January 12, 2012, 9:57 AM

FoundationSource.com fends off a web attack

The management firm enlisted reinforcements to quell a denial of service attack.

Lead Photo

Foundation Source Philanthropic Services Inc., a management firm for private foundations, in September found that its clients couldn’t load pages on its web site, FoundationSource.com, or log in to their accounts to make grants.

Investigating the problem, the management firm found that hackers were overwhelming its network with more than 6,000 simultaneous requests for pages, roughly 10 times the site’s typical 600 simultaneous requests. “We knew we were under some kind of automated attack,” says Gerry Battista, vice president of information technology operations for the management firm.

The Foundation Source team initially fought the denial of service attack through its firewall and began identifying and blocking page requests coming from suspect Internet protocol addresses, and all I.P. addresses located outside the U.S. Battista says the efforts helped slow the attack over the next two days, before a surge came back stronger than before. The attack, which started on a Friday evening, had Foundation Source calling for reinforcements by Sunday evening. The company enlisted Prolexic Technology Inc., a distributed denial of service mitigation vendor, to help.

Prolexic rerouted the site’s traffic through Prolexic servers, which were able to identify and sort legitimate site traffic from the traffic generated by the attack, which it blocked. By Monday evening, the attack was over and FoundationSource.com was again fully available to legitimate traffic.

Battista says Foundation Source was fortunate that the attack, if it had to happen, occurred on a weekend when fewer clients would be trying to access the site. “An attack during the week would have been a different story, because having the site inaccessible would have damaged our client relationships,” he says, adding that the company has no idea why hackers chose to attack FoundationSource.com. “We had never been attacked before, but it can happen to anyone,” Battista says.

comments powered by Disqus




From The IR Blog


Philip Rooke / E-Commerce

An online retailer’s view of the ‘Brexit’ debate

British web retailers could be left out of the e-commerce race as other players in ...


Ethan Senturia / E-Commerce

DSCR: The 4-letter term that's be critical for small e-retailer

Lenders will look at the ratio of operating income to debit, or the debt service ...