Nonprofits' online systems getting attacked

An organization called Perverted Justice reported on its MySpace blog today about the arrest of a man who not only was harassing and threatening its volunteers online, but also set up a bot-net to conduct distributed denial of service attacks against the organization. From the blog: "Traffic ranged from 216 gigabytes a day and sometimes went up as far as over 1 terabyte in generated traffic over a 24-hour period, depending on the size of the bot-net infections. At any time there may be between 100-200 requests to surges of over 10,000 different requesters at a given time. We block usually on average 500-2,000 ip addresses making requests from the bot-net daily."

Also today, NABUUR, a nonprofit organization that involves online volunteers, posted to LinkedIn with a plea for help -- NABUUR is currently under attack of a spammer who spoofed his IP address and they need to know how to block this person.

Does anyone know of any online resources that can help nonprofit organizations understand what a denial of service and other network attacks look like? And for small nonprofits that don't have a tech staff -- Where do they seek help when such an attack happens? Is it possible to prepare for such an attack? Would TechSoup consider producing an article specifically addressing this issue? (I'd be happy to link to such from my own blog -- I think it's very much needed, but I don't have the expertise to write such).

I have found that choosing your host wisely is more effective than trying to specifically protect against one sort or many sorts of attacks.  A good hosting service knows how to deal with these things on your behalf.  They also help in a lot of other ways.  Hosting service costs vary, and cheaper doesn't always mean poorer service.  I think an article how to choose a good hosting provider that encompasses a larger set of possible issues instead of one article dedicated to this specific one would be more effective.

jcravens42:

Does anyone know of any online resources that can help nonprofit organizations understand what a denial of service and other network attacks look like? And for small nonprofits that don't have a tech staff -- Where do they seek help when such an attack happens? Is it possible to prepare for such an attack? Would TechSoup consider producing an article specifically addressing this issue? (I'd be happy to link to such from my own blog -- I think it's very much needed, but I don't have the expertise to write such).

I agree with Chris that security starts with having a good hosting provider that is capable of taking quick action when you become a victim of security breaches such as denial of service (DoS) attacks.  A DoS attack happens when an attacker prevents users from accessing certain information or resources.  So for example, you keep trying to access a website unsuccessfully -- the site doesn't load on your browser at all, it looks completely down, and you wonder what's going on.  What might be happening here -- and in most cases the average user isn't even aware -- is that an attacker could have successfully used your computer and the network it's on to actually block you from accessing the site or some other resource.  And it doesn't have to be just a website -- it can be many websites being blocked, or the inability to access your email or your online banking accounts, etc.

There are many forms of denial of service attacks, but usually it happens when the attacker "floods" a network with an overload of information.  What this does is to cause the network to get jammed by this information overload, so that when legitimate users try to access the resource, the network can't accept their request.  This translates to being a denial of service attack because the user can't get access the service he/she is attempting to access.

So the question then is how do you know that you're a victim of a denial of service attack?  And what can you do about it?

Like I said, the average user will often have very little clue that they're actually involved in an attack.  But after some time though, the user will notice things that seem irregular or unsual, such as the inability to access websites for an extended period, or experiencing a slower than usual network, or suddenly getting a lot more spam in their inbox -- that sort of thing.  Now even when these things DO happen it doesn't necessarily mean that you've been attacked!  It could simply be an unusual situation you're experiencing and nothing more than that.  I want to make this clear so that people don't start panicking every time they get a slow network connection or more spam in their inbox.

But that's why it's important to contact your Internet service provider (ISP) or your network administrator if you notice these sorts of unsual things taking place.  They will be equipped to take charge of the situation, to identify and stop the damage, and to advise you on any actions you can take.   A good hosting provider should be well versed on how to handle network security breaches.

Yeah, I think it would be a good topic to discuss under the general topic of Computer Security.  We should check to see if we have any articles about this already on TechSoup.

Yann

I concur that most hosting providers have things in place to detect and block most DOS attacks, but I wonder how often a non-profit gets this kind of attention? Surely sites like Planned Parenthood may, but in general I would not think this is something most NPs need to think about unless it happens.

I do have two things to contribute on this topic. The first is that having your web site monitored is a very good idea, since most people will never know until someone tells them that their site is down, whatever the reason may be. And if the email is not also down it could be days or weeks before they find out. This can be as simple as putting your site as your default page in your browser so you check it at least once a day. Or more comprehensive with a monitoring solution that checks it several times per hour. There are a number of services like jaguard.net that offer free and paid options, and Nagios which is an open source application that Rog works with a lot.

The second thing is to get a second hosting account. With costs as low as $2 a month (Lacehost.com), I think even most poor NPs can afford to set up a backup or fall-over site that can provide about twice as much bandwidth to help twart a DOS attack. You could even set up 4 or more hosting accounts to provide more protection. If you locate your hosting accounts in different parts of the country, this has the added benefit of providing better response time and the closest servers respond to requests. There are some technical considerations, but most basic sites should not have any real problems making this work.