Almost ten hours of downtime

Jun 29, 2010 06:31 GMT  ·  By

Australian broadband news website Whirlpool.net.au was the target of several Distributed Denial of Service (DDoS) attacks this morning. The hosting provider moved quickly to mitigate, but attackers evaded the restrictions, causing an aggregated downtime of around ten hours.

Whirlpool.net.au is one of the most trafficked Australian websites, housing a community of over 350,000 registered users. It was started twelve years ago as a place to discuss Internet broadband services in the country, but has since evolved into a full-blown news website covering the telecommunications industry.

"Bulletproof received monitoring alerts of packet loss at 12:45 am. We identified it as a classic denial-of-service attack being targeted at Whirlpool. We immediately blocked Whirlpool IP addresses to observe it better and then we were able to track down that it was originating from Denmark and the United States," Lorenzo Modesto, chief operating officer at Bulletproof Networks, the company hosting Whirlpool, commented for ZDNet Australia.

The firm moved in to block the attack, consisting of an unusually large number of HTTP requests, and contacted its upstream providers, Internode and Pacific Internet, to have them filter the offending IPs. Access to the website was restored within an hour, but only for a couple of minutes, before a second wave of attacks began.

The site was brought back online around business hours, after the company worked with Internet service providers abroad to block the DDoS at the source. A third attack occurred shortly after the service returned the second time and it was finally mitigated at around 10:30 am (local time). Since then, the website has remained stable.

According to SC Magazine, Bulletproof kept their customers informed about the situation via text messages. However, the company noted that the attacks were strictly directed at the Whirlpool website and not its entire network.

Whirlpool's founder Simon Wright has said that he doesn't know why the website might have been targeted, but wasn't too upset of the situation. "Given that the site isn't driven by a profit motive, I'm not really fazed by a few hours of downtime. Perhaps a few more people went outside this morning; that can only be a good thing!" he revealed.

You can follow the editor on Twitter @lconstantin