Skip to comments.BLOGS DOWN: HACK ATTACK (From Saudi Arabia)
Posted on 04/28/2006 6:02:31 PM PDT by LowNslow
***scroll for updates...1230pm EDT Looks like the problem may be resolved, though several blogs still down...Glenn Reynolds confirms the attack originated in Saudi Arabia, as I suspected...Mary Katherine Ham of downed blog hughhewitt.com is guest-blogging over at Wizbang...Hugh's back up...looks like most are back up...update on Aaron's CC below...513pm EDT update several blogs reporting they are down again...***
Many Hosting Matters-hosted blogs are down--including Instapundit, Power Line, Hugh Hewitt, and tons of others large and small. Hosting Matters' own website is also down.
Blogger Chuck Simmins e-mails:
Denial of service attack on Hosting Matters. Most, if not all, their hosted sites are down. Attack is originating internationally. Haven't been able to confirm. But stay tuned.
***update: LGF, a Hosting Matters blog on a different server than the others, confirms***
Ive received quite a few emails this morning from people having trouble getting to blogs like Power Line and Captains Quarters. The reason for the problem: Hosting Matters is experiencing a Denial of Service attack. Theyre working to block it now.
More info on DoS attacks: Wikipedia: Denial-of-service attack.
UPDATE at 4/28/06 8:43:47 am:
Although LGF is also at Hosting Matters, we were moved to a different network after experiencing a similar attack. (Thats why were still up.)
UPDATE at 4/28/06 8:48:17 am:
I may have spoken too soon; some parts of the LGF system are beginning to act a bit flaky.
On a possibly related noted, Aaron's CC blog has been hacked several times over the last month, reportedly by cyberjihadis mad at his provocative images. His site is also down, though I'm not sure it's a Hosting Matters blog. Does anyone know?
Another update 1157am EDT. Chuck Simmins sends a link to the Hosting Matters support site...
Well, we know who the target is, and we know where the likely source of the attack originates...and I sincerely doubt that country's leadership has the least bit of concern for extraditing over something like this. Stacy - Hosting Matters, Inc.
Just fyi: The cyberjihadis who have gone after the Aaron's CC blog reportedly originate from Saudi Arabia.
I greatly appreciated all the blogosphere's support when the cyberjihadis took down my site down over the Mohammed Cartoons. If you're down, please send me an e-mail and I'll keep a list here of all those affected. We are all affected by cyberterrorist tactics, wherever they may originate.
Instapundit (***Glenn is posting on his back-up site here***) Power Line Captain's Quarters Pundit Guy Chuck Simmins Small Dead Animals Radioblogger Hugh Hewitt IMAO Mountaineer Musings Say Uncle Counterterrorism Blog Anti-Idiotarian Rottweiler Castle Arggh! - John Donovan She Who Will Be Obeyed - Beth Donovan Michael Totten Ticklish Ears Samizdata Theodore's World
Whoa. That's a lot of blogs that were attacked today.
What is the defense against a denial of service attack?
Would be funny if the jihadi websites were hijacked and replaced with "shrines" to the goat-screwin', camel-molesting, and child-raping fraud coward (feces be upon him).
and dont forget the bottom of the shoe.
'Bout time some of our wizzbangs took down those goathumpers sites. Better yet, 'bout time somebody took those goathumpers out...permanently.
The only thing you can do is call your upstream provider and ask them to null route the traffic, of course, this still leaves you down, but if you have other services running on different addresses, at least they will be able to function. Someone has to absorb the traffic, normally you leave it to the big guns (The upstream providers like Sprint, ATT, etc)
Find out who's doing this and bomb them.
With real bombs.
Thanks for this update. I tried Hugh Hewitt's site this morning, along with Day-By-Day (comic - all right; it's how I like to start my day), and got the "page not located" response for both. Glad to know they're up and running again.
If the attacks are coming from a relatively small IP range, I believe you can put rules in your firewall to block inbound traffic from those addresses.
yes you can, however, you STILL have to absorb the traffic, crippling your line / circuit. Most attacks are designed to consume your bandwidth, firewall rules do nothing for you in this case. It needs to be filtered upstream somewhere.
Other attacks are designed to overload a particular server with a high number of service requests that it cannot handle, those types can be squashed with a firewall rule.... but attackers know this, thats why the go for the bandwidth soaker approach.
Cheap firewalls can detect DOS attacks and make rules on te spot. It seems to me that the internet infrastructure, with all the wizards at its disposal, could analyze an organized attack within half an hour or so and shut it down.
If it's driven by zombies, those computers should be cut off by the IP until they are disinfected. It would seem to me that IPs could detect zombified computers.
I think IPs could stop attacks. Once the signiture of an attack is known, IPs could shut down the individual connections and require their customers to purge their machines before reconnecting. This would require an industry wide agreement, but more difficult things have been done.
The email server blacksists are an indicator of what can be done. It would not be technically difficult.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.