Netregistry Group chief executive Larry Bloch

Netregistry, an Australian cloud-based web hosting service provider, got a bang on its vast network presently.

Zeus Dynamic, one of the key servers of Netregistry, stayed non-functional for a restricted period as the bang was said to be a DDOS (distributed denial-of-service) hit.

Covering the site’s Support Centre, the web host reported, “One of the IP addresses used for our shared hosting infrastructure (zeus-dynamic, 202.124.241.200) has been the subject of a DDOS attack.”

“We have had to block this IP with one of our upstream providers (Telstra), in order to allow other client-facing services to be able to be kept online,” the statement continued.

The non-stop effort of Company is still in action, resolving the issue to bring the intervened network back to its operation.

According to the prior reported statement by NetRegistry, “Please note, DDOS attacks only affect the speed/performance of service, no data will be lost.”

Today, distributed denial-of-services hits are one of the leading problems of online networks.

Netregistry is significant among Australia’s principal registrars companies. Above and beyond web hosting, the company caters to its clients by providing SSL security, VPS, e-commerce and other fundamental services.

A co-Australian web host, distribute.IT, also suffered from security violence on its network and thousands of websites fell flat due to this desecration. For further news on this issue, please follow the link.

Related posts:

1. Huge DDoS Attack on WordPress
2. The Specifics of DDoS Attacks
3. VeriSign Bundles DDoS Protection

Original: Netregistry Suffers DDOS Attack on its Network

A Web Hacking Incident Database semiannual report was released by information security and compliance solutions provider Trustwave (www.trustwave.com) this week. It was learnt from the report that there has been an upsurge in DDoS attacks and it also depicts “a lack of properly implemented anti-automation defenses to ensure application availability”, and this is the reason why these attacks occur.

A new PenTest Manager online portal for the management of penetration tests in real-time was also released by the organization in the current week.

The report said that on number one position of attack vector in the second half of 2010 stood the DDoS attacks. This figure is an upsurge of 22 percent from the first half of 2010.

The chairman and CEO of Trustwave stated, “The WHID helps businesses better understand the potential business and technological impact of an attack. Such research enables informed and accurate decisions to protect and secure online commerce.”

According to Trustwave, the results of the report show that “website downtime is far from the traditional intended outcome of an attack.” The envisioned result is typically to hack for return.

It was learnt from the study that many enterprises have an incorrect assumption that a DDoS attack can be prevented from network hardware. However, according to Trustwave, organizations should examine the limitations of a website in order to understand the response of applications to attacks.

According to Trustwave, “26 percent of attacks are accounted against government agencies and a monetary loss of 64 percent was experienced by the finance sector”. “A 27 percent credit card leakage affected the retail to the most.”

The senior vice president and head of SpiderLabs, Nicholas J. Percoco said “Cybercriminals never stop trying to exploit Web applications. By aggregating the information in the WHID, we’re educating businesses with the latest trends regarding online threats to businesses.”

Related posts:

1. The Specifics of DDoS Attacks
2. DDoS Attacks Emanate from China, Take Down Sites
3. Huge DDoS Attack on WordPress

Original: DDoS at Number One in the Threat List in New Trustwave Web Hack Report

ControlCircle, a prominent name when it comes to provision of managed services and datacenter, today has unveiled its latest product which is a brisk launching Distributed Denial of Service (DDoS) for its clients worldwide which include SME’s and global companies.

ControlCircle has come up with a very comprehensive and fully integrated DDoS service that would shield all sorts of organizations irrespective of their magnitude and area of indulgence from malevolent insurgencies made through cyber attacks. These attacks mostly target services which rely heavily on internet and aim to completely cripple or disrupt them.

“Integrating network-wide intelligence and carrier-class threat management capabilities, ControlCircle’s DDoS mitigation solution offers the market one of the most intriguing propositions in the cyber-threat domain. The rapidly-deployable technology is delivered across ControlCircle’s high-capacity global backbone, enabling the real-time identification and mitigation of a DDoS attack,” this was declared by Damian Milkins who helms the ControlCircle as a founder and president. He further added “DDoS attacks have returned with a vengeance and any sustained attack has the potential to incapacitate IT infrastructures, servers, websites and all communications associated with IP compromising an organization’s integrity and revenue opportunities, as well as causing collateral and reputation damage”

Services offered by ControlCircle stand like a sentry and guard the access point of the customer’s network infrastructure and are fully capable of successfully identifying and crippling network and application layer attacks. The DDoS service is comprised of inbuilt, highly multifaceted and intricate algorithms that stop attacks and provides in-depth monitoring of essential services such as VoIP/SIP, DNS, HTTP and P2P which heavily rely on network. It also renders the ability to closely observe the key performance metrics and reporting of the activities.

“When you consider our reliance on technology and web operations there is a climate of fear over the harm that a cyber-attack could unleash. We think DDoS protection should be available to all organizations irrespective of size and ControlCircle with its technology partners has made this a reality,” Said Milkins.

ControlCircle has already found a customer in form of Parlingo, a company which provides mobile phone users instant messaging or IM services. Martin Rosinski who serves as the chief technical officer of the Parlingo praising for DDoS service said “After experiencing a crippling DDoS attack on our website we engaged with ControlCircle who were able to help immediately. The service, deployable on a need’s basis, takes away the capex dilemma and provided a multi-layered defense architecture that extended visibility and control to the edge of the Internet.  ControlCircle’s DDoS Solutions has helped us prepare for, monitor, manage, and mitigate the impact of any further malicious DDoS attacks and enabled us to stay focused on our core business.”

About ControlCircle

ControlCircle operates privately and its foundation was laid in 2001. It is a renowned provider of business solutions which include secure hosting and global connectivity that encompasses areas such as security, networking, server and database related technologies. In short, ControlCircle offers services that thoroughly cover the market sector.

Related posts:

1. 10 Worst Cyber Attacks In History that Drained Millions Of Dollars
2. The Mobile Threat
3. Managed Network Security Going To Touch $8.4 Billion By 2015

Original: Control Center Unveils Latest Rapid Deployment Managed Cyber Threat Services

In the early morning of Friday, February 19^th, 2011, Paypal suffered from a brief outage causing all transactions to be halted and their website to go down. According to the Paypal Developer’s Network, the issue began exactly at 12:11am PST and was resolved over an hour later at 1:23am PST. However, during the downtime, Paypal officially stated they did not have an estimated time for resolution.

International Sites

In addition to the downtime for Paypal customers in the United States, the company also revealed that international sites like Paypal in the United Kingdom and Spain may have had much slower performance until 2am PST. Netcraft stated that Paypal has regularly scheduled maintenance between 11pm and 1am PST every Thursday and Friday.

Not Consistent with Scheduled Maintenance

In the past, these routine checks have not led to noticeable downtime. Also, the outage on Friday morning was outside of the typical scheduled maintenance window. In addition to being down, the financial company also noted major issues with its payments API software which significantly affected online retailers, especially those in the parent company, eBay.

An Ecommerce Issue

Any type of downtime for an online financial institution can be a major problem for ecommerce websites. This particular outage blocked customers from accessing their accounts altogether. Therefore, many customers were unable to purchase items from those only accepting Paypal such as on eBay auction sites or when buying digital products.

During the downtime, at 12:52am PST, eBay released the following statement “EBay is currently experiencing checkout problems” and “community members may see errors or timeouts when attempting to pay for an item. We are working on the problem and apologize for the inconvenience.”

Unable to Find a Workaround

This issue must have been major as the Paypal Support Team reported they were unable to find any type of workaround to fix the issue. Therefore, they may have had to transfer all information to redundant servers in order to push the sites back up in a timely manner. Paypal last suffered performance issues in December 2010 as it, and many other financial companies, became the target of a DDoS attack as retaliation for the restriction of WikiLeaks.

Anytime a financial company has networking issues, this can be a cause for major concern as customers do not know if this is an attack and their banking information is safe. It is also a concern for retailers as customers attempting to purchase cannot push the transaction through as a result of downtime at their financial provider. Luckily the issue was quickly fixed and the servers were only down for an hour.

Related posts:

1. Using eJunkie as an Ecommerce Payment Processor
2. What are Advanced Search Operators?
3. Important Tips to Prevent Site Downtime

Original: Downtime of Online Payment Operators

The recent report by The Register declares that WordPress (www.wordpress.org), the biggest open-source blogging service is attacked by DDoS on 3^rd, March 2011.

According to report, the attack brought about the disruption in uploading of content on various WordPress sites. TechCrunch, a popular tech site also experienced disturbance due to this.

According to TechCrunch, Matt Mullenweg cited this attack as the biggest in the history and also showed the concern that this attack might be politically motivated in opposition of his “non-English blogs”, however, there is no conclusive proof. Mullenweng further cited that this biggest attack affected all 3 data centers the company is operating in Dallas, Chicago and San Antonio.

“WordPress.com is currently being targeted by an extremely large Distributed Denial of Service attack which is affecting connectivity in some cases,” Sara Rosso, a representative of WordPress owner Automatic, said in a statement. “The size of the attack is multiple Gigabits per second and tens of millions of packets per second.”

Rosso statement was published at 3:30 noon and according to a tweet by Lloyd Budd, who is incharge of VIP hosting services, the site was working fine just after 4 hours.

Rosso further stated that WordPress upstream providers had been toiling “to prevent such attacks from connectivity going forward” and WordPress definitely be giving VIP sites precedence in upturn.

A statement from TechCrunch tells that WordPress is presently serving 20 million sites, which is equal to 10% of worldwide websites. According to the statement, WordPress receives around 300 million exclusive visits every month.

Related posts:

1. The Specifics of DDoS Attacks
2. 5 Easy Ways to Make Your WordPress Site Super Secure
3. Social Networking Sites Under Attack By Congress?

Original: Huge DDoS Attack on WordPress

Defined as a distributed denial of service attack, a DDoS attack is a program that sends an infinite number of requests to a server overloading it and shutting the equipment down. The goal of this attack is to make a server or website unavailable to its users. There are a few different methods in which the attack can be carried out. Although the reasons for such an attack may vary, the end result is consistent.

The most targeted websites for these types of attacks include:

• Banks
• Credit card payment gateways
• Root name servers
• E-commerce sites

The most common method of attack is flooding the server with an unlimited number of requests so it is unable to communicate with legitimate traffic. This causes the server to slow down to a screeching halt, so much where it is rendered in effective resulting in any actions to time out. This usually forces the target to reboot or consume the server’s resources to a point where they can no longer function as intended.

Another popular DDoS method is a disruption of the server’s configuration information such as the routing of data. If this is intercepted and blocked, communication can be completely shut down. Similarly, the disruption of communication media between the users and victim can be targeted. Finally, many attackers target specific networking components like the actual server with the intention of interrupting the flow of information.

DDoS attacks are highly illegal as they violate the Internet Architecture Board’s proper internet usage policy as well as the terms of service of all internet service providers. The issue with DDoS attacks is they are difficult to trace so the guilty party or parties may never be discovered.

There are a number of programs that can be used to perform a DDoS attack, many of which were created for other, less malevolent uses. These programs are typically packet injectors used to perform many other tasks. On the other hand, there is software developed specifically for denial of service attacks. A few examples of legitimate resources include, hping, httping and socket programming.

DDoS can and have caused major problems for many online organizations. The challenge with preventing DDoS is that they cannot be predicted and therefore all businesses can be affected. The best prevention method is having an excellent security system mixed with redundant servers and top-notch backup systems. This will alleviate the load set by DDoS attacks.

Related posts:

1. Inference Attacks: A Common Yet Serious Security Risk
2. SecureLive To Fend Off Attacks
3. Important Tips to Prevent Site Downtime

Original: The Specifics of DDoS Attacks

Security becomes more of a challenge everyday for website owners and administrators.  If it isn’t someone trying to deface your homepage and enrage your audience, it is another looking to commit more heinous acts such as stealing sensitive information or putting your identity in jeopardy.  In order to keep yourself protected, it is a must that you stay aware of the emerging threats.  Here are a few stirring up some of the most trouble in 2009.

Zombie Armies

Although zombie armies and DDoS attacks on large servers and networks is nothing new, this combined threat continues to be a major problem.  Security experts are projecting that the issue will likely worsen as computer systems increasingly rely on wireless connections to the internet.  Therefore, while this threat has been around for sometime, you should never get too relaxed and think your website or server is immune to exploitation.  On a good note, there are a few methods you have at your disposal that have proven to effectively combat an attack should the enslaved army of computers come your way.

Click Jacking

Another security threat on the rise, click jacking is pretty much what it sounds like: the act of hijacking a click.  A perfect example would be an intruder replacing the form button on your site with a button of their own.  Doesn’t sound all that menacing?  However, consider this – a new customer goes to enter their credit card information via the form on your website.  When clicking the button, the user is redirected to a rogue site where they are prompted to enter their financial details.  If they happen to fall for this trick, the customer could be out of their funds and you could possibly be out of business for allowing it to happen.  Click jacking can be very difficult to detect as the visitor could end up on the fraudulent site without even realizing they have left your domain.  Difficulty aside, this is one threat you need to learn how to prevent as it is becoming widespread at a disturbing rate.

Advanced Virus Strains

A number of security reports are showing that virus programs are growing more sophisticated and difficult to detect.  Easy access to malicious tools have enabled code writers to create viruses that elude scanners, allowing them to do so with less skills and less effort.  These findings give indication that more advanced virus scanning solutions are warranted.  Experts are hinting that systems of the very near future may do away with the today’s signature-based scanning in favor of techniques such as application whitelisting or application heuristics.  These methods could end up being integral parts of your virus defense mechanisms.

The clan of internet criminals are working overtime to wreak havoc in the year 2009 and beyond.  What we have listed in this article are just a few of numerous threats you need to be aware of.  In order to ensure an adequate level of protection, we recommend getting together with your administrator or hosting provider to discuss the areas and security issues that concern you the most.

Related posts:

1. A Checklist for Website Security
2. Why is Web Hosting Security so Important?

Original: Prevalent Security Threats in 2009