Everyone wants to know which blog was the target of the largest denial-of-service attack in the six-year history of the popular blogging platform WordPress.com. The attack affected a number of A-list sites like CNN, BBC and TED.
WordPress.com, a popular blogging platform, was hit by a large DDoS (distributed
denial-of-service) attack that affected connectivity to a number of its blogs.
The attack appeared to have begun just before 11
a.m. EST on March 3 and lasted for about two hours, according to a status page on parent company Automattic's
. WordPress.com is a hosted blog platform with a number of large
customers, including TED, CNN, BBC, Red Hat and Flickr.
Wordpress.com is currently reporting "normal" service on its site
and on its Twitter feed, but that it will be monitoring the situation closely.
The attack is the "largest" WordPress.com has ever seen, Automattic
told TechCrunch, whose site is hosted on WordPress.com.
"You have no idea how hard it was to get this post up," wrote TechCrunch's
The "non-trivial" attack appears to have subsided, but the company
is working with the upstream provider on measures to prevent such attacks from
affecting connectivity, according to a blog post for WordPress.com's VIP
customers, reposted on
For ISPs (Internet service providers), DDoS mitigation includes throttling
down bandwidth and filtering out packets from users and IP addresses, Jason
Hoffman, co-founder and chief scientist at cloud provider Joyent, told eWEEK.
Along with available quality of service tools, ISPs can write firewall and load
balancer rules that can filter out and kill suspicious packets, he said.
As for its "extreme size," the DDoS attack was "multiple Gigabits
per second and tens of millions of packets per second," according to the VIP
"It could flare up again later, which we're taking proactive steps to
implement," WordPress founder Matt Mullenweg told TechCrunch. The DDoS
attack impacted all three Automattic data centers in Chicago,
San Antonio and Dallas,
he said. It also affected Automattic's other services: IntenseDebate, BBQ Pit
and Akismet API.
Mullenweg said the sustained attack "may have been politically
motivated" against a non-English blog, but declined to provide any other
information. "We're still investigating and have no definitive evidence
yet," he said.
It remains unclear where the attack originated, since there are a number of groups
other than hacktivist Anonymous that use DDoS attacks to disrupt services. In
fact, groups like Anonymous don't have the manpower or bandwidth to launch a
truly massive DDoS attack because many of its participants are using the LOIC
(Low Orbit Ion Cannon) tool to launch DDoS attacks from general consumer ISPs
through DSL or cable modem services, said
Hoffman. A botnet with "high hundred-thousands to millions" of
computers would be required for sustained attacks, he said. For example, a
knocked blogs belonging to Vietnamese dissidents offline
A recent Harvard University
study found that 280 independent media and human-rights Websites were hit with
140 attacks between September 2009 and August 2010, and researchers asserted
that these numbers are probably only a small portion of actual attacks.
There appears to be some sporadic performance issues still occurring on WordPress.com,
but the site for the most part appears to be normal. WordPress.com had some
issues with performance around 6 a.m. EST,
which it managed to resolve, according to the site's Twitter feed. Automattic
did not comment on whether the performance issues were related to the DDoS
attack, which occurred about six hours later.