At this moment, Friday April 12 2:15 EDT 2013, global Internet traffic is well above normal and in some places more than 100% above normal. The trouble is, it isn’t normal traffic. The extra is attacks on web sites.
DDOS stands for “distributed denial of service”. This is the most difficult threat to defend against because it comes from thousands of computers simultaneously, each making service requests. Usually the requests are designed to be as resource intensive as possible such as attempting to log in to services.
It’s not hard to account for where the attacks are coming from. More and more computers are connected full time to the Internet and owned by ever less sophisticated users. They make ripe targets for hackers. Literally hundreds of thousands of such machines have been compromised. Large networks of compromised machines have been put together this way.
You may not think so, but yours may be among them. We have been seeing more sites compromised lately than ever before and the explanation tends to be hackers getting in by means of compromised passwords. There have been some very effective viruses active lately which silently steal passwords and watch and wait for accounts to compromise using them. Some are sophisticated enough to disable virus scanners unnoticed. This means it is essential to occasionally scan your machine using software newly installed on it. Probably less than 1 tenth of 1 percent of users do this.
You may have noticed a rise in spam to your inbox lately and a decline in that over the last few days. Last week, the main service we use to help filter out spam was hit by a DDOS attack on a scale never seen before. In the past, traffic has generally peaked at about 100 Billion bits per second. Yes, 100 GBps. That’s about 10 times faster than typical networks can go. The attack on Spamhaus peaked out at 300 GBps. This meant that we could barely reach them to do the usual spam checks. Not to lose email, we sometimes have no choice but to let email in unchecked.
DDOS attacks are a serious threat to the entire Internet and they are going to get worse.
Currently Word Press blogs are a particular target. Some sources are reporting as many as 90,000 to 100,000 different IP addresses (individual computers) launching login attempts against sites on a single server. The default installation uses “admin” as the login name, so all an attacker has to do is keep trying different passwords. The goal is to further enlarge networks of compromised computers.
We run strong firewalls and scan every web request against known attacks, more than 10,000. It is not possible to prevent compromises while still allowing normal activity like user logins. Entry is gained by means of vulnerable scripts and weak passwords.
What you can do is make sure your passwords are up to the threat. A good password is at least 8 characters long, contains a number, upper and lower case letters and a special character (#!@$ for example). If you are running Word Press, install the limit-login-attempts plugin. If you are using a weak password, please, change it right now.
We have added failed login checking to our firewalls. When more than a few login attempts fail, the source is blocked. This may cause some inconvenience, but will help considerably with server performance. Note that this covers only service logins and not logins you may have on your web site.
None the less, you may notice some sluggishness as these attacks escalate. Please understand that we are on it.