Update on the Recent Distributed Denial of Service (DDoS) Attack on SurvivalBlog

A Distributed Denial of Service (DDoS) attack on SurvivalBlog.com started the morning of Saturday, May 26, 2012 and continued until the evening. This was a “ping flood” attack, which can be envisioned as someone ringing your telephone number, several times per second. The attack coincided with a holiday weekend in the United States. The SurvivalBlog.com domain name as well as the unique IP addresses for each of our servers were separately targeted at various times. For several hours at a time, SurvivalBlog was almost impossible to reach because the ping count was so high. We have identified hostile IP addresses on at least 25 servers in several states–mostly in Texas and several other southern states, that used a Yahoo proxy. A second attack was made on Sunday evening, but this lasted only 30 minutes, until it was detected and mitigated by our ISP in Utah. (We have dedicated servers in both Sweden and in Utah.)

This was definitely a coordinated attack. Although it might have been instigated by just one individual, it probably required the cooperation of several other hackers. The identity of the key attacker (most likely a Birch Telecom customer in Austin/Round Rock, Texas) and his motivation has not yet been confirmed, but an investigation is ongoing, and intervention by both Birch Telecom and the authorities has been requested. I will post further details as they become available.

Note to fellow bloggers: Be advised that your web sites might come under a similar attack as ours, so be prepared!

Rest assured that we are taking several key steps that will increase our security and our site’s resiliency. We’d appreciate the donation of some backup server space (especially offshore), for mirroring the blog. (Each with at least 1GB of storage available, and the capacity to handle 20 Mbps. (A standard FTP server.) Why mirrors? The more bandwidth that we can handle, the better we can combat DDoS attacks. Additionally, this server capacity will also be useful on the occasions when we get sudden spurts of traffic, such as when SurvivalBlog.com is mentioned by major media outlets.

A reminder: As a precaution for any future disruption, please both bookmark and write down the following URL and IP addresses for the blog.

  • survivalblog.com
  • http://185.8.177.173