Posted on February 2, 2010 - by Venik

Novaya Gazeta and DDOS Attack

The Register, among others, reports that the Web site of one of Russia’s leading independent newspapers – the Novaya Gazeta – came under a distributed denial-of-service (DDOS) attack. Currently the newspaper’s site is unstable. The reason I even noticed this news item is not because I am a big fan of Novaya Gazeta. It is a relatively small outlet financed by American billionaire and stock investor George Soros. NG’s publications are invariably sensationalist and unreliable. This small newspaper is number one among Russian periodicals in the number of lawsuits filed against it and the amount of court-ordered retractions and apologies it had to print over the years. No, the reason I bring this up is because I know a guy who used to support their Web server.

DDOS attacks are relatively common. All those viruses you install on your PC when browsing for porn and searching for free stuff online help hackers take control of your computer and use your networking resources. Usually you don’t suspect a thing. A hacker initiates a DDOS attack through a number of “handlers”: networked servers that connect to compromised PCs all over the Internet and use them to assault a particular system, network segment or Internet Service Provider. There are effective defenses available again DDOS attacks. Most of these defenses, however, have to be implemented several levels higher than the target Web server.

Here’s an example: my site is hosted by Bluehost.com – a crappy shared hosting provider from Utah with which I am stuck for another year due to the terms of contract. Should someone launch a DDOS attack against my site, there is really nothing I can do to fight it. I have no control over the server or the network. But even the server admin at Bluehost would not be able to do much. A large scale DDOS attack can generate upwards of a million requests per second. The problem with DDOS attacks is identifying which incoming traffic is legitimate and which traffic is a part of the attack. Analyzing a million requests per second is no trivial task. This is usually handled by the ISP and not the hosting provider, the sysadmin or the Webmaster.

And this brings me back to my friend who used to work for Novaya Gazeta. He told me that these attacks were fairly common due to the scandalous nature of the newspaper. Usually the attacks were not intensive enough to cause any significant downtime. However, my friend urged his bosses to reconsider their choice of ISP because their current provider – Relline – paid little attention to defending against DDOS attacks in the past. My friend also argued for a mirror server to be installed on a different network – preferably with a much larger provider in the US. The logic is simple: when a DDOS attack is launched, it usually targets a specific IP address or IP range. DDOS attacks rarely target the domain name (a domain name is linked to a specific IP address).

When a DDOS attack occurs and you have a mirror server located on a different network, all you need to do is to update DNS (domain name service) records to point your domain name to the IP address of this new server. NG’s management was too cheap to procure a backup server or to find a more reliable provider and is now losing revenue because the paper’s site is down. Naturally and as usual, Novaya Gazeta prefers to blame the dark forces inside the Kremlin for all of the world’s problems:

“Evidently, it was not amateurs, not hooligans (that) did this,” the paper’s deputy editor, Andrei Lipsky, told the Associated Press. “It is a deliberate act. We can only guess who stands behind this.”

KGB, no doubt…

Join the forum discussion on this post - (1) Posts

Related posts:

1. Now breakaway government denounces internet attack
2. Georgian blogger Cyxymu blames Russia for cyber attack
3. Bluehost.com Web Hosting Problems
4. Twitter and Facebook attacks: why your computer might have been involved
5. Verizon FiOS is still too green. I am back with Comcast.