, an online florist came on board after it experienced an application layer DDoS attack. The company’s CDN provider interpreted the traffic as real user sessions, which exceeded the site’s contracted cache capacity. This caused the provider to route the attack traffic to their origin servers. This ultimately brought the site down with a great loss of revenue. Once onboarded to Incapsula, our DDoS mitigation tools recognized the attack traffic was actually bot-generated and took the necessary steps to shield them from bot-generated attack traffic.

The screenshot below shows some of the web application attacks since Wednesday. Notice that attackers are still attacking old vulnerabilities like Shellshock.

waf events

How to recognize signs of an attack

If you are an online florist, here’s what you can do to protect yourself in advance of heavy traffic to your websites on Valentine’s Day, Mother’s Day, and other holidays.

  • Monitor your traffic by looking for abnormalities, such as heavier than usual traffic spikes and new visits from unfamiliar IP address and geolocations. Any unusual activity could be “dry runs” by attackers foreshadowing an imminent full-blown attack.
  • Keep an eye on your social media platforms, Twitter specifically and sites as Pastebin.com for chatter and conversation threads that could indicate an incoming attack.
  • Consider using a third-party DDoS testing or pentesting to assess your defenses. We recommend doing this before heavy traffic holidays so you’re ready in the event of an attack.
  • Plan for an outage. Create a response plan and a dedicated response team who will lead the efforts after a cyber attack. The most effective response teams include your customer support and communication groups.

We hope you have a happy Valentine’s Day. Don’t forget to order your flowers. We’ll be monitoring our online florist customers and report on any further developments.


We took a sample of the 34 online florists in our network and measured traffic between February 5 to February 11.