This week for approximately 40 hours Canadian web host Islandnet.com was the victim of a Distributed Denial of Service (DDoS) attack. While DDoS attacks can occur against any webhost the explanation provided by Islandnet owner Mark Morley on the company blog raises many more questions than it answers.

Quoting:

Steve and I have been here for over 35 hours, working with our upstream providers throughout the night to find a solution. We would manage to block an attack, only to have the attackers reconfigure and launch a new one an hour later. In the end we had to renumber all customer web sites and servers, identify and isolate the intended target, and implement a traffic scrubbing service that monitors and detects DoS attacks in real time.

We've seen no evidence of an attack for several hours now, and things are running smoothly for the most part. There is still a backlog of e-mail flowing in and out, and some customers may find they need to reboot their computers and routers so that they will learn the new IP numbers. There are a few minor glitches to do with renumbering our servers that we are cleaning up as well.

Even though it was beyond our control, we do apologize for the down time. We reacted as quickly as possible and did our best to mitigate the damage and get customers back online as soon as possible. We understand completely how frustrating something like this is, and how disruptive it is. We'd like to thank all the customers who called, emailed, tweeted, and commented on facebook with words of encouragement during these attacks.

UPDATE 3:12pm: we have been contacted by a group claiming to be behind the attacks. They identify the target (a customer of ours) and demand that the site in question be shut down or the attacks will continue. As much as I hate to capitulate, we can't afford to stand up for the rights of one customer at the expense of all the others, so the site has been shut down.

UPDATE 3:50pm: they contacted us again. They thanked us and said the attacks have been halted.

UPDATE 4:10pm: many people are curious about the content of the customer's web site that provoked the attack. While we aren't comfortable giving out too many details at this time, I will say that it was a personal "listen to my story of unjust treatment" type of blog that contained a lot of angry attacks against the perceived offenders, including numerous court judges, lawyers, etc. I'm not taking a position on the content itself, but I can see how certain parties would take offence to it.

End quote

Without knowing more about the site contents it would be hard to determine the source of an illegal DDoS attack. While it is normal for a web host to take the targeted site offline in the interest of other clients the contact by the attackers does add an interesting aspect that is rarely seen. Hostjury has asked for further clarification from Islandnet on what action (or reaction) is being taken by authorities regarding this outage!

Mark Morley responded very quickly to HostJury inquiry. 

Quoting:

"We've spoken with the site owner, obviously, and he understands that we have no official opinion on his site's contents, and that it was not about that.  Nor was it a case of simply giving into pressure.  We've been in business since 1992, and we've had many threats from all sorts of people over various customer sites (even pre-web, we had customers with Gopher pages who got threats).  We've stood up to the legal threats from the BBC in the UK, and even lawyers for the Church of Scientology, both demanding we shut down sites.  We have never had to shut down a site before except for violation of our terms of use, and we're proud of that.

But in this case we were literally off line, as were 5,000 customers.  I'm willing to stand up for freedom of speech, but not at the expense of my company and livelihood or the businesses of thousands of other companies.

We have an open case with the RCMP and their tech crimes people are investigating.  Bell Canada, our upstream provider) is working with them.  The "bad guys" emailed us from a Gmail account with their demands, and later with a "thank you".  Google has been contacted and is holding onto the account info until the RCMP can do whatever they need to do to get it (court order I presume).  How successful they will be in tracking these people down, who can say?"

HostJury will continue to track this story!