Thursday, December 4, 2008

Alertpay DDoS'd


The world famous payment processor Alertpay has been under attack this Sunday. I would have posted this that very day, but I just got to the site today and saw what they had written there.

The site faced 7 hours of downtime, and then had to be shifted to another IP. The massive DDoS attack affected many businesses associated with Alertpay for payment processing. The attack was definitely a well planned attack, committed right in the middle of the christmas shopping season. This of course caused a loss to associated end users and businesses.

During the attack, the Alertpay authorities posted this message:

We are currently experiencing a large scale DDOS attack that has hit our sites which started at approximately 6:00am EST Sunday. We are working with our data center to resolve and/or mitigate this issue.

More information will be posted here as we get updates.

For the time being customers can connect to AlertPay at an alternate location:

https://67.205.87.226

Ferhan

Several hours later, after the attack was done, they posted another message saying:

We have finally mitigated the massive DDOS attack that started at 6:00am EST. Unfortunately it took almost all day to resolve. The site is operational now, and hopefully we'll continue to tweak it more tomorrow to ensure this doesn't happen again.

We sincerely apologize for the inconvenience and we understand that this outage affects each of you personally. We’re sorry for that. We will continue to put measures in place so that outages like this do not occur again.

Ferhan

There is no doubt that such attacks will never stop. Of course, DDoS is unstoppable. But the sysadmins can without a doubt take precautionary measures like reducing waiting time etc. A similar incident happened in 2004 with Wordpay. DDoS attacks against payment processors have become very common nowadays. Is it competition of the companies, or just script kiddies playing around? Only they know for sure.