January 12, 2012, 9:57 AM

FoundationSource.com fends off a web attack

The management firm enlisted reinforcements to quell a denial of service attack.

Lead Photo

Foundation Source Philanthropic Services Inc., a management firm for private foundations, in September found that its clients couldn’t load pages on its web site, FoundationSource.com, or log in to their accounts to make grants.

Investigating the problem, the management firm found that hackers were overwhelming its network with more than 6,000 simultaneous requests for pages, roughly 10 times the site’s typical 600 simultaneous requests. “We knew we were under some kind of automated attack,” says Gerry Battista, vice president of information technology operations for the management firm.

The Foundation Source team initially fought the denial of service attack through its firewall and began identifying and blocking page requests coming from suspect Internet protocol addresses, and all I.P. addresses located outside the U.S. Battista says the efforts helped slow the attack over the next two days, before a surge came back stronger than before. The attack, which started on a Friday evening, had Foundation Source calling for reinforcements by Sunday evening. The company enlisted Prolexic Technology Inc., a distributed denial of service mitigation vendor, to help.

Prolexic rerouted the site’s traffic through Prolexic servers, which were able to identify and sort legitimate site traffic from the traffic generated by the attack, which it blocked. By Monday evening, the attack was over and FoundationSource.com was again fully available to legitimate traffic.

Battista says Foundation Source was fortunate that the attack, if it had to happen, occurred on a weekend when fewer clients would be trying to access the site. “An attack during the week would have been a different story, because having the site inaccessible would have damaged our client relationships,” he says, adding that the company has no idea why hackers chose to attack FoundationSource.com. “We had never been attacked before, but it can happen to anyone,” Battista says.

comments powered by Disqus




From IR Blogs


Adrien Henni / E-Commerce

Russian's new data law: What e-commerce firms need to know

All personal data must be stored in Russia, and not in cloud servers elsewhere. Here ...


Anna Kuzmina / E-Commerce

An introduction to online payments in Russia

Russian shoppers use a variety of domestic e-wallets quite often when shopping online, a result ...