Parts of Wikipedia Went Offline After 'Malicious' DDoS Attack

An anonymous reader quotes the website of Ireland's national public service broadcasting: Popular online reference website Wikipedia went down in several countries after the website was targeted by what it described as a "malicious attack". The server of the Wikimedia Foundation, which hosts the site, suffered a "massive" Distributed Denial of Service (DDoS) attack, the organisation's German account said in a tweet last night.

In a separate statement the Wikimedia Foundation said that the attack on the encyclopedia - one of the world's most popular websites - was "ongoing" and teams were working to restore access... Wikimedia condemned the breach of its server, saying it threatened "everyone's fundamental rights to freely access and share information."

malicious ddos

[drinkypoo]

We know it was malicious, because it was carried out via packets, and not oral sex.

"everyone's fundamental rights to freely access

[ChoGGi]

and share information."

Yeah that's what the mods are for.

Re:

[Presence Eternal]

Everyone's fundamental right to remove useful lists because they're not more noteworthy than the demographics of Jerome, Arizona.

'malicious'?

[DogDude]

Why is malicious in quotes? Every DDOS attack, by it's very definition, is malicious.

Re:'malicious'?

[Spasmodeus]

Hey guys! Just thought I'd send a friendly DDoS your way to let you know I've been thinking of you! Hugs and kisses!

Re:

[PolygamousRanchKid]

Every DDOS attack, by it's very definition, is malicious.

I dunno. I could imagine governments would perform DDOS attacks against kiddie porn, pro democracy and communist propaganda sites, and then justify it by saying stuff like:

"Stink of the children!"

"Democracy will undermine our stable social systems!"

"Socialist thoughts are enslaving thought crimes!"

It's kinda sorta like: "One man's malicious is another man's benign".

Re:

[vbdasc]

Without any sarcasm, what is a nation state to do, when a website disobeys and disrespects a lawful order from a court, for example, only because its servers are in another country? Right, perform a lawful DDoS.

Re:'malicious'?

[Some Guy I Dont Know]

The "slashdot effect", back when it was a thing, was a DDOS.
But it wasn't malicious - it was just a bunch of people accidentally overloading the servers and preventing anyone from being served.

Re: 'malicious'?

[Zero__Kelvin]

You were SO close. The Slashdot effect was indeed not malicious, however it was not an attack either. That's actually WHY it is called the Slashdot effect rather than the Slashdot attack.

Re:

[Zero__Kelvin]

A DDoS is a specific class/type of attack. If it's not an attack it isn't of the type/class DDoS. They always go hand in hand. Please google around a bit will you? In case you still don't understand, all DDoS are intentional and the host is targeted by a malicious actor. Yes, the end result is essentially the same, however a DDoS never uses standard valid requests to effect the DoS. They use malformed packets, the slow loris approach, or similar non-intended/abnormal behaviour. When a whole bunch of people

Re:

[fazig]

When it's not an attack is a stress-test?
Because there are legitimate stress-tests where a whole bunch of people trying to access the site is simulated, which can be in principle much like a volumetric attack for example.

And I did google "distributed denial of serveice". According to that the use of malformed packets is not widely recognized as a necessity. Malformed packets or fragmented packet in what https://www.imperva.com/learn/... [imperva.com] for examples describes as 'protocol attacks', which is a 'type' of D

Re:

[Zero__Kelvin]

Great. Now google Slow Loris attack. I already stated malformed packets were not a necessity.

Re:

[fazig]

Great. Abnormal behaviour. Got it.
Now I am primarily concerned with the proper term for when it's not an attack or 'normal behaviour' that happens in such a large large volume that happens to overwhelm a target.
I already stated that, at the very beginning.

Snappiness aside. I'm really interested in what these things are called, because I have heard the term DDoS apply to these from some people. People that are not necessarily competent and know what they're talking about.

Examples: A botnet would access

Re:

[Zero__Kelvin]

There are numerous kinds of attacks. A Denial of Service attack is one kind of attack. If it isn't an attack it can't be an attack of the type "Denial of Service." If a company does not have the necessary services to satisfy legitimate web traffic this is called a flaw in the design or implementation. One way to have a design flaw is to underestimate the load. For example, if I design a wooden bridge and fail to anticipate that some of the legitimate traffic will be too heavy for the boards I choose my brid

Re:

[fazig]

I think it's the 'intent' part that I do not like about this.
If no intent was declared, knowing the 'intent' of an actor can sometimes be pretty difficult without knowing their circumstances.

For example gun owners/carriers have to deal with assumptions of intent whenever someone draws a gun and points it someone for example. Because of the convention (or rule) to never point your gun at anything you do not intend to shoot, we assume only people with the intent to kill do would point a gun at someone and

Re:

[Zero__Kelvin]

You are confusing what you know for what is factual. As you pointed out the FCC thought it was a DDoS, but later it turned out that it was not.

Re:

[fazig]

My point is exactly that you can't easily know what is factual as far as intentions go unless intent was declared.
And even then you can't know for certain if such a statement is factual or not. That is why nations with at least somewhat sane justice systems have a corpus delicti rule, that requires proof of the alleged crime being committed by a defendant/accused. As a consequence we can't have a defendant/accused be convicted on their declaration of intent or confession alone.

So if you make the allegati

Re:

[Zero__Kelvin]

My point is exactly that you can't easily know what is factual as far as intentions go unless intent was declared.

And my point is that you usually can tell, since the DDoS requests will not be consistent with normal traffic patterns, e.g. it will consist of invalid requests, malformed packets, or extremely slow gets. The fact that the FCC assumed it was intentional without consulting an expert means nothing. An expert could have easily determined that it was normal use, and the FCC things is far in the past

Re: 'malicious'?

[ArmoredDragon]

The key word in there is the second d. Nobody was denying anybody access, just the server didn't have the resources to provide access.

Re:'malicious'?

[Antique Geekmeister]

There have been some accidental DDOS attacks, typically when software designers made foolish assumptions about how connection testing should work.

Why?

[AndyKron]

Why?

Re:

[fazig]

Some immediate hypotheses on Twitter and other social media were that someone was testing their capabilities before they make a move on their real target.

Wikipedia has acquired a lot of enemies

[xack]

From angry companies furious that they deleted them as not notable, to scientists who didn't even have an article after winning a Nobel prize. Wikipedia also begs for money more than any other major charity. I expect Wikipedia will become a modern day library of Alexandria, where people fatigue of giving them money but not getting articles in return. There are also a lot of persistent banned users on Wikipedia, who find security flaws in the MediaWiki software to vandalize. I think ultimately either the Wik

only two groups of people hate free information

[FudRucker]

that is political extremists, or religious extremists, you can bet it is one or the other

Re:

[Fly Swatter]

Or an article 'curator' was tossed after undoing every single edit to 'their' article.

Re:

[Empiric]

Extremists, perhaps, but since 1522 we've had the "open sourcing" of religion by the publication of the Luther bible and the fortuitous invention of the Gutenberg press.

Freely available, mass distributed theological content resulted in the Protestant Reformation. The vast majority of those, though to today, have no issue with free information.

Re:

[Empiric]

Hmm... since you're replying to my post, I'll note that Scientologists are about the farthest thing from Protestants that is possible.

Even "farther out" than Mormons.

But then neither would describe themselves as Protestants, either.

Re:

[93 Escort Wagon]

Right, it’s not as if any group has ever done such a thing just for the lulz...

Re:

[Antique Geekmeister]

Oh? Access to quite personal information is constantly abused for spam, for stalking, and for fraud. It's also used to rip off copyright owners who legally seek compensation for their unpublished work, or for work they do publish and legally expect reasonable compensation for.

Let's not get involved in the "information wants to be free!" political bandwagon, and mistake freedom to publish with freedom to steal copies, shall we?

Re:

[account_deleted]

Comment removed based on user account deletion

Alternate plan

[Empiric]

If Jimmy Wales to protect "everyone's fundamental rights to freely access and share information", encourage more forks of Wikipedia. Or, replicate to other hosting providers.

This response by someone who has made millions from other people's work, sounds disturbingly like a bad politician who wraps himself in a flag to deflect criticism and credit himself with the contributions of common citizens.

I suggest less platitudes, more practical solutions, even if it reduces profitability.

Re:

[rednip]

Yea, if they had any respect for freedom of information they have instructions on Forking Wikipedia [wikipedia.org], oh wait.

Re:

[Empiric]

Yes, but there's a distinction between what one is obliged to do (legally or as a practical public perception issue), and what one -can- do.

If the goal is optimizing free availability, more can be done than not disallowing what they can't disallow anyway.

In any case, the editors are more of a problem to distribution of "free information". Nothing reverted without valid rationale is "free".

Re:

[rednip]

So, what's the 'distinction' you vaguely reference? How would you do 'optimizing free availability? What is 'disallowed' by 'disallowing'? In any case, it now seems that you also vaguely want to blame those evil 'editors'. The 'reverts' seems to be your actual problem, let me guess: political entries you tried to 'correct'?

Sure Wikipedia ain't perfect and I have seen legitimate complaints to which I agree, but as I see it overall it's likely the best source of information mankind has ever known. I giv

Re:

[Empiric]

Well, you'd be wrong on the political reverts.

And I have not criticized the -content- of Wikipedia, that is truly impressive, it's just that it wasn't provided by Wikipedia--it was provided by the altruistic contributions of people in the wider society.

Similarly to Apple swallowing up thousands... perhaps millions of hours of altruistic and highly skilled work of BSD coders, to slap the label "iOS" on it and make billions and then play tax games to keep from contributing profits back to their home country,

Re:

[ArchieBunker]

You can download the whole thing from a torrent if you want. https://meta.wikimedia.org/wik... [wikimedia.org]

Re:

[93 Escort Wagon]

It seems like wanting to keep an up-to-date local version of Wikipedia would be a perfect use case for git.

Breach?

[jon3k]

Wikimedia condemned the breach of its server, saying it threatened "everyone's fundamental rights to freely access and share information."

I'm confused, are DDoS attacks consider "breaches" now? Maybe it's just me, but to me a breach has always means someone gained some kind of unprivileged access - they "breached" the security.