Attack on high-profile NZ site takes down web host

An attack on a high-profile New Zealand website took web hosting company Webdrive's entire operation offline on Monday afternoon.

"I cannot disclose the customer in question, other than to say it was a high profile Kiwi site," Webdrive general manager Robin Dickie told NBR ONLINE.

Webdrive's customers include Air New Zealand, ACC, BNZ, Auckland Council and Yellow. All up, it has around 25,000 clients, most of them small businesses.

"All customers were affected, although I couldn't speak to how it impacted them if at all," Mr Dickie says. Larger organisations typically mirror their site at a second data centre for full redundancy. And some are not using Webdrive for their core business. NBR understands BNZ, for example, uses Webdrive only for microsites such as the bank's charity initiative, not any "mission critical" hosting.

NBR ONLINE is hosted by Webdrive, and the impact on this site was that it was offline between 3.50pm and 4.50pm (Mr Dickie confirms NBR was not the target of the attack).

Another Webdrive customer, the Science Media Centre was also 100% impacted. Manager Peter Griffin says both of the organisation's sites were knocked out for the duration of the attack.

The incident was a so-called distributed-denial-of-service (DDoS) attack, which involves automated software bots trying to connect to a site, en masse, overwhelming it with connection requests so that its usual users can't get through..

"The attack was twenty times our normal network traffic, so it was a pretty decent hit," Mr Dickie says. "This saturated our border routers, making our network inaccessible."

The "border router" that Webdrive uses to connect to the internet was swamped by the attack, as was a redundant router that normally serves as a backup.

"In total we had intermittent performance for just over an hour before we mitigated the attack by isolating the customer," the GM says.

"We then bought them back online by putting them behind a CDN that specialises in filtering such attacks."

Will it happen again?
"We have designed our architecture to handle larger incidents so in this regard we are disappointed the issue resulted in downtime," Mr Dickie tells NBR.

"This will be our main focus in investigating and taking action and should prevent such extended downtime in the future."

The investigation continues.