View Full Version : WorldPay struggles under DDoS attack

04-10-2004, 12:50 PM
WorldPay struggles under DDoS attack (again) as reported at The Register (http://www.theregister.co.uk/2004/10/04/worldpay_ddos/)

WorldPay, the Royal Bank of Scotland's internet payment transaction outfit, is continuing to fight a sustained internet attack which has left its services largely unavailable for a third successive day.

Since Saturday (2 October), WorldPay's online payment and administration system has been reduced to a crawl, due to a malicious DDoS attack by unidentified computer criminals. A spokesman for the company stressed that although is fighting a serious "denial-of-service" attack, its systems is uncompromised and customer data remains secure. "We are processing transactions securely but the attack is blocking our ability to operate normally. We apologise unreservedly for any convenience caused," he added. WorldPay's techies are working overtime to restore service but can't say when normal service will be restored.
Click Here

In a notice to customers on Saturday (2 October), WorldPay said: "We regret that access to our payment and administration systems is severely disrupted due to a planned and large scale Denial of Service (DDOS) attack by a third party. Our payment and administration systems are working, safe and secure, but the networks around them are being flooded with requests on a huge scale, causing 'service denials'. We are processing payments, but far slower and fewer than we normally would.

"We are executing our contingency plans to move to full restoration of the service but cannot at this point in time predict when all customers will have the service restored without further interruption. While attacks of this type can be anticipated, it does take time to identify and deal with the exact nature of a particular attack. We are doing everything that is possible to restore a full service as soon as is possible," it added.

Users are advised to check WorldPay's customer service portal for updates. WorldPay was the subject of a similar three-day long denial of service attack last November.

One Reg reader writes: "Looks like they have not learned much from last year/s dos attack as the service has been down for most of the day. We have lost thousands in orders."

A WorldPay spokesman said the vast majority of customers had been supportive and understanding. He noted that many businesses had experienced DDoS attacks in recent months. Many of these attacks have been linked to extortion attempts, but WorldPay declines to say if it has received any demands from its attackers.

Looks like a Payment Processors reputation is also something to consider when looking for there service.

As are there backup plans for such attacks. WorldPay, maybe (i think it must be) the biggest Provider backed by the RBOS who made billions in profit last year can't provide a normal service after 3 days. We can look at other DDOS attacks recently like the Microsoft one, which they survived. (Partly due to the prat doing the ddos picking the wrong url) but also due to their network design. Which allowed them to filter the packets.

Anyways, I don't think it would hurt if customers here fired off there views of backup plans to them, as this is the second time. And people are losing money!


04-10-2004, 02:23 PM
Lets hope for others sakes that this blows over a.s.a.p the last thing a fledgling seller needs is his "secure" merchant account under attack by theiving bar-stewards.

Thanks for the heads up!

04-10-2004, 02:45 PM
Although I think that Vodaphone, etc, (worldpay clients) will be doing a fair bit of "firing off" themselves, likely with a bigger impact too.

I first met the Worldpay team when they were a small organisation touting for business in the early .com boom days, 2 directors came to our offices... wouldnt see that now.

I have no doubt that they have invested a huge amount in preparing for such attacks. Sadly its not as simple as "filtering packets"

As you will have read there are alleged to be a large number of "ransom" demands against online bookies and gambling sites in particular by organised gangs. A DOS attack can be quite sophisiticated and can knock even the most well prepared companies out of action.

I think that what we really need is for some decent investment in corss border policing of this kind of issue. As it tends to come from overseas its a minefield to get any kind of action let alone a prosecution and until the online business community is better represented in the commons, this kind of thing is going to go on with little risk to the perpetrators.

I say: Lobby your MP! Write them a letter, tell them that your business is suffering as a result of the lack of policing of such issues and refer them to this incident. With enough pressure maybe some more resources will be pumpe dinto combatting such attacks.



04-10-2004, 04:17 PM
As James pointed out, I don't think that WorldPay can be held responsible. Remember the DDOS attack that bought Google down earlier this year?

It goes to show that any site, no matter how big, can be brought down by determind scumbags...

I have no doubt that WP are working flat out to get thjings back to normal, I have been getting regular email updates from them...

One point to note though is that the securoty of their systems has not been compromised just the processing side...

04-10-2004, 04:36 PM
Just got thi8s from WorldPay...

Dear Customer,

Most customers now have normal access to our payment and administration systems while some may still be experiencing intermittent access.

Although the attack has been sustained for several days, we have been able to process more than 80% of the payments we would normally process. However, with this type of attack, different customers will be affected at different times and to varying degrees. We continue to combat the attack and mitigate its impact, but cannot at this point predict when our service will be restored without further interruption.

Please advise your customers to try again if a first attempt to make payment does not succeed.

Further updates on this incident will be provided on the Customer Management System portal page at www.worldpay.com/admin.

Yours sincerely

Thank you,
Ann Clarke
Customer Operations Director
WorldPay Limited

Loooks like things are getting back to normal now... :)

04-10-2004, 04:38 PM
Oh no, the victims can never be held responsible and I am aware that anything remotely near a computer is a potential target. However it remains disconcerting that a company on whom you depend for your livelyhood can be layed low apparently at will!

I am all for better ability to prosecute these gits internationaly because web crime is borderless.

04-10-2004, 04:47 PM
Quite agree. As a web host we have multiple barriers in place against DDOS attacks as we know the effect it could have on our clients so I have no doubt that WP have an even greater level of protection...

Trouble is that it doesn't matter how big or small you are, these b**tards can still get you :(

04-10-2004, 04:50 PM
When I subscribed to WorldPay I knew things like this could happen ...

04-10-2004, 05:08 PM
Originally posted by hirstys
I have no doubt that they have invested a huge amount in preparing for such attacks. Sadly its not as simple as "filtering packets"

Actually it's all to do with filtering packets. (read more here http://www.openbsd.org/faq/pf/filter.html)

If your getting loads of requests to your servers you lose performance, but some of these are real, so you filter those of others you can see are fake, by packet content or ip/port.

By filtering (fake requests/packets/ip's) you reduce the amount of packets processed by the cpu keeping the server at it's best.

I bet WorldPay have some really big iron running there backend, but the fact remains redundancy is not a given with payment processors.

Maybe it's time for E-Commerce owners to put there own backup systems in place if the costs ever outweigh the expense.

(Ps. Google runs on off the shelf components - little white x86 boxes, i'd expect there boxes to go down before someones like WorldPays who has loads of people depending on it)

04-10-2004, 07:09 PM
whatever happens, whether packets are filtered or not, the DDoS packets are reaching the border routers (where they get filtered) and so saturating the bandwidth bottleneck going to WorldPay - stopping real traffic.

Also, how do you identify a few thousand attacking computers to real visitors?

DDoS attacks are notoriously difficult to stop as the quantity and volume is usually so great.

28-03-2009, 03:08 PM
For protection from ddos (http://gigabitdc.com) you should go with gigabitdc.com which have great expierence about DDoS, I will confirm that soon ( I just purchased a protected server from them )

28-03-2009, 09:05 PM
Ermmm, its nearly 5 years since this happened lol :)

29-03-2009, 12:39 AM
Bring forth the ban hammer.