Hackers Take Down Largest Survival Web Site; Threatening Email Sent Prior to Attack
SurvivalBlog.com, the most widely visited survival web site on the internet became the target of a Denial of Service (DoS) Attack which rendered the site inaccessible on the evening of May 26. According to an email published at The Orange Jeep Dad Blog, Lily Rawles, the wife of founder and author James Rawles, says the attack “appears to have been a “pinging” DOS attack.”
The Survival Blog main server, which is located in Sweden, is unavailable by using its www.SurvivalBlog.com URL (uniform resource locator) or direct IP address http://220.127.116.11/.
As of Sunday May 27 @ 21:30 efforts are underway to redirect the domain name servers to the US-based mirror web site at the following currently available IP address: http://18.104.22.168/
A threatening letter sent to the web site anonymously this week via email demanded that the site remove all hyperlinks to various other web sites that were interlinked from Survival Blog. It also threatened to openly publish James Rawles books on pirated web sites. The email, in what appears to be broken English, called for Rawles to immediately cease the interlinking within 5 days and threatened to attack unless Rawles complied with demands to publish a racist headline and post on his web site.
It is uncertain whether Survival Blog’s refusal to meet the demands in the email are related to the flood of access requests that took down the web site over the weekend, but it’s believed that the anonymous sender traced to Texas may be directly involved.
A copy of the threatening email sent to Survival Blog is sourced via Prepper Website and made available by The Orange Jeep Dad Blog:
Update from (Avalanche) Lily Rawles (21:48 MST):
Apparently there’s a racist in Texas that has threatened JWR’s livelihood and attacked SurvivalBlog. The following is a quoted excerpt from the threat as sent to me directly from Lily. She asked that I leave out the cursing and I will happily oblige:
“It appears to have been a “pinging” DOS attack, most likely instigated by the man in Texas that anonymously sent me this little missive, last week:
You “N” (word removed) lover you have five days to take all links and any metion for links below off your site. If you dont do it I will post everyone of you crappy books on prirate sites and kiss your “N” (word removed) loving income from them good by. I can and haved posted privated books up screwed up a company before They are almost dead kiss www.survivalbooks.com good f***ing good by they could not take our hacks after relating to you f***. We even take their 4000 books off kindle. Don’t believe watch their books all go by by after Monday we have people work at amazon we can get their books off watch yours go to to. You must post I hate “N”s on your site or it happen to you to to. Time u feel our power see jewish hate on your site to. we hack good ,
F*** you them all u
[Note: Orange Jeep Dad Blog] I left punctuation “as is”. They hope to get the site back up by “Monday afternoon”. Please pray for the Rawles in hopes that God will continue to bless their family and deter this miscreant down a different, less harmful path and keep all the loyal advertisers/friends of Survival Blog safe from harm.
Survival Blog name servers may be in the process of updating, as accessibility seems to be in the process of being restored and or redirected to the US based IP address at http://22.214.171.124/.
If the site Domain Name Servers have been rerouted then the site should be available once the US based address propagates across global servers, a process that normally takes from a few hours to two days depending on end user access areas.
UPDATE: MAY 28, 2012 @ 12:03 AM
Accessibility to SurvivalBlog.com has been restored to the U.S. based mirror site.
Via Survival Blog:
This past weekend, our server in Sweden was put under a “ping flood“ Denial of Service (DOS) attack that at times resulted in 65% packet loss.
The attack was timed for a three-day holiday weekend, no doubt because the miscreants expected that the staff at our ISP would be unavailable to help us reconfigure.
OBTW, the attack initially did not include our dotted quad backup address:126.96.36.199 (Which is explained here.)
At least this provided a good test for our Continuity of Web Services (COWS) defenses. Obviously, we are now going to need multiple mirror sites as well as an adaptive cloud server that can handle any future DOS onslaught.
Due to the nature of name server updates Survival Blog accessibility via direct URL (www.survivalblog.com) may remain intermittent. Direct access is now available via http://188.8.131.52/.