'Catastrophic' DDoS Attack Hits Linode Servers Over Labor Day Weekend (softpedia.com) 36
An anonymous reader writes: A coordinated DDoS attack hit Linode (VPS provider) over the weekend, which the company has described as "catastrophic." The attack targeted the company's Atlanta data center, and was timed for the extended Labor Day weekend when the company had fewer employees on hand to deal with the incident. At the start of the year, after suffering a two-week-long DDoS attack, Linode announced a data breach with attackers accessing some user accounts. The company reset passwords after it detected the intrusions. Linode engineers told customers they were "experiencing a catastrophic DDoS attack which is being spread across hundreds of different IP addresses in rapid succession, making mitigation extremely difficult." The report adds: "During all this time, connectivity to the service was down, affecting Linode customers such as Clojars, a repository of open source Clojure libraries that relies on the Linode infrastructure."
Eh, what? (Score:2)
"a repository of open source Clojure libraries that relies on the Linode infrastructure"
So these libraries are only available in one place? Haven't these guys heard of mirror sites? I know its easy to fool Joe ixpack into thinking The Cloud is some safe secure place and he never needs to worry about his data ever again (honest!) , but one would hope people involved in writing programming libraries would have a bit more common sense.
Re: (Score:1)
IPFS (Score:2)
Hosting static binaries such as jar files is a great use case for ipfs.
In fact, it would be good to see package managers in general support IPFS downloading, and possibly good for privacy as well as availability.
Re: (Score:2)
In a loose sense, ipfs _is_ a cdn.
Re: (Score:2)
rpm and apt are tools to fetch things from repositories, not for hosting them.
What I am suggesting is that they could be modified to fetch packages from ipfs instead of via http.
Re: (Score:2)
Do you mean something like, say, The Internet?
Re: (Score:2, Funny)
That's a catchy name. Do you have a prototype or are you still conceptualizing?
Re: If only there were a decentralized network (Score:1)
No, it's just a passing fad. It'll never have more than 640 users.
Re: (Score:1)
You mean 640k users...
Re: (Score:2)
I think the point is that the internet is becoming less distributed. Everybody putting their web sites up on virtual machines in "the cloud" means that there are 2 or 3 entities who are responsible for a very large number of websites. Even if they use multiple datacenters, they are all interconnected in the case where if 1 fails, other datacenters can take over, but sometimes this has even more disasterous effects where a chain reaction [networkworld.com] takes down an even bigger part of the network.
Some people are taking t
Re: (Score:2)
If you're Canadian, maybe, otherwise no. Labor Day [wikipedia.org] is an American holiday which is not to be confused with the similarly-named Labour Day [wikipedia.org] that is observed in other countries. While they may celebrate roughly the same thing, they have separate histories and are (with the exception of Canada) held on completely different dates.
The attack was aimed at Linode's Atlanta data center, so we can safely assume that they were referring to the American holiday, not the Canadian holiday that takes place on the same day
Virtual directory for hackers (Score:2, Interesting)
Duh. Linode is one of the few hosting services that "helpfully" assigns systematic aliases (such as "linode1234.members.linode.com") to all virtual machines, basically providing a host lookup for hackers to easily target Linode hosts.
It boggles the mind.
Re: (Score:2, Insightful)
Not providing DNS service would slow attackers down...by about 2 seconds. Very easy to scan a network.
Monoculture (Score:1)
I get that a monoculture is bad, but... When was the last time AWS lost an entire data centre to a DDOS?
It's probably exactly what the attackers want, but as someone with a responsibility first to my employer, how can I ever recommend a company like Linode?
They need to figure this out, because every time one of these articles hits the news the reputation damage is pushing them further and further into a spiral.