But doesn't echo make you use their bank account which is really hard to withdraw from?

I'm beginning to question whether they're the victim of a DOS attack, or whether they've munged up a move of their physical location, as I was told by one of their service rep's last week.

Is it typical that a ddos would last 5 days?

Why can't they give customers an IP address to use if their domain name is under attack?

Why can't they redirect their domain name if their IP is under attack?

I'm losing revenue along with everyone else.

The absence of ANY mention of the DOS In the press makes me question whether it's not true.

> Is it typical that a ddos would last 5 days?

If computers are compromised it makes sense that the attacks would increase as more of the computers infected were turned on for "business use". Thus less traffic on weekends, but more on weekdays.

I'm disappointed there is no announcement of any sort. 2Checkout.com was very communicative in terms of sending out e-mail notices to customers the last time it happened to them.

Got an email from them, with pretty much no useful information.

Okay, here is what I've been told. Anet was attacked as part of an extortion plot for money from a 'group' in the Soviet Union requesting a wire transfer to somewhere in Latvia. I'm not kidding! Obviously, they refused to pay.

At one point the attacks were overpowering 100MB of bandwidth. Anet has increased bandwidth to 1 gig and is working with vendors on new security.

Silly me...I thought security was supposed to be in place for prevention...not as a solution to a current problem.

2Checkout.com was very communicative in terms of sending out e-mail notices to customers the last time it happened to them.

Beg to differ on that point - at least as far as this customer was concerned - 2CO was a complete disaster, and I received zero notifications by e-mail - they couldn't even take the time to post reasonably often to their own support forum - when it was up!

I moved to Authorize.net from 2CO and even with these attacks I'm still doing better than I did on 2CO, and no more of those rediculous "I forgot to click that last button to notify the seller.

2CO had a DDOS attack when I was with them and except for a 2 sentence blurb on the log-in page (which was not accessible till after the attacks) there was nothing. That attack came right during my largest advertising campaign of the summer... its hard enough to make money in the summer anyway. Don't want to turn this thread into a 2CO vs. Anet war, but you know where I stand, lol.

Doesn't 2CO charge something like 5% in fees?

use paymentech. i have used them over 2 years and can't remember any significant downtime.

5.5% to be precise for 2Co

So, how does a company protect against or at least minimize a distributed denial of service attack? Is it a "trade secret" or some adjustments to the technical infrastructure? Can't routers and firewalls detect garbage traffic versus legitimate credit card transaction traffic?

We very recently changed from Verisign to Authorize.net mainly to gain some added functionality. For some reason, Verisign would let us do automated credits. We don't get alot of credits but with our repeat business nature, if a customer forgets to enter their discount code, it's easier for us to enter it on our system and post the credit to the processor. ANet lets us do this, voids too.

So, since our Verisign account basically stays open until the merchant tells them to close it, we've been able to use it this week as a backup. If Anet fails (status <> 200 lately) then try Verisign we've definitely saved some business by having two. I think this new code will just stay in place now.

Can't routers and firewalls detect garbage traffic versus legitimate credit card transaction traffic?

No, these sorts of attacks send what look like legitimate requests. The payment gateway has to process them to discover which are genuine and which are not. In an overload attack like this the requests come in faster than the gateway can accept/reject them, and the pipe clogs.

> the requests come in faster than the gateway can accept/reject them

So, is this an issue of bandwidth? What if AuthorizeNet say were hosted with a giant web hosting service?

DoS attacks are a very common thing in the gateway world, it really comes down to how to prevent it from going too far before any downtime occurs. Packet sniffers and other tools as well as certain procedures in the system can be set to reject information before it even hits the machine. Even if for some reason traffic was still happening maliciously the subnet or IPs from where the traffic is coming from can be banned.

> the subnet or IPs from where the traffic is coming from can be banned.

If it is coming from a compromised workstation, what then? Is the traffic banned indefinitely, or just for a period like say 15 minutes?

> the requests come in faster than the gateway can accept/reject them

So, is this an issue of bandwidth? What if AuthorizeNet say were hosted with a giant web hosting service?

Bandwidth is a part of it, but the gateway's computing power will limit throughput before bandwidth limits are reached. The gateway can add more computing power- lets say they use 1U servers at $4000/per, and each can handle a sustained 25 requests/second. But the DDOS attackers can get an additional 10,000 compromised zombie PCs to launch attacks for only $2,000*. Or free, if it was their worm that compromised the PCs in the first place.

The economics of these attacks make scaling a losing solution. Evasion and active blacklisting is the best bet.

Aside: if routers could detect which packets were valid credit card transactions, we wouldn't need credit card gateways. We'd just submit to our routers. :)

^{* source: USA Today 9/8/04}

Is AuthorizeNet down today again? Anyone know Is it completely or still intermittently? I'm sick of this.

I just got notified by my shopping cart company http://www.salescart.com/pressrelease/press040921.htm ....I originally thought there was a problem with the cart.

I contacted VeriSign and they said their total downtime was 12 seconds last year? Of course I hate VeriSign....

[edited by: DaveAtIFG at 11:25 pm (utc) on Sep. 21, 2004]
[edit reason] DeLinked URL [/edit]

Order processing seems to come and go today. At least their Virtual Terminal screen seems to be working so you can login and process the order manually if you have the CC details.

Found short blurb on NetCraft re: DDOS:
http://news.netcraft.com/archives/2004/09/20/ddos_attacks_target_authorizenet.html

[edited by: DaveAtIFG at 11:26 pm (utc) on Sep. 21, 2004]
[edit reason] DeLinked URL [/edit]

Ok... something changed on their end, though they claim nothing has changed, and, as of 5:30pm PST, they claim there is:

- no IP blocking going on
- nothing wrong and no merchants are experiencing problems "but you"
- no more intermittent outages

I beg to differ.

I haven't seen anyone mention Cybersource here as a good alternative. Actually, I haven't heard them mentioned anywhere in quite some time. I remember that they used to be big players, way back. Are they any good?

A couple of things.
There are some news stories about the DDoS attack against Authorize.Net starting to appear. And SANS now has a small item, because I reported it on Sunday.

As of yesterday, attacks continued but on a lesser scale, and with diminishing frequency.

No site is immune to a DDoS attack, however the response preparedness is what's important. And these primarily "russian" extortion plots have been increasing in frequency this year. Where once their primary targets seemed to be online gaming sites, they now appear to be setting their sights on financial services sites.

Authorize.Net is not a particularly large company. Not to excuse them, but it takes a lot of money to get to the same security level as an E-Bay or a Microsoft. From what I've been told they are spending the bucks this week.

Most of the problem for my site this week has been the carousel of Ip addresses employed by ANet, since my server does not use a DNS pointer (although we opened up the possibilities). I 'm pleased to report that I've not seen any problems in the last 24 hours with connections.

Sorry DaveAtIFG. I forgot the guidelines, in my ecommerce despair.

Thanks for the IP addresses posted though. I seem to be up and running again. :-)

Absolutely nothing is working with Auth.net today for us. Anyone else still having problems?

We are having problems and have been for about 45 minutes.

We are moving fast, however, to get Verisign incorporated.

Yes we have been down today for awhile as well.

Completely down.....

Problems here too. Verisign is processing payments for now.

Is everyone back up?