WordPress.com Hit by Extremely Large Denial of Service Attack
okay I thought it was the third world muslims again, nope it was the third world non white chinese, all of whom are completely against freedom … for others.
Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea.
According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China’s major search engine
Everyone wants to know which blog was the target of the largest denial of service attack in its six-year history the popular blogging platform WordPress.com. The attack affected a number of A-list sites like CNN, BBC and TED.
WordPress.com, a popular blogging platform, was hit by a large DDoS (Distributed Denial of Service Attack that affected connectivity to a number of its blogs.The attack appeared to have begun just before 11 AM Eastern Time on Mar. 3 and lasted for about two hours, according to a status page on parent company Automattic’s site. WordPress.com is a hosted blog platform with a number of large customers, including TED, CNN, BBC, Red Hat and Flickr.Wordpress.com is currently reporting “normal” service on its site and on its Twitter feed, but that it will be monitoring the situation closely. The attack is the “largest” WordPress.com has ever seen, Automattic told TechCrunch, whose site is hosted on WordPress.com.
“You have no idea how hard it was to get this post up,” wrote TechCrunch’s Alexia Tsotsis.
The “non-trivial” attack appears to have subsided, but the company is working with the upstream provider on measures to prevent such attacks from affecting connectivity, according to a blog post for WordPress.com’s VIP customers, reposted on Twitter.
For internet-service-providers, DDoS mitigation includes throttling down bandwidth and filtering out packets from users and IP addresses, Jason Hoffman, co-founder and chief scientist at cloud provider Joyent, told eWEEK. Along with available quality of service tools, ISPs can write firewall and load balancer rules that can filter out and kill suspicious packets, he said.
As for its “extreme size,” the DDoS attack was “multiple Gigabits per second and tens of millions of packets per second,” according to the VIP blog post.
“It could flare up again later, which we’re taking proactive steps to implement,” WordPress founder Matt Mullenweg told Tech Crunch. The DDoS attack impacted all three Automattic data centers in Chicago, San Antonio and Dallas, he said. It also affected Automattic’s other services, IntenseDebate, BBQ Pit and Akismet API.
Mullenwag also said the sustained attack “may have been politically motivated” against a non-English blog, but declined to provide any other information. “We’re still investigating and have no definitive evidence yet,” he said.
It remains unclear where the attack originated, since there are a number of other groups other than hacktivist Anonymous who use DDoS attacks to disrupt services. In fact, groups like Anonymous don’t have the manpower or bandwidth to launch a truly massive DDoS attack because many of its participants are using the LOIC (Low Orbit Ion Cannon) tool to launch DDoS attacks from general consumer ISPs through DSL or cable modem services, said Hoffman. A botnet with “high hundred-thousands to millions” of computers would be required for sustained attacks, he said. For example, a large botnet dubbed Vecebot knocked blogs belonging to Vietnamese dissidents offline last fall.
A recent Harvard University study found that 280 independent media and human-rights Web sites were hit with 140 attacks between September 2009 and August 2010, and researchers asserted that these numbers are probably only a small portion of actual attacks.
There appears to be some sporadic performance issues still occurring on WordPress.com, but the site for the most part appears to be normal. WordPress.com had some issues with performance around 6 AM Eastern Time, which it managed to resolve, according to the site’s Twitter feed. Automattic did not comment on whether the performance issues were related to the DDoS attack, which occurred about six hours later.