Melbourne IT hit with DDoS legal threat

Melbourne IT has been hit with a legal threat for suspending the website of a Manly-based business following a distributed denial of service (DDoS) attack.

Sulieman Ravell, proprietor of small business Funds Focus, threatened legal proceedings in a letter sent to the service provider after it disabled his account.

He accused Melbourne IT of failing to help mitigate the denial of service attack on his $39.95 a month "business hosting" account.

Ravell's website was suspended on 20 December, one day after the attack began.

Theo Hnarakis, CEO of Melbourne IT said it was standard practice to take shared service websites offline if they were under DDoS.

Melbourne IT would usually attempt to block DDoS attacks against customers, he said, but it was unclear if it was standard practice.

Executive general manager of SMB services Damon Fieldgate said Melbourne IT suspended accounts under DDoS to "ensure there is no further damage and [bandwidth] cost to the customer and traffic continues for other customers".

Melbourne IT investigated the incident following an inquiry by SC.

A spokesman for the company said it had attempted to warn Ravell about the attack before his account was suspended, and did not recieve a return call.

But the company would not verify if it had moved to block the attacks.

Remember to sign up to our daily newsletter to stay connected with the latest news and analysis from Australia and around the world.

Ravell said he called the company and an operator told him his account "could be suspended indefinitely even if [the attacks] subside tomorrow".

Upset at the lack of support, Ravell commenced legal action.

He then migrated his site to HostGator, in accordance with recommendations of his outsourced IT company.

HostGator, which promises to protect customers from DDoS attacks, blocked traffic from Asia where the attacking 17,000 IP addresses were based and Ravell's site was brought back online.

The DDoS attacks, first reported by The Manly Daily, continued to hit his site in bursts into January.

Ravell said the incident cost the business only a "few hundred dollars" since the downtime occurred during the Christmas break.

Bulletproof Networks chief operating officer Lorenzo Modesto said suspended websites should be brought back online as a priority.

"It is a cascading order of priorities ... first block the destination IP address, which usually means turning the customer offline, but that's not the only step," Modesto said.

"Next is to reinstate service to that customer and eliminate impact on that customer. There are various strategies to take including to liaise with upstream network providers and get them to block source addresses.

"The willingness of providers to do that separates the wheat from the chaff."

Multiple victims?

The Australian Federal Police was querying whether the 19 December attacks were perpetrated by attackers who DDoSed a string of companies, possibly including ANZ E*Trade.

The broker service was also attacked and sent offline to external visitors on 19 and 20 December.

However the AFP could not confirm whether the attacks were linked. 

"The AFP does not have a specific, active investigation in relation to these incidents, however it has been liaising with a number of companies in order to fully ascertain the nature of the incidents and whether or not they are associated," it said in a statement.

"Until that is determined it would be inappropriate to comment further."

The attackers demanded other DDoS victims pay up to $5000 in order for the attacks to stop.

Ravell said he refused to reply when extortionists demanded money.

Copyright © SC Magazine, Australia