We Were Under a DDoS Attack Yesterday

If you tried to get to the site in the morning through mid-afternoon, you probably had a very rough time of it. NC was under a DDoS attack. It took us a bit longer to restore normal service than it should have, not due to any sophistication of the attack, but that it took both our webhost and our WordPress person to sort out the response, and the WordPress person was initially tied up (webhosts are on quick trigger responses, software support people generally not, so this is no fault of our WordPress person, merely bad luck with timing).

So apologies for the inconvenience. I hope you will read yesterday’s fare as well as today’s offerings.

Print Friendly, PDF & Email


  1. ewmayer

    Probably hopeless, but thought I’d throw this out there to the IT/infosec folks in the readership: Do you know any good references on techniques & tools for tracing the source of a DDOS attack, if such a thing is even possible for a non-big-moneyed victim? Yves/Lambert, are you working with your ISP on any source-tracing initiative?

    Slightly dated piece (2007), but some useful background for non-experts – note the crucial role of the ISP in response to DDOSing:


    1. Hacker

      Tracing a DDOS attack to the attacker is not practical. Sure you can figure out which machines are sending the traffic. What is hard to know is who is controlling those machines. Recently a botnet of over 25,000 DVRs was discovered. These are cheap Digital Video Recorders that people bought to monitor their small business or homes, and then put them on the internet so that they can monitor remotely. The various vendor brands that sold the systems didn’t provide updates and the firmware was full of security holes. The attackers found them easy to take over.

      There will be a Command and Control server somewhere, but usually that is another machine the attacker cracked, or perhaps bought from a hosting provider that doesn’t require ID.

      I don’t think any botnet operator has ever been caught on the technical side. It is always the business end of trying to make money off their bots that gets them into trouble.

  2. allan

    DDOSing is a Federal crime, no?
    And violating your (Yves, Lambert, commenters) First Amendment rights must be as well.
    DOJ has both cyber and civil rights divisions.
    And yet I don’t recall ever hearing of a prosecution in a situation like this.
    Go figure.

    1. Pepe Aguglia

      DDOSing is a Federal crime, no?

      Not if the attack originates from a certain unsecure server in Chappaqua, NY

  3. Kevin C. Smith

    If NC could post a log of the DDOS attacks, maybe we could play detective and see if the attacks are correlated with the appearance of certain kinds of articles, and/or certain kinds of links.

    Maybe someone is trying to send NC a message, teach NC a lesson? Deter NC readers?

    It’s time to push back. I donated $250 extra, to help dealing with the DDOS attacks … other readers and friends of NC are invited to do the same.

  4. Brian

    Lambert must’ve really turned on the spigot by embarrassing Neera with that (now deleted) “freeloaders” tweet posting. Res ipsa loquitur.

  5. EricT

    Mainly Macro went down the day before the brexit vote. They had posted an article regarding the brexit vote that basically theorized that support for brexit was more of a rejection of neo-liberal policies rather than based upon xenophobia. I finally was able to get to the site, the day after the brexit vote.

    1. ambrit

      Does anyone keep a log of DDoS attacks? Is there a pattern, as you so subtly suggest? Are the ‘progressive’ blogs being singled out for attacks, or does it look like gangsterism? (I must laughingly add that the term “gangsterism” includes State actors.)

    2. Robert NYC

      Eric T,

      I was in London and out at Oxford University for a couple of weeks that coincided with the vote, and based on my discussions with various “leave” voters I believe that brexit support was indeed a rejection of neo-liberal polices although the typical working person wouldn’t use that term.

      All I know is that John Gray, laid all this out in his 1998 book False Dawn: The Delusions of Global Capitalism.
      Gray’s book is a MUST READ for anyone who wants to understand current events. Gray is one of the world’s greatest public intellectuals which means most people have never heard of him.

      His argument, in very simple terms, is as follows. Globalization and free trade is a utopian ideology that is doomed to fail because it does not address underlying social needs; to the contrary it undermines society in multiple ways. Brexit is real time proof of that thesis. The notion that you can have a one world universal economy based on free markets is a utopian pipe dream that crashes head first in the reality of human nature, tribal and ethnic affiliations, nationhood, etc, and furthermore it is fundamentally anti-democratic. In summary it is just another elegant economic theory that doesn’t mesh very well with reality.

      Is anyone here familiar with Gray; I am always dumbfounded that he isn’t more widely cited.

      Nassim Nicholas Taleb has said that John Gray is the greatest thinker of our age for whom he has the most respect. I couldn’t agree more.

  6. Jay Zimmerman

    After about 50 years in the computer business, my experience tells me that you need the service of an excellent white hat or maybe a black hat hacker. With the right skill set, anything can be traced. It almost always leaves traces. I would volunteer, but too old now.

    1. Yves Smith Post author

      Hate to tell you but this was a very amateurish DDoS attack that very easy to address. We just had very bad coordination. And I was part of the problem. I needed to approve something but I had turned in and did not hear the phone calls.

  7. Ranger Rick

    There’s a reason DDoS attacks are so common: they work. And there’s no easy way to “trace” a DDoS: depending on the technique, the computers doing the attacking might not even be the ones that are compromised.

  8. KLG

    Time to make another contribution. Keep rockin’ the boat, NC! We might lose in the end, but it’s not that you lose…It’s how you lose, which is something I thought that the Current Occupant understood. But that was 8 long years ago, and I have put away childish things.

  9. gardener1

    Recently Cryptogon.com was attacked as well. Once he got the site back up some kind of CloudFlare browser verifier was implemented to stop the DDoS. It worked. Try it?

  10. darms

    Have you reformatted this site exclusively for mobile users? On my desktop the site looks very ugly

  11. FortyYearsInThe UniversitySystem

    Apparently it doesn`t take much to attract the attention of ideologues. I get DDOS attacks fairly often and yet I`m nobody, just an old man who makes comments here and there on polit and econ websites.

  12. Fiver

    Like others I wonder what might be gleaned from a look at the timing of posting and subject matter of particular stories, links or comments. This is an invaluable site, and not to be denied.

Comments are closed.