Thursday, 10 May 2012

Bambuser under attack

Yesterday Bambuser went down for a few hours. We were for the first time subjected to a severe Distributed Denial of Service (DDoS) attack. The attack was apparently aimed mainly at Russian citizen journalist users.

We have confirmed that the computers taking part in the attack are part of a known bot network. This botnet is available for rent according to our sources.

Although the attack is still in effect, we have managed to limit the damage. Many thanks for all the patience, support and practical help.

What happened?

May 9, 11:30 CET
We noticed an unusual spike in the load on our servers. This traffic quickly grew while our tech team worked hard on making our site accessible again.

May 9, 13:47 CET
After analyzing the situation, we concluded this was a distributed denial of service attack and informed our users on Twitter.

May 9, 15:19 CET
Bambuser was up and running again, although still under a heavy load from the attack. A few users may unfortunately be affected by our efforts to block the attack.

After 15:19 CET
We have continued our work on minimizing the effect of the attack, which continued with varying strength (and is still going on at the time of writing).

Technical info about the attack

A Distributed Denial of Service (DDoS) attack is a huge flood of network packets intended to take up resources and prevent other people from accessing content. There is no hacking/cracking involved.

As is the nature of DDoS bot networks, the computers that are part of a botnet are often normal PCs in home and office environments and the users are usually not aware that their machine is infected and part of a bot network.

Hence, even though the sources of the network packets are known, it does not mean that one has identified the real origin of the attack.

DDoS attack described on wikipedia.