Free Republic
Browse · Search
Topics · Post Article

Skip to comments.

April 28, 2006 11:51 AM | Michelle Malkin

Posted on 04/28/2006 6:02:31 PM PDT by LowNslow

***scroll for updates...1230pm EDT Looks like the problem may be resolved, though several blogs still down...Glenn Reynolds confirms the attack originated in Saudi Arabia, as I suspected...Mary Katherine Ham of downed blog is guest-blogging over at Wizbang...Hugh's back up...looks like most are back up...update on Aaron's CC below...513pm EDT update several blogs reporting they are down again...***

Many Hosting Matters-hosted blogs are down--including Instapundit, Power Line, Hugh Hewitt, and tons of others large and small. Hosting Matters' own website is also down.

Blogger Chuck Simmins e-mails:

Denial of service attack on Hosting Matters. Most, if not all, their hosted sites are down. Attack is originating internationally. Haven't been able to confirm. But stay tuned.

***update: LGF, a Hosting Matters blog on a different server than the others, confirms***

I’ve received quite a few emails this morning from people having trouble getting to blogs like Power Line and Captain’s Quarters. The reason for the problem: Hosting Matters is experiencing a Denial of Service attack. They’re working to block it now.

More info on DoS attacks: Wikipedia: Denial-of-service attack.

UPDATE at 4/28/06 8:43:47 am:

Although LGF is also at Hosting Matters, we were moved to a different network after experiencing a similar attack. (That’s why we’re still up.)

UPDATE at 4/28/06 8:48:17 am:

I may have spoken too soon; some parts of the LGF system are beginning to act a bit flaky.

On a possibly related noted, Aaron's CC blog has been hacked several times over the last month, reportedly by cyberjihadis mad at his provocative images. His site is also down, though I'm not sure it's a Hosting Matters blog. Does anyone know?

Another update 1157am EDT. Chuck Simmins sends a link to the Hosting Matters support site...

Well, we know who the target is, and we know where the likely source of the attack originates...and I sincerely doubt that country's leadership has the least bit of concern for extraditing over something like this. Stacy - Hosting Matters, Inc.

Just fyi: The cyberjihadis who have gone after the Aaron's CC blog reportedly originate from Saudi Arabia.


I greatly appreciated all the blogosphere's support when the cyberjihadis took down my site down over the Mohammed Cartoons. If you're down, please send me an e-mail and I'll keep a list here of all those affected. We are all affected by cyberterrorist tactics, wherever they may originate.

Blogs down:

Instapundit (***Glenn is posting on his back-up site here***) Power Line Captain's Quarters Pundit Guy Chuck Simmins Small Dead Animals Radioblogger Hugh Hewitt IMAO Mountaineer Musings Say Uncle Counterterrorism Blog Anti-Idiotarian Rottweiler Castle Arggh! - John Donovan She Who Will Be Obeyed - Beth Donovan Michael Totten Ticklish Ears Samizdata Theodore's World

TOPICS: News/Current Events
KEYWORDS: cyberterrorism; dos; hacker; weblogs

1 posted on 04/28/2006 6:02:33 PM PDT by LowNslow
[ Post Reply | Private Reply | View Replies]

To: LowNslow

Whoa. That's a lot of blogs that were attacked today.

2 posted on 04/28/2006 6:10:01 PM PDT by Peach
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowNslow

What is the defense against a denial of service attack?

3 posted on 04/28/2006 6:13:48 PM PDT by InterceptPoint
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowNslow

Would be funny if the jihadi websites were hijacked and replaced with "shrines" to the goat-screwin', camel-molesting, and child-raping fraud coward (feces be upon him).

4 posted on 04/28/2006 6:17:24 PM PDT by M203M4 (BEEEEEG gubermint to the rescue; or "how the nanny state ruins everything")
[ Post Reply | Private Reply | To 1 | View Replies]

To: M203M4

and dont forget the bottom of the shoe.

5 posted on 04/28/2006 6:25:19 PM PDT by spanalot
[ Post Reply | Private Reply | To 4 | View Replies]

To: LowNslow

'Bout time some of our wizzbangs took down those goathumpers sites. Better yet, 'bout time somebody took those goathumpers out...permanently.

6 posted on 04/28/2006 6:42:24 PM PDT by leadhead (It’s a duty and a responsibility to defeat them. But it's also a pleasure)
[ Post Reply | Private Reply | To 1 | View Replies]

To: InterceptPoint

The only thing you can do is call your upstream provider and ask them to null route the traffic, of course, this still leaves you down, but if you have other services running on different addresses, at least they will be able to function. Someone has to absorb the traffic, normally you leave it to the big guns (The upstream providers like Sprint, ATT, etc)

7 posted on 04/28/2006 6:53:34 PM PDT by FunkyZero
[ Post Reply | Private Reply | To 3 | View Replies]

To: LowNslow
Instapundit backup
8 posted on 04/28/2006 6:57:47 PM PDT by BallyBill (Serial Hit-N-Run poster)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowNslow

Find out who's doing this and bomb them.

With real bombs.

9 posted on 04/28/2006 7:18:12 PM PDT by D-Chivas
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowNslow

Thanks for this update. I tried Hugh Hewitt's site this morning, along with Day-By-Day (comic - all right; it's how I like to start my day), and got the "page not located" response for both. Glad to know they're up and running again.

10 posted on 04/28/2006 7:59:46 PM PDT by hsalaw
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowNslow
Saudi-Originated Denial of Service Attack Knocks out Conservative Blog Hosts

Countering the Cyber Jihad

11 posted on 04/28/2006 8:03:30 PM PDT by Cannoneer No. 4 (Civilian Irregular Information Defense Group)
[ Post Reply | Private Reply | To 1 | View Replies]

To: FunkyZero

If the attacks are coming from a relatively small IP range, I believe you can put rules in your firewall to block inbound traffic from those addresses.

12 posted on 04/28/2006 8:09:12 PM PDT by ex-NFO
[ Post Reply | Private Reply | To 7 | View Replies]

To: ex-NFO

yes you can, however, you STILL have to absorb the traffic, crippling your line / circuit. Most attacks are designed to consume your bandwidth, firewall rules do nothing for you in this case. It needs to be filtered upstream somewhere.
Other attacks are designed to overload a particular server with a high number of service requests that it cannot handle, those types can be squashed with a firewall rule.... but attackers know this, thats why the go for the bandwidth soaker approach.

13 posted on 04/29/2006 5:45:43 AM PDT by FunkyZero
[ Post Reply | Private Reply | To 12 | View Replies]

To: FunkyZero

Cheap firewalls can detect DOS attacks and make rules on te spot. It seems to me that the internet infrastructure, with all the wizards at its disposal, could analyze an organized attack within half an hour or so and shut it down.

If it's driven by zombies, those computers should be cut off by the IP until they are disinfected. It would seem to me that IPs could detect zombified computers.

14 posted on 04/29/2006 5:52:27 AM PDT by js1138 (somewhere, some time ago, something happened, but whatever it was, wasn't evolution)
[ Post Reply | Private Reply | To 13 | View Replies]

To: js1138
It is dependent on many variables, unfortunately.
distributed attacks cannot be defeated, only your service provider can null route all the traffic destined for the target address, and this action makes your server(s) unavailable for anyone to access. If you have multiple servers running on different addresses on the same circuit, this can at least save those devices. Unfortunate as it is, this is the way it works. In a distributed attack, thousands of infected machines can attack a target simultaneously, and a good part of these machines are in other countries that could really care less. Even if they did, mopping up the mess can take weeks... there are just too many of them.

And sure, a cheap firewall can "block" incoming packets from entering your inside network, but it cannot stop the incoming traffic to it's own external interface, therefor, your line is "soaked", leaving no room for legitimate traffic, ie: 'Denial of Service". Cutting off entire source streams is not an option because you have many paying customers that would also go offline due to your actions, and they don't appreciate that at all. This would only multiply the damage caused by the attacker(s) and this is what he wants.
There is absolutely nothing you can do to stop it except wait for the attacker to get bored and quit.
If the source of the attack is limited to one or just a few dozen source addresses, then yes, an ISP(s) can halt the attack fairly easily.
15 posted on 04/29/2006 9:35:24 AM PDT by FunkyZero
[ Post Reply | Private Reply | To 14 | View Replies]

To: FunkyZero

I think IPs could stop attacks. Once the signiture of an attack is known, IPs could shut down the individual connections and require their customers to purge their machines before reconnecting. This would require an industry wide agreement, but more difficult things have been done.

The email server blacksists are an indicator of what can be done. It would not be technically difficult.

16 posted on 04/29/2006 1:14:29 PM PDT by js1138 (somewhere, some time ago, something happened, but whatever it was, wasn't evolution)
[ Post Reply | Private Reply | To 15 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794 is powered by software copyright 2000-2008 John Robinson