Cyberattack knocks millions of blogs offline

A large-scale attack hits TypePad and LiveJournal, blacking out a huge swath of blogs.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
About 10 million LiveJournal and TypePad blogs were offline or barely reachable for several hours Tuesday as the result of a massive denial-of-service attack.

The attack started around 4 p.m. PDT, targeting the popular blogging services and the corporate Web site of their provider Six Apart, company vice president Anil Dash said in an interview Wednesday. Service was back to normal at midnight, according to Six Apart's Web site.

"Any large service tends to have a pretty constant level of attacks, but this was on a scale that I don't think anybody could have anticipated," Dash said. "I think it is of a scale that would have impacted any large site on the Web."

In a distributed denial-of-service, or DDoS, attack the target is overloaded with requests for information. The requests come from a large number of hosts, typically compromised computers. As a result, legitimate users can no longer access the site.

Six Apart intends report the attack to the authorities, such as the FBI, but hasn't done so yet, Dash said. "We have not yet had the time to think about the next steps yet," he said. The San Francisco company has some theories on the origin and motivation of the attack, but Dash declined to speculate.

Unlike large online businesses, Six Apart isn't typically the object of large-scale onslaughts, Dash said. If it does face an attack, often the problem is related to the content posted on one of the blogs it hosts, he said.

Six Apart's main hosting facility is in a large data center located at 365 Main in San Francisco. The attack morphed as the blog company tried to respond, making it more challenging to deal with.

"They were changing pretty rapidly," Dash said. "We have learned enough that if it does happen again, we know what to do."

Six Apart plans to make amends to its customers, but has not yet decided how. Late last year, when it had some performance issues, it let its users decide how they wanted to be compensated, Dash said. "We will definitely do whatever makes things right for them," he said.