A cyber attack that shut down anti-spam site Blue Security also felled thousands of blogs when the spam campaigner deflected the malicious hits onto its journal at blog host Six Apart, analysts said.
Internet security company Netcraft said on Thursday that Blue Security temporarily dealt with the distributed denial of service (DDoS) siege mounted by disgruntled spammers by redirecting traffic to its blog, knocking out Six Apart's TypePad and LiveJournal services.
"The DDoS traffic appears to have followed www.bluesecurity.com to its new home, overwhelming Six Apart's network and knocking its TypePad and LiveJournal services offline for nearly eight hours," said Netcraft analyst Rich Miller in a blog posting.
In a DDoS attack, networks of compromised computers called botnets are used to repeatedly request information from a server or data centre. Such a barrage of requests means legitimate users cannot access the site, and can cause servers to fail.
The Blue Security redirection was first reported on the North American Network Operators Group mailing list on Tuesday. Six Apart did not speculate on the origin of the attack on Thursday, but hinted in an interview with ZDNet UK sister site CNet News.com that the problem was related to the content posted on one of its hosted blogs.
"Blue Security is a customer of ours, they do have a blog with us," Six Apart Vice President Anil Dash said on Thursday. "Beyond that, I don't want to confirm anything. Any kind of an attack like this is really the fault of the attackers."
According to postings on Blue Security's blog, the DDoS attack was launched in response to its method of combating spam. Blue Security distributes a tool called Blue Frog to flood companies sending spam with complaints -- one for every piece of spam received. This overwhelms spam sites with opt-out requests.
Blue Security was unavailable for comment at the time of writing, but its blog posting vowed Blue Frog would continue to combat spammers.
"We're helping the community fight the Blue Independence War. We fight for our freedom from spammers and cyber criminals. This is our big chance to reclaim the Internet. We must not let it slip from our hands," said the blog.
"Some desperate spammers are doing their worst to harm our community. They'd like us to back off, and agree to get their spam silently. Needless to say, that is not going to happen. We're not here to listen to their vile threats and fraudulent advertisements. We're here to stand up for our right to be let alone," the posting added.
Netcraft's Miller told ZDNet UK: "The issue here is whether Blue Security acted responsibly when it came under attack.
"The current generation of DDoS attacks generate huge amounts of Web traffic, and can impact the operations of connectivity providers and hosting companies. Blue Security should have realised that its new host would be affected by the DDoS traffic."
CNET News.com's Joris Evers contributed to this article
Talkback
I subsribed to Blue Security in April 2006 on the back of the latest enhancement to the Mailwasher antispam tool. I think it's worth pointing out that Blue Security does not "spam the spammers". It merely automates the opt-out process laid down in the US CanSpam legislation. So if a spammer sends out 500,000 spam emails and say 5,000 of them are to Blue Security subscribers then the spammer will receive a reuest to subscribe to Blue Security's "Do Not Disturb" register. If he declines to do so within the specified timescale he will receive a maximum of 5,000 opt-out requests. I don't believe that's unreasonable. With over 500,000 email addresses registered for protection Blue Security is reaching critical mass and one major spammer has been panicked into what I believe will be a futile attempt to close down this threat to his immoral and illegal activities. The vast majority of Blue Security users are behind the company and there is a very active forum on Castlecops - http://castlecops.com/f230-Blue_Security.html . I have no connection with Blue Security. I'm just happy that together with Mailwasher they've given me a means of fighting for a more enjoyable internet experience.