Massive denial of service attack


Last week (30th/31st March) we suffered a massive denial of service attack on several of our servers. At its height we had to block 40,000 IP addresses from a botnet attacking our systems! The immediate result of this was one of our main servers with about 65 sites on it going offline for 4 hours on Friday and for a short period the day before as well. A second server also went offline for a shorter period on the Friday morning.

A denial of service attack is where someone attempts to force access to a file server by guessing usernames and passwords. This is done because they wish to recruit the resources of a fileserver for nefarious purposes such as the posting of spam and malware. In order to guess passwords hackers use a large group of PCs that they have already compromised and recruited into a "botnet". Thus, on Friday morning we experienced 40,000 compromised PCs trying to guess usernames and passwords on our servers over a very short period of time. 

Our security systems worked extremely well and although approximately half of our sites were down for a while we believe that security of our systems was maintained throughout.

One of the results of this attack is that a number of legitimate school IP addresses have also been blocked by our automated systems. We have been contacted by several schools who cannot see their blogsite from within school. Fortunately we can quickly resolve this problem. Go to any curriculum PC and Google "What's my IP?" This will return a number in the following format: 999.999.999.999 with each element consisting of 1, 2 or 3 digits. Email us your IP address and the address of your blogsite and we can quickly clear the block on our firewalls.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk