Blue Security attack linked to blog crashes

DDoS attack on antispam campaigner redirected to blog-hosting firm Six Apart, forcing it offline, security firm says.

Tom Espiner Special to CNET News
2 min read
A cyberattack that shut down Blue Security also felled thousands of blogs when the antispam site deflected the malicious hits, analysts said.

Internet security company Netcraft said on Thursday that Blue Security temporarily dealt with the distributed denial-of-service (DDoS) siege by redirecting traffic to its journal at blog host Six Apart, knocking out that company's TypePad and LiveJournal services.

"The DDoS traffic appears to have followed www.bluesecurity.com to its new home, overwhelming Six Apart's network and knocking its TypePad and LiveJournal services offline for nearly eight hours," Netcraft analyst Rich Miller said in a blog posting.

In a DDoS attack, networks of compromised computers called botnets are typically used to repeatedly request information from a server or data center. Such a barrage of requests can cause servers to fail and can prevent legitimate users from accessing the site.

The Blue Security redirection was first reported on the North American Network Operators Group mailing list on Tuesday.

On Wednesday, Six Apart told CNET News.com that if it faces an attack, the problem is often related to the content posted on one of the blogs it hosts. However, the San Francisco company declined to comment on Thursday on the origin of the DDoS siege.

"Blue Security is a customer of ours, they do have a blog with us," Six Apart Vice President Anil Dash said. "Beyond that, I don't want to confirm anything. Any kind of an attack like this is really the fault of the attackers."

According to postings on Blue Security's blog, the DDoS attack was launched in response to its method of combating spam. Blue Security distributes a tool called Blue Frog to flood companies sending spam with complaints--one for every piece of junk mail received. This overwhelms spam sites with opt-out requests.

Blue Security was unavailable for comment at the time of writing, but in its blog posting, it said Blue Frog would continue to combat spammers.

"We're helping the community fight the Blue Independence War. We fight for our freedom from spammers and cybercriminals. This is our big chance to reclaim the Internet. We must not let it slip from our hands," it said in the blog.

"Some desperate spammers are doing their worst to harm our community. They'd like us to back off, and agree to get their spam silently. Needless to say, that is not going to happen. We're not here to listen to their vile threats and fraudulent advertisements. We're here to stand up for our right to be let alone," the posting added.

"The issue here is whether Blue Security acted responsibly when it came under attack," Netcraft's Miller told ZDNet UK. "The current generation of DDoS attacks generate huge amounts of Web traffic and can impact the operations of connectivity providers and hosting companies. Blue Security should have realized that its new host would be affected by the DDoS traffic."

Tom Espiner reported for ZDNet UK in London. CNET News.com's Joris Evers contributed to this report.