Livejournal: The Next Target

by Charles Miller on February 20, 2003

From Livejournal's status page:

LiveJournal is currently under a Distributed Denial of Service attack, and has been since about 5:30pm PST (1:30 AM GMT) tonight. We have been working with our upstream providers (including several major backbones) to filter traffic as quickly and effectively as possible.

Due to the fact that a DDOS attack involves potentially tens of thousands of hosts all working together against a single target (in this case, us), it is extremely difficult to find one group of IP addresses to block to prevent the attack from affecting our services any further. Our upstream providers are currently filtering somewhere around 1/4 of the IPs on the internet from reaching LiveJournal. Unfortunately, these filters also block legitimate traffic from some users. When the attack has subsided we will remove the filters.

We will continue to monitor and block hosts as we gather more information regarding this attack. We seriously apologize for the inconvenience, and hope you understand we are doing everything in our power to get the site back functioning as normal.

Additionally, if you have any information as to who or what may be responsible for this attack, please email attack_info@livejournal.com.

Firstly, this is a really good argument against centralisation. If you have 500,000 users on one server cluster, that becomes a honking big target, and an attack on any one of them becomes an attack on them all. It used to be just IRC servers that got this sort of treatment, and occasionally the bigcompany websites. Now the precedent has been set for knocking Livejournal off the air, look for this sort of thing happening to more mid-size web services that somebody takes a dislike to.

Secondly, I bet if you were to find the person doing this, and asked them why, they'd say “Because Livejournal's lame, you know?” It still sucks that a couple of idiots with no moral sense can screw up such a popular service.

Thirdly, my sympathies to the sysadmins who have to deal with this mess.

I'll have to write an article about DDOS soon. You can tell I've been working hard recently by looking at the calendar: all the posts are clustered on weekends, and they've not been about programming, because my mind's been trying to avoid thinking about that when I don't necessarily have to.

Previously: Visualise Whirled Peas

Next: Shared Data, Diverse Applications