Remember how LiveJournal, TypePad, and related sites were down the other day? The official line was that "Six Apart has been the victim of a sophisticated distributed denial of service attack."
It turns out that the DDOS wasn’t aimed at 6A, LJ, or any other part of their network. It was aimed at Blue Security, an anti-spam company, who decided to re-route their web traffic to their blog—a blog hosted on TypePad. So instead of their own site going down, it took out Six Apart’s entire network of millions of bloggers.
Classy move, guys.
I do admire Six Apart’s restraint in not pointing fingers themselves. If it had been my site (though in a way, I suppose it was, since I’ve got an LJ blog, even if I don’t update it very often), I would have been royally pissed off.
Sure, Blue Security didn’t launch the attack—but they did choose where to redirect it. Maybe they thought Six Apart would be able to handle it. Maybe they thought the attackers were targeting them by IP and not domain name. Maybe they were panicked and didn’t think. Maybe they thought things through, but 6A got bitten by the now-all-too-familiar law of unintended consequences. They could easily have pointed their domain name at empty IP space, or to localhost. Redirecting it to a third party was less like deflecting a punch and more like the "Do it to Julia!" moment in 1984, or the classic joke, "I don’t have to outrun the bear, I only have to outrun you."
(via Spamroll)
Update: Additional articles at Computer Business Review and at Netcraft, and a Slashdot story.
Update 2: According to Blue Security, the DDoS was not targeting their website by name, and the DDoS didn’t attack their blog until after they had already redirected the website. So it looks like it was less a case of them redirecting the attack and more a case of the attackers chasing them.
Sigh Must remember to collect all facts before engaging in righteous anger.
Update 3 (May 9): Apparently "all the facts" as reported by Blue Security don’t add up… (via Happy Software Prole)