There's a marigold-backed banner splayed across the top of every thread on Reddit right now, and it reads:Site availability continues to be impacted by a malicious DDoS attack. Please grab your towel and don't panic.Since this morning, Reddit has been the target of the largest denial of service attack its administrators have ever encountered. The site started slowing down early Friday morning, but many attributed the stallout to the increased traffic the site was receiving from a popular thread that offered minute-to-minute updates of the situation in Boston.
Advertisement
Reddit admin alienth quickly put that notion to rest: "The load from the Boston incident was measurable. The attack which is ongoing is orders of magnitude larger. We're mitigating it the best we can."How much larger? Much. At its height, it looks like someone was bombing Reddit with more than 7,000 pageloads per second. Here's a chart the admin supplied for the traffic trends of the last 24 hours:
But the admin says they're getting hit with a lot more traffic than that: "Our [Content Delivery Network] is offloading a fuck tonne of it, so it is hard to give exact numbers," he writes. "What does hit us is getting clipped by the fact that we can't handle it all. At least 5 million packets a second are getting through to us. Who knows what it would be if we weren't clipping, and if our CDN wasn't taking the brunt force."When asked if Reddit had ever dealt with attacks like this before, alienth replied simply, "None at this scale."The question on everyone's mind, of course, is who's behind it. If the admins have any ideas, they're not saying. They keep saying that they want to keep details quiet, so as not to tip off the DDoSer, but one admin does leave this reminder: "it only takes one guy leasing a botnet to command tens of thousands of IPs (not saying that is the case here). If it was a handful of IPs, or even a large handful, it would be easy to handle. Unfortunately it is far and above."
Advertisement
So, theories abound. Naturally, Redditors are going hogwild—the thread 'Who is attacking Reddit?' was voted to the front page. One of the leading theories, with 215 upvotes, was put forward by Bostonian user Moofy the Great: it's the FBI:Bostonian here.The FBI and Boston police are getting pissed at Reddit for broadcasting the locations of police activity. They are worried about the security of their officers. I'm guessing its the FBI saying STAHP.It seems unlikely that the FBI, peeved though it may be at Reddit's vigilantism, would take time out of its urgent investigation into a still-unfolding crisis to rent out a botnet to DDoS the site. Another user, sillybanny, argues on the same thread that its a sort of Karmic fallout for their amateur sleuthing landing innocent bystanders in the spotlight: "I think it might have something to do with the 'witch hunt going on with the boston bomber … I've seen some stories that aren't too happy with how we're handling this. That's where I see some possible correlation, even it the whole blaming thing is over."Someone else mentions CISPA, another China, then North Korea, and round the water cooler we go. Nobody has any answers, obviously, yet the DDoS continues on into the afternoon. When it's over, the admins will likely release the pertinent information—and we can find out once and for all if FBI agents took some time out of tracking down the Boston bomber to overload a social media website's servers.
ONE EMAIL. ONE STORY. EVERY WEEK. SIGN UP FOR THE VICE NEWSLETTER.
By signing up, you agree to the Terms of Use and Privacy Policy & to receive electronic communications from Vice Media Group, which may include marketing promotions, advertisements and sponsored content.
