With the announcement of restricted access to ChipGuide advanced features, the ChipGuide came under numerous attacks: DDOS (Distributed Denial of Service), SQL Injections (malicious code is disguised as input), and website scrapping (theft of its contents - images). Tools were purchased to analyze website traffic in order to take appropriate actions to protect the ChipGuide. Which usually meant: banning IP addresses, banning BOTS, and banning malicious requests. This is a daily activity that takes several hours. We then moved the ChipGuide to a new platform that offered a more secure environment.

To deal with SQL Injection attacks, a centralized data input facility was recently created. Previously, each ChipGuide program handled its own data input prior to processing. The new input facility removes any malicious code and validates the data according to its data type and usage. Any data that fails validation is withheld from further processing. Implementing the data input facility required an update to almost every program, over 100, on the ChipGuide. The SQL Injection attacks have stopped.

Now we are now dealing with daily attempts to download the contents of the ChipGuide, website scrapping. Everyday, an attempt is made from a new location, usually overseas, but it also has been from within the U.S. These attempts are made using VPN servers. VPN servers relay internet requests keeping the original requester anonymous. When they are discovered, their IP address is banned. But then they pop up the next day using a different IP address. We are looking into adding some tools to the ChipGuide to "rate limit" requests so that they will only allow a limited number of requests from an IP address over a certain period of time.

Every time an update is made to the ChipGuide, there is a possibility that something might break. And indeed it does happen all the time. Thanks for bearing with the breakages while we try to make the ChipGuide more secure from attacks.