Denial of service attack update

As we mentioned in an earlier post, someone attacked our network earlier this morning. Although we blocked the attack, we’ve also been working to identify who attacked our network and why. We now know the answer, and we are almost positive that the problem won’t recur.

Most of the traffic in the attack came from computers in Korea. That led us to suspect that the attackers were targeting a Korean-language site that signed up to use our service within the last 24 hours. We talked to the owner of that site, who confirmed that he’s previously experienced large-scale attacks that damaged the network of other hosting companies he used.

We’re obviously disappointed that the owner did not mention this before signing up with us. There are companies that specialize in handling extremely high volume “distributed denial of service” (DDOS) attacks, although they’re much more expensive than standard hosting services (Prolexic is the company most people recommend). Moving a site between various hosting companies in the hope that one of them will be able to handle a 2.1 Gbps DDOS attack (but without mentioning it in advance) is, frankly, reckless.

In any case, the owner of the site under attack has already moved it elsewhere, and the attackers have stopped trying to connect to our servers. That means that the attackers almost certainly won’t return to our network with a different kind of attack, and we do not expect any additional downtime from this incident.