[Disclaimer: I don't know anything. I don't have technical expertise.]
There is a lot of speculation, confusion, and general lack of information as to why the markets have been down so much these past few days. It seems like their MAY be a larger issue going on then just normal DNM outages and there isn't a good source of information as to what is exactly happening.
Some thoughts and questions:
1. While EVO's closing did not help the situation, it doesn't seem to be the ONLY reason behind the ups and downs.
Most DNM's were functioning much better than they were currently in the days are EVO's closure. Also, DeepDotWeb and several admins from various markets have specifically stated they were being DDOS'd, and these outages are longer than usual.
2. Whether or not there are attacks beyond DNM hidden services is unclear at the moment
There are only very scattered reports of TOR sites being attacked outside of the DNM community. Also, why would dnstats.net be targeted? DeepDotWeb suggests it may be a new type of TOR focused "DDOS - that seems hard to block and targeting few DNM's." On the otherhand /u/uhwiki says their hidden service is being DDOS'd as well. Unclear what is happening on this front.
3. [FUD] Is it possible that the DNM's are being targeted with DDOS attacks as an attempt to decloak/identify/locate them?
This post by /u/Gwern is the most solid support I could find for this (and it's not really support at all). However, perhaps they really did mean "Guard Node" instead of "Exit Node". After all, many hidden services were indeed identified in November 2014, and we know there are various ways of decloaking hidden services as explained in various scholarly papers. This also fits with the explanation/question (below) of why dnstats is being attacked.
Again, all of the above are my thoughts. I have no clue what is happening, and hopefully everything will be back to normal in a few hours.
Questions for those who actually know stuff (not me):
Where does this TOR vulnerability fit in with all this, if at all?
Could this explain the attacks on /u/select1on's www.dnstats.net? That site is targeted so that users will constantly hit the refresh button on their favorite DNM - increasing the amount of traffic to analyze and helping in a decloak somehow? Does it even work that way?
Is there any way to figure out where the traffic flooding dnstats.net is coming from?
What thoughts/questions/observations am I missing? Can we try to consolidate all related information to this (or any other specific) thread?
It would probably help limit the number of FUD posts, and would bring more clarity to the situation as a whole.
If this thread gains any traction I can put together all the various explanations given for the outages in the past week on some sort of timeline.
The amount of users on my site has no impact on the markets. One problem with my site is the server is fairly weak and my webserver can handle a lot more connections than my database server can so its fairly easy to push over in terms of ddosing. There was some malicious attacks that I haven't identified yet because I was serving 1/3 of the connection but they were taking up all my SQL connections and I hadn't made any changes at all.
I'll see if I can pinpoint the source but my daughter is unwell and after work I have little time to spend on it, I will probably get a new server or a load balancer/reverse proxy.