If you have a TypePad blog, you will definitely know about the denial of service attack on Six Apart‘s servers earlier this week, when access to TypePad blogs (as well as other Six Apart services such as LiveJournal) was down for some considerable time.

Denial of service attacks tend to conjure up images of nefarious characters in Eastern Europe or some Far Eastern country trying to bring down a symbol of American commerce. Or some expert hacker just proving he can do it.

Think again in this case.

It appears that a company called Blue Security was behind the server crashes as they tried to avoid a spam blitz on their own servers, according to a report in Q Daily News:

[…] The people at Blue Security decided that the best way to deal with the attack was to point the hostname www.bluesecurity.com to their TypePad-hosted weblog, bluesecurity.blogs.com. This effectively meant that the target of the attack shifted off of Blue Security’s own network and onto that of Six Apart, and did so as the direct result of a decision made by the folks at Blue Security. […] Soon thereafter, the Six Apart network (understandably) buckled under that weight and fell off the ‘net, and over four hours passed before packets began to flow again. […] Judging from the outage, it’s unlikely that Blue Security gave them any warning — although who knows whether a warning would’ve prevented the basement from filling up with water all the same.

Unbelievably stupid! I’d imagine Six Apart have had some conversations with their lawyers by now. Maybe that’s the reason why there is no mention of this on any Six Apart website.

(Via Todd Cochrane)

[Update 5 May] Spam vigilante spat knocks out blog services – background story to this from InfoWorld.

9 responses to “Six Apart outage caused by stupidity”

  1. Trevor Cook avatar

    Hey Nev when I jotted this post this is the title it generated –

    Six Apart outage caused by stupidity at NevilleHobson.com

  2. Andrea Weckerle avatar

    Blue Security’s actions were unconscionable. What were they thinking? Btw, Trevor’s title for this post is great!

  3. Tris Hussey avatar

    Wonder if this had anything to do with the DDOS that toasted most of Tucows yesterday as well.

    For Tucows is was cause because a site that uses Tucows for managed DNS got hit with a DDOS and just brought everything down with it.

  4. Jeff Clavier avatar

    I was sitting next to their VC investor at a conference in LA (my friend David Hornik, who happens to be a former corporate lawyer). Saying that he was furious is a gross understatement.

  5. Dennis Howlett avatar

    Jeff – furious at whom?

  6. neville avatar

    That’s a good one, Trevor. Most amusing! I’ve noticed in the RSS feed in particular that every post is shown as “[post title] at NevilleHobson.com.” I’ll bear that in mind for headlines in future, either to avoid situations like this or to ensure they continue to be amusing.

    More detail appearing in media reports about exactly how this outage happened. Good story in CNET News, linked above.

  7. Jeff Clavier avatar

    Dennis> Furious about what BlueSecurity had done.

  8. Stuart Bruce avatar

    Have you read Stephen Davies’ post about Blue Security – written before the Six Apart outage.

    http://www.prblogger.com/2006/05/bluesecurity-saviour-or-satan/

  9. neville avatar

    Stuart, I’ve read quite a few posts like Stephen’s. Seems to be a divided camp out there re Blue Security with some saying they are the vanguard of protection against spammers and others saying they are the epitomy of appalling business practice.

    Seems to me that their action re the TypePad servers puts them in the latter camp.

    Jeff, I would imagine that one thing Six Apart might be considering in light of this experience is to amend terms of service to cover such instances, ie, re-directing domains under specific circumstances. Unless the terms already do.