If you’re reading this from the US, there’s a good chance that you were impacted in one way or another by the distributed denial of service attacks that took place against Dyn on October 21st. The attack resulted in disruptions for millions of users of many large and popular sites. Smaller but still important pieces of infrastructure were also impacted.

So did we see anything happen in metasearch? In short, yes. For many of our clients, it was business as usual, but a few were more impacted based on their publisher portfolio, technology stack, and global traffic mix. Here’s what we’re seeing so far.

Some publishers were intermittently inaccessible

Due to the nature of the attacks and the way that traffic is routed, users from certain regions (primarily US east coast) were unable to access some major publishers throughout the day. Not only were we able to track these issues live, but this activity also presents itself in our total impression and click data. Across our entire data set, we saw volume down about 4% vs. expectations, with some higher spikes in certain cases.

Analytics providers experienced some outages

Throughout the day we found a few instances of traffic not being tracked correctly or not resolving correctly. This could have presented itself to users as a slow loading page, or in some extreme cases, as an error. One of the clearest ways to see if your campaign might have been impacted by this problem is to compare your publisher clicks against your analytics tracked visits. If you’re seeing a spike in variance starting on 2016-10-21, then it’s possible this was the cause.

Booking engines or supporting technologies were unavailable

In one case, we found that a client site was online, but the booking engine which relied on some external calls was not functioning as expected. In analytics data, this may present itself as users suddenly dropping off at one point in the funnel. We also saw some booking assist technologies not functioning as expected, but are not able to quantify the impact there and expect it would be a little less visible to clients as well.

Measuring impact and other considerations

While high-level impact across our total data set appears to be ~4%, we’re seeing some campaigns that appear to be affected by ~16%. The quickest way that we’ve found so far to measure impact is to filter traffic down to US points of sales and pay close attention to billed clicks vs. analytics clicks or for uncharacteristic drops in conversion rate or ROI.

Advertisers may also want to check with their partners to see if they were impacted by this attack. It wouldn’t be surprising to find that a connectivity partner was impacted, impacting cache integrity and rate accuracy.

Some have said that this may be the new norm and that the internet infrastructure is susceptible to future attacks. While we’re hopeful that this is overstated, it does beg the question of how advertisers can efficiently track and respond to issues like this. A few ideas that we’ve discussed:

1. Subscribe to partners status reports or APIs
2. Set up automated checks to partners health endpoints
3. Test fully built deep links automatically from multiple (global) IPs and warn on any latency or errors
4. Consider tying these checks to campaigns and actioning reductions or pauses

To get basic coverage, a Pingdom or IFTTT alert could be a great start. Of course, we also support these kinds of activities in our system as well.

One last note on the stats used above; they are heavily impacted by our team’s actions on Friday. We were able to quickly identify issues and proactively mitigate them for many of our clients. It’s highly likely that campaigns outside of our platform may have been more impacted than what we found.