back to article Massive DDoS racks up $30,000-a-day Amazon bill for China activists

Chinese activist site Greatfire.org which masks censored traffic into the country is under a sustained distributed denial of service (DDoS) attack that is racking up $30,000 a day in server costs. The website masks internet traffic from websites including Facebook and Google, so it can be seen in China, and does so using …

  1. James 51

    You'd hope that amazon would do the right thing here and wave the fees. After all that's forcing the victim to literally pay for crime and the positive press of handling the situation well would be worth a lot more.

    1. dan1980

      Especially considering the spare capacity they have.

      Still, I wonder why they (GreatFire) don't engage one of the companies that specialise in providing DDOS protection and mitigation.

    2. PhilipN Silver badge

      Upset China?

      Will be interesting to see whether Amazon is prepared to do so.

      If they help out they may prefer to do it on the quiet.

    3. SolidSquid

      I'd agree, but it might depend on what mitigation they've put in place already (eg Cloudflare) in case of this. If they've actually made an effort to prevent it and it's not been enough though then I don't see any justification Amazon could give for keeping charging

      1. John Brown (no body) Silver badge

        I'm not sure how it's different to the bad old days of dial-up when users got infected by premium rate diallers. Sometimes the telcos would waive the enormous bills, other times they simply said that the calls were made, pay up. It's down to their largess more than anything else.

        1. ratfox

          I'm surprised Amazon does not have built-in protections from DDoS attack… After all, it most certainly have such protections for its own websites, you'd think it would be trivial and cheap to offer that to the websites it hosts…

          I'm pretty sure Google offers such a thing, though I might be confusing with yet another X-as-a-service.

        2. Anonymous Coward
          Facepalm

          Dial-up accounts

          Reminds of around 1998 when I used Cable&Wireless dial-up here in pompey. Off-peak was between 18:00 and :08:00. Off-peak was around a penny a minute call, and peak times was something like 16p a minute.

          Of course, during off-peak, disconnections used to happen every 30 minutes or so, lucky if you stayed on-line for an hour or more.

          One morning, got up for work, and whilst having my cup of tea, checked my e-mail (usual morning procedure). Had my shower, went to work.

          But, that morning I forgot to disconnect, and after getting home 10 hours later nearly had a heart attack to see the connection was still up!

          I got billed over £84.00 for one phone call - and even calling C&W to explain that normally I get disconnected ever 30/40 minutes or so, but during the PEAK I didn't, this was wrong.

          Nothing I could do - but pay it :(

  2. Ole Juul
    Headmaster

    Hokusai is Japanese

    I see the appropriateness of a wave, but I couldn't help but notice that the title picture is not Chinese but a very famous Japanese print called "The Great Wave off Kanagawa". Just sayin . . .

    1. phil dude
      Thumb Up

      Re: Hokusai is Japanese

      I think I last saw that in the Met last October...is there more than one?

      P.

      1. Ole Juul

        Re: Hokusai is Japanese

        Yes, it's a woodblock print (different plates for each colour). There are quite a few copies in various museums and private collections. There are also lots of very good non-original copies made using the original technique.

  3. streaky

    Here's Some Advice..

    Smith is asking DDoS boffins to offer advice on mitigating the attacks

    .. Don't rattle China's cage if you don't know what you're doing because if you did you wouldn't rattle their cage (it's all circular).

    1. Anonymous Coward
      Anonymous Coward

      Re: Here's Some Advice..

      .. Don't rattle ANY OPPONENT's cage if you don't know what you're doing.

      There is nothing easier than knocking out a service which is run on AWS, especially if it is set to leverage AWS horizontal elasticity. 1h on a small botnet will generate enough traffic to bankrupt whoever is setting it. It is simply the wrong place to host it.

      Sure, it is buzzword compliant, you are using the cloud for a worthy cause - hip, hip hurray. Buzzwords all along.

      Cloud, because it is pay-per-use can and will be knocked out trivially using a brute force DOS simply by clocking an astronomical bill. Compared to this, flat fee physical iron based services may require more up-front investment but they are easier to defend and you can try fighting a war of attrition too as you are not paying for every bit thrown at you.

  4. Thought About IT

    Chinese puzzle

    At least greatfile.org know why it's happening. My server just hosts my software for free download and subsequent sale, but last year Chinese sites were downloading the same files all day, every day, until I throttled them. During the past couple of weeks, it's been subjected to a pirate bay attack, at a low enough level to be manageable with firewall tweaks. There have always been occasional attempts to break in from different countries, but this prolonged attack from China is quite disconcerting, as there's no obvious reason for it.

    1. streaky

      Re: Chinese puzzle

      as there's no obvious reason for it

      Did you not read what the site does? It's fairly obvious what the reason is.

      Also any DDoS that can be mitigated by "firewall tweaks" isn't really a proper DDoS.

  5. Terafirma-NZ

    So your saying that if I run my applications int he cloud it's still my problem to protect the network links even though I no longer own them. even if they engaged a company to help it's Amazon's DC so nothign can be done.

    How can Amazon not have something in place to stop this?

  6. DropBear

    A certain quote from Hari Seldon regarding violence (even if it is virtual) comes to mind.

    1. John G Imrie

      Not Hari Seldon

      But Salvor Hardin

      Violence is the last refuge of the incompetent

  7. caffeine addict

    If people use GreatFire because the government is blocking access to Google and Facebook, why can't the government block access to GreatFire? Surely Amazon doesn't have any more diverse a range of IP addresses than Google does, and I'm sure the Chinese government doesn't overly worry if other websites get blocked as a result. Blocking Amazon's entire IP range sounds easier than DDosing one site. And if they can DDos it, they can block it, surely?

    What am I misunderstanding...?

  8. Anonymous Coward
    Anonymous Coward

    Block

    They should just block the network traffic from China.

    :-)

    1. phil dude
      FAIL

      Re: Block

      Government != People.

      P.

  9. Alan Brown Silver badge

    This proves a couple of things

    1: "Cloud" is bizspeak for "someone else's shit" and as such you have little control over it.

    2: Greatfire made political hay out of using Amazon Cloud services on the basis that the chinese wouldn't be able to firewall the IPs without impacting a large number of other websites (aka "Nya nya, can't get mee") - effectively painting a big "kick me" on top of the target they already had strapped to their backs.

    I'm not entirely sure what they expected to happen. AWS don't have any DDoS protection and this kind of thing has happened before. I did wonder how long they'd stay up having issued the original press releases.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like