WordPress Distressed by Massive DDoS Attack

Summary:No one has taken "credit" for the attack, which temporarily knocked out the popular home of almost 18-million blogs.

Color me confused. I don't know why anyone would attack WordPress, the popular home of almost 18-million blogs, but they did, and for several hours on March 3rd, WordPress was out of commission.

According to Sara Rosso, VIP Services Engineer at Automattic, WordPress.com's owner," WordPress.com is currently being targeted by an extremely large Distributed Denial of Service [DDoS] attack which is affecting connectivity in some cases. The size of the attack is multiple Gigabits per second and tens of millions of packets per second."

She added, "We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward."

The attack began at approximately 6 AM Eastern time. WordPress started recovering by noon, and by about 3:30 PM the system was back to normal.

During the attack, Automattic and WordPress.com founder Matt Mullenweg added:

There's an ongoing DDoS attack that was large enough to impact all three of our datacenters in Chicago, San Antonio, and Dallas - it's currently been neutralized but it's possible it could flare up again later, which we're taking proactive steps to implement."

This is the largest and most sustained attack we've seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we're still investigating and have no definitive evidence yet.

You can try to stop DDoS attacks, but as WordPress has just discovered, and companies like MasterCard, PayPal, and Visa found out recently, it's not easy.

Unlike other recent DDoS attacks, though, such as those on sites for and against WikiLeaks, there's seems to be no reason for this attack. Internet groups such as #Gnosis, 4Chan, and Anonymous, which has been known to conduct DDoS attacks, have not been connected with this latest assault. Of course, these days it's easy for even people who wouldn't know a TCP/IP stack from a stack of firewood to make DDoS attacks thanks to programs such as Low Earth Ion Cannon.

Still, regardless of who was behind it, WordPress is working normally now. It's not known yet whether the attack has stopped for now or WordPress has managed to block this DDoS bullet.

Topics: Security

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.