Whatever the reason and whoever the perpetrators of this attack MoneyExpert.com should be congratulated for being so open about it. One of the reasons that DDoS is still such a weapon of choice is that not enough of the victims are willing to admit that their sites are vulnerable. If more orgnaisations were to follow the example of MoneyExpert it might begin to move up the scale on the list of priorites of the CSOs.
Stephen Meredith | Homepage | 10.28.07 - 2:03 pm | #

After reading the comment on their home page, I don't think Martin is blaming the people who would be hurt by the PPI campaign for this DoS. Rather he is blaming someone who is just capitalising on the fact that this is when it will hurt MSE the most.

DoS attacks usually come just before a website is about to have a big promotion, like just before Christmas. Then they make a demand that the owner pay up or the next one will last for the whole week leading up to Christmas.

There are lots of things you can do about DoS attacks, and the simplest one is just to hire a company like ProLexic that specialises in dealing with DoS attacks for you.

Full disclosure: I used work for MSE as a contractor just over a year ago.
David Keech | Homepage | 10.28.07 - 7:02 pm | #

Shameless Plug:

But if you prefer to keep things in-house a Webscreen appliance at the network gateway will stop all DDoS attacks and allow genuine customers to maintain service, as they are doing for online gaming and mail order companies as well as ticketing agencies and major finacial institutions across the world.
Stephen Meredith | Homepage | 10.28.07 - 10:58 pm | #

MSE covers a wide range of issues, and although it's not primarily an anti-scam site, it *does* also cover the topic.

It's highly unlikely that the PPI issue is what caused the DDOS, more likely a forum post about a scam. Remember, a *lot* of anti-scam sites have been under prolonged DDOS (catalogued here - http://www.castlecops.com/f285-D...f285-DDoS.html) . My money is on one of the Russian money mule gangs.
Conrad Longmore | Homepage | 10.29.07 - 10:43 am | #

Yeah, I'm gutted about the site being down too. Apparantly 3m people get the weekly email. It does hightlight and stop a great variety of scams. Ebay fradsters, shill bidders, nigerian 419s, fake lotteries, timeshares, fake etailers, to name but a few.

Hopefully it'll come back better & stonger.
Michael Python | 10.29.07 - 1:08 pm | #

I'm pretty unimpressed with thebunker.net's inability to handle a DDoS. So much for their much-hyped resilience against a routine threat type.

MoneySavingExpert seems to have both switched host (at least IP - was 213.129.77.16 is now 72.52.6.8 and started using Prolexic to get to where they are on Monday.

Stephen, "will stop all DDoS attacks", you can still use a bandwidth-eating attack and fill the pipe to the site. You need serious upstream link capacity and/or ideally a nicely equipped upstream provider to deal with that sort of thing.
James Day | 10.29.07 - 11:58 pm | #

Clearly if the attack is greater than the pipe capacity there is not much you can do to maintain a 100% service. However Webscreen actively filters attack traffic from known user IP addresses to allow some service to continue for the traffic that is getting through until the ISP has sorted out the upstream issue.
Stephen Meredith | Homepage | 10.31.07 - 1:02 pm | #