The home page for the b2 Web Log Tool has been hacked. The link I offer here is to the Google cache. Actually, the b2 home page was hammered by a Denial of Service attack (DoS) which pushed its monthly bandwidth well past the 16gb mark.
Personally, I can’t understand why CafeLog.com (which is currently down) was targeted. Though I use MovableType for this site and blogs4God, I have used b2 in the past. And it’s good stuff, especially for us programmer geek types who feel comfortable around PHP classes and MySQL. Compared to other blogging tools, it is amazing it b2 hasn’t garnered more attention.
Why do I bring this up here? In part becuase I feel Michel has been done a disservice, even though b2 has provided the blogging community with a very GOOD and useful service. Proving the adage that “no good deed goes unpunished.” Second, because without his asking, I’m going to encourage you to drop him a buck or two via PayPal to help encourage him get the product back online.
I also bring this up to remind you that when possible, establish maximum bandwidth limits that will gracefully and temporarily shut down your web site when such attacks occur. Limits which can be augmented once the smoke has cleared. If you’re unable or not knowledgeable on how to do this, then exchange some email with your web host provider. They’ll be more than glad to help you address such security related issues.
While you’re discussing these issues, also ask what you can do about banning IP addresses. In the case the DoS is coming from a particular set of internet addresses, you may be able to avert a digital overrun by simply denying them access. Though in the case of a DDoS (distributed attack), I think I might petition my web host provider to block the IP at the firewall or router level instead of at the server.
Of course, if you have the bucks, there are some rather nice commercial solutions available as well. Here is a link to a solution named NetEnforcer. The page also offers a good general description on what a DoS is, and how to prevent it (with and without their product). Then there is CS3′s The Reverse Firewall … a very interesting approach.
*UPDATE* – as requested, here are some more articles that provide some more DoS and DDoS prevention methods – though IMHO, I’m sure a talented and determined nere-do-well could shut down any site he/she desires.