Just got off the phone with our Webmeister Chris. Here's what I learned about the Denial of Service (DOS) "attack" which we have been dealing with on and off since Thursday, and which has made access for our readers intermittently difficult or, today, impossible.
We have been subjected to what is termed a DOS Botnet Attack, consisting mainly of lengthy black market drug advertisements, containing multiple links, directed to our trackback system and to our commenting system (which is why they are shut down at the moment). A "bot" is, of course, a robotic software program.
Chris determined that this attack is coming from China, India, Japan, and Korea, simultaneously. It is probably a criminal consortium of some sort - and a large one. DOS attacks are not designed to damage specific sites, and they are not designed to result in a DOS - after all, that would defeat the purpose, which is advertising. Like any parasite, a bot is not intended to kill its host - just to feed off it. Just like the Welfare State.
The way it works is that black market drug dealers (of Viagra and other drugs) buy ads on the "internet black market" directed to various websites (there is a market in website addresses, too). Thus no-one who gets a DOS attack should feel flattered or singled out: they just happened to be on a doubtless long list that no human ever read. Similar bots advertise gambling sites, and other things.
The evil computer geniuses who sell the ad use their Bot software to then infect (with "worms," Trojans," etc.) and essentially partially enslave, in this case, about 50,000 computers around the globe (PCs which are lacking in updated security patches, and generally residential PCs whose owners are unaware of what is going on, and totally unaware that they might be running a bit slow because a Bot is using them). These enslaved machines then generate the spam traffic, non-stop, at a rapid pace. There are a lot of PCs out there in the world without up-to-date security patches.
The volume of traffic overwhelms the spam filters, and the servers get clogged. At the moment, Chris is playing traffic cop, and trying to direct all of our spam traffic to a black hole in the internet - a non-existing ISP address.
At present, much of our friendly traffic is also being blocked by filters or diverted (including anything via AOL, at the moment, most foreign traffic, and most search traffic).
Chris tells me that the guys who run these criminal enterprises design software which is highly flexible and adaptible, so that it can find ways around firewalls and filters. Giant websites handle DOS attacks by diverting all of the spam to one server, and maintain the site via other servers. He guesses that a site like the NYT spends $100,000/month or more on internet access alone - not counting salaries, hardware, etc.
Chris has collected all of this drug ad spam traffic data, and has forwarded its origins to the FBI, CERT at Homeland Security, to firewall manufacturers, and to other website managers so they can learn from it. Since it's all being generated overseas by well-concealed people, no-one will go to jail. It is, however, a federal crime to do this in the US.
Hope we can get comments back soon, because this is all interesting - if frustrating as hell for your humble editor. Chris, sturdy Green Mountain Yankee boy that he is, finds this challenge exhilarating and is cheerfully girded for battle against a powerful adversary. Thanks, Chris, for getting us back up and running tonight. And hold your fire 'til you can see the whites of their eyes.
You can read more about the Botnet battles at eWeek: Is the Botnet Battle Already Lost?
Update: Limited commenting is enabled, for now. Give it a try, if anyone is still awake.
Update: Comments off again. I think they will be on and off for a bit.
Well, the bad guys returned, which is why you've had trouble getting to Maggie's. We will fight them off as best we can.
Tracked: Feb 04, 08:01