Denial of Service Attack takes down local website provider for nearly 24 hours
Around 2:00 on Monday, March 5th, Mik Muller, owner of Montague WebWorks, and many of his customers, began to notice that websites were either very slow, or not loading at all for short periods of time. Email was intermittent and sometimes produced errors.
Muller called up the hosting facility that maintains his dedicated webserver to ask if there was some sort of an interruption event in progress. He was told that one of their Internet Service Providers was experiencing problems, and that many customers in the facility were effected.
As the day progressed the interruptions and blackouts became more pronounced. By 7:00 PM that evening the server had to be shut down completely -- cutting off 150 community and customer websites, 75 of which depend on Montague WebWorks for email.
Investigation by the server administrators at the hosting facility revealed that Montague WebWorks' webserver was under a DoS attack, or Denial of Service. Essentially, a dramatic increase in traffic to one IP address caused a strain on one of the bandwidth providers, which eventually led to a disruption in service.
According the Department of Homeland Security, “The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.”
The hosting facility aggressively worked with Muller to control the source of the attack. In a conference call it was surmised that one or more of the websites Montague WebWorks hosts that had experienced an influx in traffic caused the attack. It couldn't be immediately determined which website, or indeed if it was only one website that was the target. In the end, a cautious re-deployment was determined to be the best course... turning one or two websites on at a time and then monitoring for any new traffic spikes. With 150 websites to turn back on, this would take quite a while.
Muller decided to redeploy his ten community websites first, including MontagueMA.net, and FiveCol-Soc.net, to see if the attack was perhaps related to something that had been posted on one of them. He then began redeploying five customer websites at a time with a half-hour pause between each wave, starting with his bigger and more notable business customers, and those running ecommerce websites. He estimates that all Montague WebWorks custromers and websites will be up and running again by Wednesday evening. Any customers still experiencing problems should contact him at the number below.
While this work proceeded, the hosting facility administrators identified a few compromised online gaming servers as the culprits. The owners were contacted and the attack from those machines ceased. The hosting facility is continuing its investigation with their network providers to determine whether there are more servers at work, or if the attack is truly over. This may take a few days, but for now the worst appears to be over.
WikiPedia has written an article on the subject of Denial of Service Attacks:
"A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
"One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload.
"Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations."
In a March 5th article on Fresh Business Thinking titled "DDoS attacks by unscrupulous businesses on the rise" David Rowe, CISSP, member of the Infosecurity Europe Advisory Council, states that "the use of DDoS attacks as a business weapon is a new trend that has not been seen before in the security space." Rowe further states "[a] survey of US companies shows us that DDoS attacks are a weapon being used by less scrupulous business competitors,” adding that with more than a third of US companies being hit by a DDoS attack in the last 12 months, the threat of distributed denial of service attacks clearly cannot be ignored."
In a February 29th article on TechTarget.com titled "DDoS attack types: Small attacks more common, dangerous", John Pescatore, vice president and research analyst at Gartner, said "Overall DDoS attacks have been on the rise recently."
After dealing with this attack, Montague WebWorks is planning on adding additional servers up to prevent complete shut-down in the event of another attack in the future. Muller is also working with his hosts to assess prevention plans.
Mik Muller can be contacted through the Montague WebWorks website, or by phone at (413) 320-5336.
Posted: to WebWorks News on Tue, Mar 6, 2012
Updated: Sat, Mar 24, 2012