Free trial now 30 days instead of 7
Over the years we’ve heard from some users that our 7-day trial was not long enough to really test out Pushover. Sometimes users would install the app, signup, and then forget about it, only to return to it days later and find that their trial was about to expire. Or users integrating Pushover with a custom IoT project would need a few more days to get their software properly setup to send out notifications.
Today we’re happy to announce that we’re changing our free trial period for Android, iOS, and Desktop platforms to 30 days. As soon as a device on a particular platform is added to a Pushover account, the 30-day trial period for that platform begins. Each of our Android, iOS, and Desktop platforms can be tried out independently or together.
If you need more time on your free trial before buying, just let us know and we’ll be happy to extend your trial period.
We hope this lets more users try out Pushover and see how easy it is to integrate and use. We have some exciting things coming up this year for Pushover, so stay tuned!
April 15-16 DDoS Attack
On April 15th at approximately 23:30 CDT, Pushover’s API servers came under a DNS amplification Distributed Denial of Service (DDoS) attack which caused them to be unreachable by their IPv4 addresses, though they were still reachable over IPv6.
This attack persisted through the morning of the 16th.
At 01:55 we began rerouting traffic for api.pushover.net
through a 3rd party
DDoS mitigation company and we are once again receiving API requests (IPv4 and
IPv6).
Unfortunately at this time, we are unable to receive e-mail notifications
through our E-Mail Gateway for legacy USERKEY@api.pushover.net
addresses,
though our @pomail.net
addresses are working.
At no point during this attack were any servers compromised or any data exposed. This was purely a resource exhaustion attack intended to take our service offline.
We are continuing to monitor the attack and are taking steps to mitigate its effect on our service. We will update this post with any further news.
Update 2020-04-16 16:30 CDT: The attack is still persisting, but as we are routing our API and dashboard through our 3rd party DDoS mitigation service, we are continuing to receive notification requests and send them out mostly without incident. We will continue to provide more updates here as needed.
iOS Critical Alerts
A new version of our iPhone/iPad app is available today that adds support for Apple’s Critial Alerts.
Added in iOS 12, Critical Alerts are special notifications that can bypass the device’s mute switch and Do Not Disturb settings to generate audible alerts in emergency situations. This functionality is only available to applications that have applied to and been approved by Apple. We’ve been applying since the day Critical Alerts were announced at Apple’s developer conference in 2018 and Pushover has finally been approved.
Pushover for iOS now supports generating Critical Alerts for your most important messages, such as security camera alerts. Our Android application has had similar functionality since 2013 by optionally playing notification sounds as alarms, bypassing the device’s mute switch.
Critical Alerts are not enabled by default, and can be enabled in the Pushover app’s settings menu. The first time the “Critical Alerts for high-priority” option is enabled, you’ll need to approve a dialog from iOS allowing Pushover to generate Critical Alerts:
Since Critical Alerts bypass your device’s mute switch, they do not play sounds at your device’s current volume setting. You’ll need to choose a volume at which to play Critlcal Alerts from Pushover, and these go to eleven.
Quick Do Not Disturb Mode
Today we’re releasing new versions of our Android, iPhone/iPad, and Desktop apps with a quick Do Not Disturb button. When pressed, you can quickly choose a time period in minutes, hours, or days, and all notifications for your devices will be silenced during that period. Once the time period is up, your notifications will resume automatically.
We’ve heard from many users that use Pushover to receive alerts from network monitors that when things break, they often break loudly with many alerts coming in a short amount of time. This new Do Not Disturb functionality can quickly silence new notifications while you work on resolving the problem. Once the Pushover app is opened, it will display all messages received during your Do Not Disturb period as usual.
For Android users, we’ve also added this button to our home-screen widget. The default time period used on the widget is the last time period selected inside the app.
For those needing Do Not Disturb on a regular schedule (such as overnight or on weekends), our Quiet Hours functionality continues to be available to set custom schedules.
October 24-25 DDoS Attack
On October 20th, Pushover’s website began receiving a Distributed Denial of Service (DDoS) attack from thousands of different IP addresses. The rate of attack was not substantial and was easily identifiable, so it did not cause much of a service disruption. This attack was limited to our website (dashboard) and did not impact our API or message sending.
Once the IP addresses were automatically blocked throughout the 20th and 21st, the attackers moved on to more substantial attacks on Pushover’s API servers beginning on October 24th. The rate of these attacks were substantial enough that Pushover’s network infrastructure provider began automatically blocking much of the traffic which unfortunately impacted legitimate access to our API.
Throughout the 24th and 25th, our API and website were sporadically unavailable due to these attacks, at one point causing one our servers to become unresponsive. Upon restarting the server, its replicated database became out of sync, causing a very small number of users, devices, and applications registered during a small window on the 24th to be lost as it was re-synchronized.
In the afternoon of the 25th, we moved our services behind a DDoS mitigation
company to reduce the impact on our infrastructure and restore reliable
connectivity to our users. During this move, our e-mail gateway services for
@api.pushover.net
and @pomail.net
services were temporarily unreachable for
around two hours.
As these e-mails were likely queued up on remote e-mail servers, once our
services were restored, these messages flowed into our e-mail gateways and
notifications were processed as quickly as possible.
At no point during these attacks were our servers compromised or breached. These attacks were packet floods and DNS amplification attacks aimed at our servers with the intent to make them unreachable and/or cause monetary loss.
Technical note: A side-affect of moving behind the DDoS mitigation service is that TLS (SSL) negotiation against api.pushover.net is now being handled by the mitigation company so we are not currently able to support legacy TLS/SSL ciphers which may be needed by older servers, which we had been able to accommodate before.
We are continuing to monitor these attacks and will make necessary mitigations as needed.
Update 10/26 05:45 CDT: After a quiet period of service stability, the DDoS
attacks resumed early this morning and Pushover’s network provider completely
disabled (null routed) access to api.pushover.net
’s IP addresses, making our
API unreachable for about 2 hours.
Service has been restored at 05:20 CDT.