Boycott Novell is one opinionated site. If you think I'm pro-Linux and hard on Microsoft, you haven't been reading Roy Schestowitz, who makes me look as mild as a May day. Boycott Novell, which was founded in 2006 in reaction to Novell's partnership with Microsoft, is very popular with about a million hits per month, but it's also made enemies. Enemies who seem to have had enough of Boycott Novell recently launched a DDoS (Distributed Denial of Service) attack, which has almost knocked the site out.
In an e-mail interview with Schestowitz, he wrote that he's trying to make the best of a bad situation, "I guess the most reassuring way to look at it is as a sign of success. If they try to shut us up so miserably by resorting to crime, then it means our writings have great impact."
As for the DDoS attack, Schestowitz wrote, the site "has been under DDoS attack for 3 days now. We're still struggling to just stay online while hosts investigate where the attacks come from." In the meantime, he has spoken to the British police about the matter.
I've looked a bit at what's happening to Boycott Novell, and it sure looks like a DDoS attack to me. The attacks are coming from many addresses, and are using both sheer volume and easy Web server attack methods such as sending HEAD requests. A HEAD HTTP request simply requires that a site replies with a Web page's meta-information, e.g. page title, server version, etc. If you flood a site with multiple HEAD requests, you'll soon put it out of action.
The sad truth is that these days, if you want to blow up someone's Web site, it's really not that hard. There are DDoS kits such as Machbot, Barracuda, and BlackEnergy, which can be used by anyone with access. These enable users to easily select the site to be blasted, and then the programs reach out to their bot-network of compromised Windows PCs to launch their attacks.
These DDoS programs are best known for their assaults against countries' Internet infrastructure such as 2008's DDoS wars on Estonia and Georgia. But, if you know the right people and you're willing to pay, anyone can effectively shut down most Web sites.
In Boycott Novell's case, I strongly suspect that that someone iis a person with a screw loose and a grudge against Schestowitz's strong anti-Microsoft and proprietary software views. If that seems a little bit over-the-top, well, as I just pointed out, it doesn't really require any technical expertise to knock out a Web site. All you need is a grudge and the right contacts.
Welcome to 2009, when anyone can say whatever they want on the Web, and where others can do their best to make sure that their voices are never heard.
This story, "'Boycott Novell' Site Suffers DDoS Attack" was originally published by Computerworld.