The 'Distributed Denial of Service' (DDoS) attack

CLUAS not accessible for 3 days due to 'DDoS' attack on its web hosting company

The CLUAS.com website was unfortunately not accessible from 31 July 2003 to 2 August 2003 due to a 'Distributed Denial of Service' (DDoS) attack on the network of chicagowebs.com, who are the company hosting the CLUAS.com website. Below are answers to some questions relating to this incident that people may have. Please accept our apologies for the inaccessibility of CLUAS during this 3 day period and we hope that the info provided below explains what really happened.

What sort of attack was responsible for the CLUAS site being inaccessible for 3 days?
It was a 'Distributed Denial of Service' (DDoS) attack that resulted in CLUAS (and over 3000 other websites hosted by Chicagowebs) being inaccessible for 3 days.

What is a 'Distributed Denial of Service' attack?
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. (This definition is from techtarget.com).
In the case of chicagowebs apparently 700-1000 other servers on the internet were compromised and targeted websites hosted on the chicagowebs network, resulting in the DDoS.

Does this mean that CLUAS was hacked?
No. CLUAS was not 'hacked'. None of the content on CLUAS was corrupted, deleted or altered in any way by third parties during this attack. This type of attack only renders the site in accessible due to flooding the server with requests.

Was chicagowebs the only company to be targeted with a DDoS attack in the last few days?
No. The Microsoft.com website (one of the biggest websites on the WWW) was also rendered inaccessible for over an hour on August 1 by a DDoS attack (more details here). Likewise the leading IT webzines cnet.com and zdnet.com were also attacked in this manner on August 1. They were inaccessible for over 1-2 hours due to the attack.

Why was CLUAS.com down for 3 days when Microsoft.com, zdnet.com and cnet.com were only down for a few hours?
Simply put microsoft.com is the website of one of the world's biggest companies and they had the resources to ensure that they quickly got their website accessible again. Chicagowebs who host CLUAS are a tiny company by comparison and did not have the resources to overcome such a sustained DDoS attack in such a quick fashion. They also had to get 3000+ websites back live.

Will CLUAS continue to be hosted by chicagowebs after this experience?
CLUAS will remain hosted by chicagowebs for the foreseeable future. Chicagowebs have provided CLUAS with a professional, high quality, competitively priced service for over 2 years and were not responsible for the inaccessibility suffered by CLUAS. This was due to a malicious DDoS attack by as yet unidentified 3rd parties.

What's this about the FBI investigating the attack?
According to Pat Stangler, the owner of Chicagowebs, the FBI have taken a great interest in the attack (sure, some would call it an act of cyber-terrorism) and are investigating it with a view to identifying who is responsible for launching the attack.

Why is CLUAS hosted in Chicago and not in Ireland or in Europe?
Because CLUAS has not been able to find an equivalent, cheaper, high quality hosting service in Ireland or Europe. It's that simple. For US$20 a month CLUAS is hosted on a Windows 2000 server where we have 250MB of space available, 48GB of monthly data transfer, database-driven webpages, excellent support and a load of other useful functions. If anyone knows of a better deal in Ireland or Europe let us know.

Were any of the CLUAS email accounts effected by the attack?
No. The CLUAS email service is NOT provided by chicagowebs (it is provided by a company called 'everyone.net'). Everyone.net was NOT a target of a 'Denial of Service' attack. Email accounts can still be accessed and no mails as far as we know were lost.

Were any files or webpages corrupted or lost because of the attack on the chicagowebs network?
No. Not a single CLUAS web page was lost in the attack. Thankfully the chciagowebs crew keep daily updates of all their websites. The CLUAS website on the internet today is exactly the same site that was on the net before the 'DDoS' attack.

Did the CLUAS web server have all security 'patches' installed at the time the DOS attack took place?
Yes, all up to date security 'patches' were installed on the CLUAS server at the time of the attack. But for all intensive purposes this fact is irrelevant as a DDoS attack, by definition, does not breach security of a server it is targeting. It just floods it with data requests.

Is it known  who initiated the attack on the Chicagowebs network?
Not as far as we know. But, as pointed out above, apparently the FBI is investigating it.