Adblock Plus and (a little) more
Denial of service attack on adblockplus.org [Updated3] · 2013-06-28 01:10 by Wladimir Palant
The reason why our server was down for a day is a massive denial-of-service attack that started yesterday night German time. For historical reasons, our main website was running on a weak server (the weakest we have) and we already had issues with it in the past — we just didn’t have the time to migrate it to some more powerful hardware.
At the moment all is good again. We’ve set up a new server with way more resource reserves and copied all data over. Almost everything is up and running, even though some issues will certainly pop up later — this move finally gave us a chance to update the Linux distribution on that server.
Update (2013-06-28): Whoever is behind that attack now switched to attacking our new server. For somewhat less than an hour tonight the network connection of our server was completely saturated. The new hosting provider quickly solved the issue however and things are stable again.
Update2 (2013-07-01): I got some details on the attack from the hosting provider. Looking at the info, we were apparently hit by a DNS Amplification Attack that produced a traffic stream of roughly 1.5 Gbit/s. Somebody wanted this website to be gone very badly…
Update3 (2013-07-02): A new attack caused the server to become unreachable yesterday between 19:45 and 23:01 CEST.
Comment [2]
Commenting is closed for this article.
Cralex · 2013-06-28 11:11 · #
Ouch, that sounds painful. I’m guessing you’ve heard about it already, but I’d feel remiss to not reccomend CloudFlare here, since they’re pretty good at deflecting DOS attacks and keeping things running smoothly. Hang in there! I really appreciate ABP.
Reply from Wladimir Palant:
Sure, if things come really bad we will be looking into this. However, I’m generally not too fond of directing our user’s traffic through some third parties.
What a coincidence! · 2013-07-03 13:22 · #
Just one day after SP launches a public shame, FUD & smear campaign, your website gets hit. What a huge coincidence…
Could this just be “normal” traffic that’s coming to your site because of his attention grabbing skillz?
Reply from Wladimir Palant:
No, he cannot generate anything even remotely close to 1.5 Gbps traffic by regular means, no matter how hard he tries :). Our analysis is complete, these were definitely DNS Amplification attacks. But – yes, the timing indicates that the statements in our blog were the target, somebody doesn’t want them to be seen.