Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Slovenia v. the FCPA Blog: What’s up with that?

This past week 1,324 attacks against the FCPA Blog website were blocked. We try not to take it personally.

The top three sources of the attacks originated from Slovenia, the UK, and Costa Rica respectively.

So how does the FCPA Blog protect readers and keep the website humming along smoothly?

In short, we have great partners.

We work with companies who specialize – and lead their industries – in specific areas of security.

Here’s one example: The FCPA Blog isn’t the size of Facebook (yet), but we do process a substantial amount of traffic.

In the last seven days, the FCPA Blog handled 2,541,781 requests. Requests are different from page views and visitors. Rather, a request is how many times different files on a web page were “served.” Each web page will serve several files each time it is loaded.

Every request that’s served needs its own protection.

For requests, the FCPA Blog uses end-to-end SSL/TSL encryption, indicated by the lock in your browsers address bar. SSL/TLS prevents malicious snooping of traffic on the FCPA Blog and consists of three main parts:

  • Authentication – The ability to verify the validity of the provided identifications.
  • Encryption – The ability to obfuscate information sent from one host to another.
  • Integrity – The ability to detect forgery and tampering of certificates.

The FCPA Blog also uses a Content Delivery Network (CDN) that not only makes the site faster for readers, but helps protect it by validating that we are following stringent security practices.

We also have distributed denial-of-service (DDOS) protection, IP spoofing, Web Application Firewalls (WAF), and other tools in place.

TSL/SSL is a vast technological concept. If you’re interested in learning more about how it works, Cloudflare does a great job explaining it.

Data for our 29,000+ email subscribers currently receiving daily updates is kept silo’d with another partner. The partner’s data centers manage physical security 24/7 with biometric scanners, among other things. They also have DDOS mitigation in place at all of their data centers.

You may be thinking, “Is that it?”

No, that’s just scratching the surface. Part of implementing good security is keeping some secrets.

Security is difficult and complicated and no website is immune from attacks. We’re thankful to our partners who help keep us safe and online.

Share this post


Comments are closed for this article!