Denial-of-service attacks hit anti-spam sites

If you’re a regular vistor to some of our websites you may have noticed that the server was down for much of the last 48 hours. This was due to an online attack known as a ‘distributed denial of service attack’ (DDoS). In the first two hours alone computers with over 1000 different IP addresses worldwide were involved. At the peak 3.6 GB of requests per hour (i.e. 1 MB per second) were sent to the server, which was unable to keep up with the load and became unresponsive.

We took several countermeasures and managed to bring some websites online again. As of today it appears the attacks have ceased.

Concurrent with this attack on our main server several other anti-spam servers underwent similar attacks. The website of was offline for some time. Several servers that are of the SURBL project were affected by attacks.

The large number of IPs involved suggests that the attack involved a botnet, a large number of remote controlled zombie computers infected with malware. This criminal abuse of stolen internet resources illustrates the dangers that infected computers pose to others, against which there are few effective defenses.

It also shows that anti-spam tools such as SURBL and URIBL are effective against the spammers, or they wouldn’t be trying so hard to sabotage our legitimate efforts.

(Update 2007-06-12): SpamHaus was also affected by the attack, according to an article by Ryan Naraine (ZDNet), which quotes a usenet posting by Steve Linford of SpamHaus. According to this information the DDoS was carried out using a variant of the ”Storm” malware by the same gang that also launched a DDoS attack against BlueSecurity last year.