- Latest news
- Comment & opinion
- Industry metrics
- Jason Stamper's blog
- UK tech finance blog
- Open source blog
- CIO agenda blog
- Newsletter sign-up
- Progress will merge Iona Artix, Sonic ESBs
- Security lags virtualisation: survey
- VMware ups its management game, revs Windows on Mac virtualisation
- Google Chrome off to flying start?
- Laters
- How secret is Google Chrome’s ‘incognito’ mode?
- Google Chrome versus Firefox, IE
- Hoy or Adlington on a laptop lid? More likely than you might think...
- 10 best technologies to beat the downturn
- Trend Micro buries the hatchet
- Should you look at GAAP or non-GAAP?
- Getting off (on) the Cloud
- Getting off the Cloud
- HDS tapping UK storage demand
- SAP's support price rise has industry in a quandary
- IBM’s Ilog buy is a “non event” says rival
- Who’s fitter: drummers or footballers? Phil Collins vs. Ronaldo!
- Do Macs now rule the US desktop market?
- UK shops selling out of iPhone 3Gs
- Why did Tucci oust VMware's Diane Greene?
- The difference between ‘cloud computing’ and SaaS? None whatsoever.
- Iona bought by Progress Software
- Last few days of Windows XP sales...
- Lombardi talks on-demand BPM
- Lessons in ‘Enterprise 2.0’. Lesson 1: don't mention Enterprise 2.0.
- 10 ways to cut software development costs
- Would the baddest Roadrunner please step forward
- Artist's impression of new 3G Apple iPhone revealed
- Enterprise 2.0 Conference off to Web 2.0-style start
Jason Stamper's Blog
Millions of bloggers suffer BlueFrog spam war outages
May 04, 2006
CBR managed to get an interview with Blue Security's CEO, Eran Reshef, to understand better how Six Apart became the unwitting victim of a spam war.
My CBR colleague in San Francisco, Kevin Murphy, covered the story for us. It's one that affected many of us bloggers - it's about Six Apart, which runs the popular LiveJournal and TypePad blogging services. Six Apart has become the collateral victim of a "very big, very sophisticated" denial of service attack mounted by a Russian spammer against an unrelated security company.
As Kevin writes:
The attack, which CBR can reveal was part of an extortion scam against users of Blue Security's anti-spam software, caused hundreds of bloggers to complain about the downtime, during periods of intermittent blog access.
Six Apart told its millions of bloggers it had experienced "intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com", before resolving the issue in the early hours of Wednesday May 3, 2006.
"He's trying to rip apart the internet just to make our community stop fighting back against spam," Blue Security's chief executive Eran Reshef said of the spammer he believes launched the attack.
LiveJournal and TypePad found themselves suffering the brunt of the attack when Blue, which says it has been targeted by a "top four" Russian spammer, redirected the front page of its website to a blog hosted at TypePad's data center.
"The major denial of service attack at TypePad was because of us hosting with TypePad," Reshef told Computer Business Review.
TypePad general manager Michael Sippey told us that the company's servers started feeling the DDoS at about 4pm US Pacific time on Tuesday May 2, and that it was still going on 24 hours later.
"From the pattern of attack it was unclear whether they were going after an individual blogger or going after us," Sippey said. He described the attack as "very big" and said whoever the culprit is, "he's very determined".
You can read the rest of the story on our news pages here.
Comments
Thanks for pointing us to this informative article - I found this blog through Google News
"Backbone subversion" is an attack by which a provider subverts the efficient operation of the Internet by either completely drops routing to a block of IP addresses, announces to other tier-1 providers that it has a (nonexistent) route to a block of IP addresses at a very low cost, or otherwise sends packets destined for those IP addresses into a black hole.
Do you remember the spat between Level3 and Covance, last year? The one which made half the internet unavailable to the US -- which half depended on which service you were using? That was a backbone subversion attack -- Level3 decided to subvert the backbone by preventing packets from getting where they were supposed to go.
Looking at it another way: There are policy and procedural safeguards in place to prevent the tier 1 backbone from instability. However, there are highly-trusted people (the network operations agents) who all have the power to make changes at will -- they have to, in order to be able to fix problems that come up (a router fries, an OC3 ring gets sliced by a backhoe, and so on), 24 hours a day, 7 days a week, 365.25 days a year. By performing an attack geared toward one of those network operations agents personally (blackmail, for example), an attacker can get that agent to do things that are bad for the Internet backbone.
The reason why Israel could still access the Israeli IP addresses is because their routers KNOW what blocks belong to them, and won't allow anyone else to change those routes.
SixApart has an ongoing credibility problem around its hosted services. This is not the first time 6A has been 'out.' The latest incident ran for 7+ hours. It was a major part of why I left TP 5 months ago. Interestingly, 6A maven Anil Dash declined an opportunity to discuss the issues in person with me - hardly surprising given the rage I felt at the time. I'm just glad I no longer rely on their service.
I'm pretty usre it impacted a number of VNU blog sites.
"Anil Dash declined an opportunity to discuss the issues in person with me [Dennis Howlett]"
To be fair, I am pretty sure I said I *am* interested in discussing any concerns you might have; Keeping a busy schedule just means that it can sometimes take time to coordinate, and I'd like to focus any conversations on what positive steps can be learned by all of us. If you look at all major blog services in 2006, TypePad is still among the most reliable and highest-performing, and we're working to make sure it improves even further, despite whatever attacks people might try to direct at all of our services.
back to top