WordPress.com DDoS Attacks Primarily From China

After recovering from the largest Distributed Denial of Service attack in the service’s history (“multiple Gigabits per second and tens of millions of packets per second”) yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST).

WordPress.com serves 18 million sites, many of them news sites like our own,  which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea.

According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China’s major search engine. WordPress.com doesn’t know exactly why the site was targeted and won’t release the name until it does. Based on the extent of the attacks Mullenweg tells me that they appear to be politically motivated.

“WordPress.com was hit with a another wave of attacks today (the fourth in two days) that caused issues again. This time we were able to recover more quickly, and also determined one of the targets to be a Chinese-language site which appears to be also blocked on Baidu. The vast majority of the attacks were coming from China (98%) with a little bit of Japan and Korea mixed in.”

While Mullenweg tells me that DDoS attacks are fairly common at WordPress.com but its the strength of its infrastructure (distributed across three data centers in three cities) usually prevents anyone from noticing. The recent attacks have impacted not just WordPress.com sites, other servers in the same part of the network causing the outages. WordPress.com is collaborating with upstream providers to shift the attacks.

Says Mullenweg, “Right now there are huge asymmetric risks on the internet because any bad actor, for a few tens of thousands of dollars, has the online equivalent of a dirty nuke and can bring even the largest sites to their knees and silence millions of voices.”

WordPress.com isn’t the only one suffering from recent DDoS attacks, a slew of South Korean sites also took a hit during the same time period.

Update: Mullenweg tells me that after closer scrutiny the attacks don’t seem to be politically motivated, “it doesn’t look like attacks were politically motivated, likely more business-oriented given the targeted site, though we still haven’t heard back from the owner.”