China attacks WordPress.com: ‘Largest and most sustained attack’ in WP history


By Rady Ananda

For two days this month, WordPress.com, which hosts a tenth of the world’s websites drawing nearly 300 million unique visitors a month, suffered the largest distributed denial-of-service attack in its six-year history. Six separate attacks on March 3 and 4, mostly originating from China, targeted a single Chinese-language site hosted by WP.

On March 3rd, WordPress founder Matt Mullenweg told TechCrunch (also hosted by WP), “There’s an ongoing DDoS attack that was large enough to impact all three of our datacenters in Chicago, San Antonio, and Dallas.”

In its VIP blog post, WP advised, “The size of the attack was multiple gigabits per second and tens of millions of packets per second,” reported TC.

WP tech-defender, Automattic, said the attack was in the 4-6 Gbit range, but is dwarfed by a 2008 attack of 8 gigabits per second.  However, the March 2011 attack lasted much longer and involved different tactics.

The DDoS attacks began at 2:10AM PST on March 3rd, but the largest one, eight hours later, overwhelmed “the network links and network routers, switches, and servers with ‘junk packets’ in what is called a TCP flood.” Then, at 3AM PST on March 4th:

“[T]he attackers switched tactics. Rather than a TCP flood, they switched to a HTTP resource consumption attack.  Enlisting a bot-net consisting of thousands of compromised PCs, they made many thousands of simultaneous HTTP requests in an attempt to overwhelm our servers.  The source IPs were completely different than the previous attacks, but mostly still from China.”

The graph above shows the size of the attack in packets per second. (Larger image here.) The below graph shows the size of the attack in bits per second, affecting bandwidth:

Initially, WP’s founder believed the attack was politically motivated, according to Mullenweg’s email to TechCrunch:

“This is the largest and most sustained attack we’ve seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet.”

Automattic denies this in its March 7th post, without offering any reason for its change in perception.

Digital Trends reports:

“The country has increasingly found itself accused of issuing these types of attacks or attempting to infiltrate confidential online information. Earlier this year, the WikiLeak’s release of diplomatic cables revealed that the Chinese government was responsible for hacking Google, and security firm McAfee recently issued a report indicating that Chinese hackers were guilty of launching cyberattacks against US fuel companies for years.”

The New York Times reports that cell phone users in China who use the word “protest” find themselves disconnected, adding:

“A host of evidence over the past several weeks shows that Chinese authorities are more determined than ever to police cellphone calls, electronic messages, e-mail and access to the Internet in order to smother any hint of antigovernment sentiment. In the cat-and-mouse game that characterizes electronic communications here, analysts suggest that the cat is getting bigger, especially since revolts began to ricochet through the Middle East and North Africa, and homegrown efforts to organize protests in China began to circulate on the Internet about a month ago.”

For about two hours on March 22nd, WP members were denied access to the admin pages, unable to post content.  One WP administrator claimed this was due to “an unrelated network maintenance issue.”  Sites were not equally affected, however. On my Food Freedom blog, we lost an entire column of content, while at COTO Report, all content remained visible. WP notes on its Health Status page for that day:

20:34 GMT WordPress.com started experiencing performance issues. Within 15 minutes the condition had become severe, primarily affecting publishing and administration.

21:24 GMT WordPress.com performance problems with the front end resolved, but publishing and adminstration were still unavailable.

22:50 GMT WordPress.com publishing was made read-only to prevent customers being disconnected while authoring content.

00:56 GMT WordPress.com systems fully recovered.

WordPress hosts over 18 million sites, including some ultra mainstream ones like CNN, the Los Angeles Times, TED, Time Magazine, CBS and the National Football League.  Though two-thirds of all blogs are in English, over 120 languages are represented. Users post a half million blogs each day.

Partnership with sites like YouTube, Google Video, Flickr and PhotoBucket, which enable easily embedded content, no doubt contributes to WP popularity. Simplified platforms also allow users to easily share WP content with social media sites like Facebook and Twitter.

Elance’s 2010 year-end report for online employment trends noted: “WordPress experts rose an impressive 15% quarter-over-quarter, moving up three highly coveted spots to #2, trailing only behind PHP programmers. This marks the first time that any content management system has moved into the top three skills in demand by businesses.”

Indeed. WordPress administrators noted, “We weather DDoS attacks every day on WP.com and 99.9% of them have no user impact.”

About these ads

4 responses to “China attacks WordPress.com: ‘Largest and most sustained attack’ in WP history

  1. claudia sent this:

    https://www.nytimes.com/2011/03/22/world/asia/22china.html

    China Tightens Censorship of Electronic Communications
    By SHARON LaFRANIERE and DAVID BARBOZA
    Published: March 21, 2011

    BEIJING — If anyone wonders whether the Chinese government has tightened its grip on electronic communications since protests began engulfing the Arab world, Shakespeare may prove instructive.

    A Beijing entrepreneur, discussing restaurant choices with his fiancée over their cellphones last week, quoted Queen Gertrude’s response to Hamlet: “The lady doth protest too much, methinks.” The second time he said the word “protest,” her phone cut off.

    He spoke English, but another caller, repeating the same phrase on Monday in Chinese over a different phone, was also cut off in midsentence.

    A host of evidence over the past several weeks shows that Chinese authorities are more determined than ever to police cellphone calls, electronic messages, e-mail and access to the Internet in order to smother any hint of antigovernment sentiment. In the cat-and-mouse game that characterizes electronic communications here, analysts suggest that the cat is getting bigger, especially since revolts began to ricochet through the Middle East and North Africa, and homegrown efforts to organize protests in China began to circulate on the Internet about a month ago.

    “The hard-liners have won the field, and now we are seeing exactly how they want to run the place,” said Russell Leigh Moses, a Beijing analyst of China’s leadership. “I think the gloves are coming off.” ……..continued >>

  2. Pingback: China attacks Wordpress.com: ‘Largest and most sustained attack’ in WP history | thewikipress.com

  3. Hello,
    You blog is OK from me.
    Not that I am particularly in love with the China, but I think that putting unconditional trust in NYT isn’t (if I may say) wise move. Now WordPress is just corporation, as far as I know hosted by (even maybe part of) GoDaddy which is owned and controlled by somebody (it is murky world) wealthy, meaning: the one part of the corporate media mainstream and the second is part of corporate media mainstream infrastructure. In another word, they may presented to us whatever they wish!
    The NYT used tell us that the Iraq has WMD. Judith Miller is gone, but there is an ocean of Judith Millers in cue.
    Maybe this is a truth, but I do not see the evidence.

  4. Pingback: The Progressive Mind » COTO Report | Full Spectrum Defiance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s