Politically motivated hackers are being blamed for a large Distributed Denial of Service attack (DDoS) on the Wordpress blog management system that left many customers experiencing severe disruption on Tuesday.
In an official statement, the company described the attack as being of the order of “multiple Gigabits per second and tens of millions of packets per second,” severe enough to affect the company’s three datacentres in Chicago, San Antonio, and Dallas.
Slow-downs caused by the attack were noticed quickly by journalists and publishers, many of whom use the system to manage online content.
“WordPress.com is currently being targeted by a extremely large Distributed Denial of Service attack which is affecting connectivity in some cases,” read a Wordpress statement in the hours after the attacks began.
“We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward,” it read.
An email sent to a third-party news site by Wordpress founder Matt Mullenweg has since alluded to the motivation for such an organised and large-scale event.
“This is the largest and most sustained attack we’ve seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet.”
This is not the first attack suffered by Wordpress – such attacks are an hourly occurrence for any online business above a certain size – but the sheer size will be seen as worrying.
For comparison, a 2008 analysis by Arbor Networks of DDoS on the company noted that it had been hit by 268 DDoS events in a seven day period in February of that year, which reached 24,000 packets per second at their peak. That such attacks are now reaching into the Gigabits is a symptom of the greater resources that can now be accessed by attackers.