Citibank website has been down for 24hrs so far! WTF?!

[KentState]

That's my point, a personal website/service is not really all that important, yet I kept mine running even during some complex changes.

A bank should have way more infrastructure and staff and they really have no excuse for their site to go down that long. Any company worth a dime will have either their own NOC or a contracted NOC and the minute something goes wrong they get a notification and can fix it within a short period of time. Redundancy on top of redundancy... it should not go down to begin with, but if it does it should be quick to get it back up.


Now DDoS attack is a little bit more tricky, but even then there are ways (very expensive) to mitigate them.

From my personal experience with a DDoS attack on a corporate site, it is very hard to mitigate the attack. For example, about a year ago, the company I was working for and several others was hit. Fortunately, the majority of our pages are static content and was hosted by Akamai. We felt very little of the attack, but the large CDN couldn't fully mitigate the hit. It cost us a good amount of money due to overages in use, but fortunately they swallowed most of it due to a failure on their end. Since most DDoS attacks are from foreign IPs, we restricted access which helped.

The problem with a site like Citi is that most pages are SSL (https) and not able to be cached. Therefore, I highly doubt they leverage a CDN and use multiple data centers to balance their sites. Now, Akamai who has 10,000s of edge servers can be overwhelmed by a DDoS attack, how can a single company even begin to manage such a hit? Companies simply can't pay for and maintain an infrastructure to counter these attacks.

 

[SagaLore]

Now DDoS attack is a little bit more tricky, but even then there are ways (very expensive) to mitigate them.

These recent attacks are saturating even the most sophisticated and expensive DDOS defenses. Since Citi is internationally used, they can't geo-block the sources so they are SOL.

 

[PingSpike]

I'm still having trouble with their website. I haven't been able to get in for weeks. I think I'm done with this company.

 

[Brainonska511]

I'm still having trouble with their website. I haven't been able to get in for weeks. I think I'm done with this company.

Do you allow 3rd party cookies? I was having issues with it logging me out because of that nonsense when I had 3rd party cookies disabled.

 

[PingSpike]

I probably do not allow 3rd party cookies. But the problem has been ongoing at home and at work and I even tried different browsers. Last night I was finally able to get in but I shouldn't have to try and fail to pay a bill online 6-7 times before success. I've got to many irons in the fire right now so I don't feel like dumping the credit card but they're on my shit list!