Company hosting Joe Wilson fundraising site recovers from DDoS attack

Computerworld - A company providing online payment-processing services for U.S. Rep. Joe Wilson (R-S.C.) is back online after being disrupted by a distributed denial-of-service attack over the weekend.

The attack on Piryx began Friday afternoon and lasted into the early hours of Saturday morning, temporarily disrupting a Wilson fundraising effort that was under way at that time, Piryx CEO Tom Serres said. It also knocked out services for about 150 other Piryx clients, he said.

Piryx is a nonpartisan Austin-based start-up that provides services to help political candidates and nonprofits manage online campaigns and fundraising.

Serres said the company was contacted by Wilson's office last week and asked to manage online donations from supporters rallying behind the congressman after he shouted "You lie!" during President Obama's address to Congress on health care reform Wednesday.

Hours after the company began hosting Wilson's home page on its servers, Piryx found itself the target of a distributed denial-of-service attack, Serres said. Such attacks are designed to render servers and networks inaccessible by flooding them with useless traffic.

The attacks appear to have been directed at the JoeWilsonforCongress.com site, Serres said. At the time the attacks started, the site was handling about 100 transactions per minute and had already collected more than $100,000 from people who wanted to contribute to Wilson's campaign, he said.

Initially, the traffic generated by the DDoS attack was manageable, but soon Piryx began noticing "massive bandwidth spikes" that knocked its servers offline, Serres said. The data center hosting Piryx's servers confirmed that it was the victim of a DDoS attack. At its peak, the DDoS flood generated about 1Gbit/sec. of traffic, which is about 1,000 times the normal traffic on Piryx, Serres said.

After several failed attempts at mitigating the attacks, filters were put in place to block the traffic early Saturday morning. Service has been normal since then, Serres said. It's not known from where the attacks originated, but he said it appears to have been initiated by those opposed to Wilson's comments. "It was clearly politically motivated to take down Wilson's ability to raise funds online," Serres noted.

The incident appears to be one of the rare instances of a politically motivated attack against a Web site in the U.S., said Kirsten Dennesen, an intelligence analyst with VeriSign's iDefense Labs. The attention attracted by Wilson's comments, especially through social media tools such as Facebook and Twitter, appears to have contributed to the attack, she said.

"One question is whether there are going to be any response attacks," she added.

Read more about security in Computerworld's Security Knowledge Center.