Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam War Takes Out Blog Services

Posted by ryuzaki0 on from the lj-writers-use-ddos'd-icon dept.

munchola writes "Following on from the story about spammers attacking Blue Security's anti-spam system, CBR is reporting that Six Apart, which runs the popular LiveJournal and TypePad blogging services, has become a collateral victim. Six Apart told its millions of bloggers it had experienced 'intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com', before resolving the issue in the early hours of Wednesday. '[The spammers are] trying to rip apart the internet just to make our community stop fighting back against spam,' Blue Security's chief executive Eran Reshef said, adding that he knows who's behind the attack."

3 of 315 comments (clear)

  1. Re:Guilty of what? by ptomblin · · Score: 3, Informative

    I think SixApart is being far too generous in not laying the blame for this fully at the feet of Blue Security. Basically Blue Security decided that their web site couldn't stand the DDOS, so they pointed the URL for their company to their blog.com blog. Thus DDOS'ing all of SixApart.

    If I were SixApart, I'd sue the fuck out of Blue Security for deliberately DDOSing them.

    --
    The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
  2. Re:Shifting attack by MrDoh1 · · Score: 5, Informative
    They don't supply spammers with the addresses of their members. What they do is offer a tool that cleans our email addresses (which are contained in an encrypted database) out of their spam address databases. So all that was done is the spammer in question compared a pre-cleaned version with a post-cleaned version and any addresses that no longer appeared were obviously members of BlueSecurity.

    Also, the spam reports that are sent out are sent from a proxy type email address. My normal address wouldn't show up, but username@reports.bluesecurity.com is where it would come from.

    Personally, I see nothing wrong with sending 1 unsubscribe request per piece of spam I get. BlueSecurity has just automated this method so I don't have to take the time, and they also handle escalation to the proper authorities if the situation isn't resolved.

    If the spammer perceives getting 1 unsubscribe request per spam he sends a DDOS attack then I would think the best course of action would be not to send to those people. Heck, we are the ones who wouldn't buy anything from them anyway.

    Also, based on what I have read in the blog itself (when it was still accessible) it was a user in the comments that suggested redirecting the site and error pages to the blog so users would at least have some clue what was going on. It's likely they took the advice without contemplating the potential outcome.

    --
    I am Homer of Borg. Resistance is Fut.. Mmmmmmmm, Donuts!
  3. Re:Blame fest by shark72 · · Score: 4, Informative

    " Isn't it just another DDOS blame fest when in reality its just the news spreading around the world and all the collective users of all the collective news sites are clicking the links to try to read the story?"

    No. Here's what happened:

    1. The spammer DDOSed bluesecurity.com. Quite well, in fact.
    2. After a few days, Blue Security managed to get a redirect going to a blog they put up on blogs.com, which is run by TypePad.
    3. The spammer then DDOSed TypePad.

    Believe me, TypePad gets Farked/Dugg/Slashdotted every day. They can handle the normal traffic spikes. This was deliberate, and it was well documented.

    "We are all guilty of assisting this DDOS attack. shame on us."

    A drop in the ocean. TypePad can absorb these sorts of things. Make no mistake: TypePad was taken down by a deliberate, coordinated DDOS attack.

    --
    Sitting in my day care, the art is decopainted.