May 3, 2006 4:50 PM PDT
Cyberattack knocks millions of blogs offline
- Related Stories
Blogosphere suffers spam explosionApril 11, 2006
Cybercrooks ramp up against antivirus firms--and each otherApril 4, 2006
DNS servers do hackers' dirty workMarch 24, 2006
GoDaddy.com suffers outageNovember 30, 2005
Attack knocks out Microsoft Web sitesJanuary 25, 2001
The attack started around 4 p.m. PDT, targeting the popular blogging services and the corporate Web site of their provider Six Apart, company vice president Anil Dash said in an interview Wednesday. Service was back to normal at midnight, according to Six Apart's Web site.
"Any large service tends to have a pretty constant level of attacks, but this was on a scale that I don't think anybody could have anticipated," Dash said. "I think it is of a scale that would have impacted any large site on the Web."
In a distributed denial-of-service, or DDoS, attack the target is overloaded with requests for information. The requests come from a large number of hosts, typically compromised computers. As a result, legitimate users can no longer access the site.
Six Apart intends report the attack to the authorities, such as the FBI, but hasn't done so yet, Dash said. "We have not yet had the time to think about the next steps yet," he said. The San Francisco company has some theories on the origin and motivation of the attack, but Dash declined to speculate.
Unlike large online businesses, Six Apart isn't typically the object of large-scale onslaughts, Dash said. If it does face an attack, often the problem is related to the content posted on one of the blogs it hosts, he said.
Six Apart's main hosting facility is in a large data center located at 365 Main in San Francisco. The attack morphed as the blog company tried to respond, making it more challenging to deal with.
"They were changing pretty rapidly," Dash said. "We have learned enough that if it does happen again, we know what to do."
Six Apart plans to make amends to its customers, but has not yet decided how. Late last year, when it had some performance issues, it let its users decide how they wanted to be compensated, Dash said. "We will definitely do whatever makes things right for them," he said.