Earlier the WordPress security site WordFence reported that DreamHost servers were attacked with a DDoS attack. This attack occurred after a white supremacy group was said to be hosted on their servers. DreamHost threatened to remove their site for a terms of service violation, and since then this attack occurred. It’s unclear if the attack was done by the site owners or someone else since the attack would have taken their site offline as well. An Anonymous Twitter user appears to take credit but it’s unknown if it’s a legitimate Anonymous hacker group account since they’re anonymous.
Since the attack this morning WordFence is now reporting that DreamHost is backup but with some services in a ‘degraded state’.
Update at 12:36pm PST: Dreamhost is reporting all services are restored and operational, although they show many services in a ‘degraded’ state. You can find out more information on their status page.
Anonymous, or whoever is behind the DDoS attack, is hurting the rest of society, by assuming they are the arbiters of which messages are acceptable, and which are not. I don’t want them thinking for me. I presume you don’t either.
See below for more details on the attack and how it was discovered and reported by WordFence:
Their team posted this tweet 20 mins ago.
I’ll be posting updates here as the situation progresses. Their engineers are clearly working the problem.
You can find their status page at https://www.dreamhoststatus.com/ – currently, it says the following are affected:
Their team detected the attack at 9:20am PST and mitigation started at 10:20am PST.
Dreamhost has recently been in the news for fighting a US Department of Justice request for the IP addresses of all visitors to a website that they host.
The DDoS appears to be unrelated to the DoJ request above. It looks like it may be an Anonymous attack targeting the Dreamhost DNS to try to take a white supremacist website called ‘punishedstormer dot com’ offline. The website came online today and is hosted by Dreamhost.
What is Being Attacked
Dreamhost currently hosts an extremist website called punishedstormer. The site’s DNS is also hosted by Dreamhost. That means that if you try to access the site, your computer or device contacts Dreamhost’s servers and asks for the IP address so that it can connect.
The attackers have launched a massive amount of traffic targeting Dreamhost’s DNS servers so that the website they want to take down becomes inaccessible.
You can see the DNS servers that are being used for the target website in this screen capture:
Thankfully it looks like the problem was fixed on the same day, but this is a good time to make sure you check your site security and make sure your web host provider won’t become a target.