Consumer revenge site returns after DDoS attack
Follow the money
Updated UK-based consumer finance website MoneySavingExpert.com was forced to pull most of its services over the weekend as a result of an ongoing denial of service attack.
The site was hit at 1700 on Friday hours before launching a high-profile campaign against insurance rip-offs. Services were largely restored by 1000 on Monday.
The attack has left a guide to reclaiming mis-sold Payment Protection Insurance (PPI) temporarily unavailable. Martin Lewis, who runs the site, said the mis-selling of PPI to people applying for personal loans and credit cards is rife. He recently started a campaign to reclaim the cost of loan and card insurance.
MoneySavingExpert.com - a self-billed "consumer revenge" site - claims it is used by over three million people in the UK a month. The assault on the site by unknown assailants came on the same day as the launch of Lewis's PPI reclaim campaign.
Lewis reckons the timing of the attack is "probably not a coincidence" . The perpetrators of the attack remain unidentified. Sometimes such attacks are motivated by blackmail but Lewis said it has received no approach from those behind the assault.
MoneySavingExpert.com has campaigned on a variety of issues beyond its recent PPI push, activities that have earned its share of enemies over the years.
"We've cost some people a lot of money by telling consumers what to do," Lewis told El Reg.
Denial of service attacks involve rendering websites unusable, sometimes for prolonged periods that can reach into days. Attackers commonly start off with cruder forms of attack (such as a SYN Flood) before increasing the sophistication of the attack to confuse and confound a site's defenders.
Bringing the site back online after what Lewis described as a "phenomenal DDoS attack" proved a tall order. Minor glitches remain. "We're doing well at repelling that for the main site; although doing it for the forums is much more difficult," he said.
However clever or sophisticated the attack might be, it's probably done little beyond temporarily delaying some PPI claims. The assault might even draw wider attention to the issue.
MoneySavingExpert.com's PPI reclaiming guide and free template letters are due to be included in its weekly MoneySaving email, or via Google's cache here, pending full restoration of the site. ®
What a great idea - I'm with you on that one.
Actually, what would be a good expansion of that idea would be to collect all the IP addresses involved in a DDoS attack and post them to your country's antiterrorist hotline with a note to the effect that these IPs were detected as participating in a cyberterrorist act. Getting a few of these click-anything numpties sent to Gitmo or at least listed on a terrorist register would be a fine incentive for making people more careful about what they allow to be installed on their computers... a neat way of exploiting oppressive pseudodemocracies to educate the masses with a big stick about the perils of responding to and thereby encouraging spam and scams!
As the saying goes: No one raindrop believes it is responsible for the flood.
half an hour later, and that cache URL doesn't return anything.
The original forum post is back up, but no obvious post...
What was the nature of the warning you refer to?
How to stop the zombies
Most, if not all DDOS attacks come from Zombies, that were almost always compromised due to the PC owner's system being unsecure, or the user doing stupid things like opening attachments from people they don't know, not having a firewall or a filtering proxy, and not scanning for viruses.
My proposal: create an international treaty, whereby all zombie IP addresses captured in a DDOS attack can be traced back to accounts at ISP's or corporates, and the owner of the PC in question either pays a nominal fine (about the same as a small speeding fine) or gets their IP blocked from Internet access for a week or two. Most of the proceeds of the fine should go to the affected parties to compensate them for loss of business.
It is almost impossible to block a DDOS at the destination network, at least not without bogging down the equipment. We need stop it as close as possible to the source.
Making users liable for incidents involving their machines will give them a definite incentive to use and maintain them properly, or get someone else to do so if they are unable.