Joanne Nova runs a science-related blog that is very popular — or extremely unpopular if you object to her writing what she writes; or the responses in comments to her blog articles.
A Distributed Denial of Service (DDoS) attack on Joanne Nova’s blog late last week resulted in the site being “destroyed”. It was offline over the weekend as helping hands scramble to move Jo’s site to a more secure hosting provider.
Previous content and comments is being set up at the new hosting provider. A temporary blog is in place at the usual address while that happens. Following previous attacks after which restoring servers was necessary, administrators have been rigorous in taking backups and had altogether too much practice at reloading a blog site. It still takes a matter of days and (I estimate) well over 100 hours in effort; worth in the vicinity of AUD$20,000.
Not so long ago, I wrote about web site vulnerabilities, how to minimise exposure and how to try to ensure that your web site remains available and uncorrupted, within your means.
What I did not mention was that if your web sites or hosts are “owned” by bots, then they may be mustered into a coordinated DDoS attack. Which potentially makes you an accomplice in the attack with legal (civil and/or criminal) liability if you did not implement reasonable measures against your resources being used to commit an offence.
I am not a lawyer. This is not “legal advice”. Just a word of warning, based on observations and how I interpret one’s obligations when providing any service exposed to the Internet.