Interview with Jason Thibeault on DDOS

Jason Thibeault is a blogger at FreethoughtBlogs (FtB), one of three networks with strong pro-feminist voices which were targetted by a DDoS attack this past weekend. We were able to ask Jason some qustions about the effects of the attack and how FtB recovered from it. Jason has a bigger post about it on his blog Lousy Canuck.


MR: How many bloggers on FtB?

JT: Including all the group bloggers and co-bloggers, there are over fifty bloggers with posting rights spread across 35 live blogs — though a few of these blogs are now inactive and are up as archives at the request of the bloggers. We have a diverse talent pool here, tackling a very wide range of subjects.

MR: How long was your site down?

JT: We are basically dodging the attack now, so well that I can't even tell if the attack is still ongoing. We were down for a little less than two hours altogether, broken up into two chunks. Interestingly, the server itself weathered the attack fine — the problem was, our web host's countermeasures to the attack were what actually took us down.

MR: How many hits do you normally get in this period?

JT:I would estimate that the blog network as a whole gets on average 140,000 hits a day. Saturdays are actually normally our lowest traffic day, though, and we only got roughly 118,000 hits that day with the attack. Evidently the existence of the attack stirred interest, however, and once the site was back up, we got a lot of traffic in a spike immediately — lookie-loos, I suspect; rubberneckers. I don't know ultimately how the numbers panned out, but it seems like we only lost about 10,000 hits, not counting that post-attack spike. That's nothing to sneeze at in two hours, mind you. But we're not as prolific as, say, Slashdot, or

MR: How long did it take to get it back up once the attack started?

JT: After the initial attack, our web hosting provider locked us down for an hour — basically, they needed to protect their other clients. When the block was lifted, the attack was still ongoing, and so they blocked it again, this time for four. This might have gone on indefinitely, exponentially increasing the downtime, but we have a rather clever web guy and we had a bit of good luck in how our servers were configured such that we could effectively dodge the attack without our host's intervention. Between the web guy and myself, we probably put about four hours of work in mitigating the situation, analyzing logs and working with the web host.

MR: Is protecting the site in the future going to cost extra?

JT: There's obviously the human cost in hours to fix the issue; we're open to getting better security, but at the moment, we're not incurring any extra costs outside of what they're paying our web guy. I'm sure we're open to it though. I know he and I have already come up with a few things we'd like to implement to shore up security against attacks preemptively, so we're acting less reactively and more proactively.

MR: Any chance at all of finding who was behind it?

JT: There's always a chance. In this specific case, it's likely going to be difficult to track them down, as it appears to have been a distributed attack through some anonymizing services. Though we can easily surmise something about the attacker from the three targets — Skepchick, FtB and Feminist Frequency all went down to a DOS at very nearly exactly the same time, and that can't possibly be a coincidence. I expect someone will brag about it at some point. Maybe they'll even suggest that they're Anonymous, though frankly, any hacker cell can claim that name. I expect most of Anonymous is too busy going after human rights violators to attack people who stand up for those same human rights, no matter how the Venn diagrams between antifeminists and technologically-savvy individuals happen to overlap.