Company Hosting Joe Wilson Fundraising Site Recovers From DDoS Attack

A company providing online payment-processing services for U.S. Rep. Joe Wilson (R-S.C) is back online after being disrupted by a distributed denial-of service attack over the weekend.

The attack on Piryx began Friday afternoon and lasted into the early hours of Saturday morning and temporarily disrupted a Wilson fundraising effort that was underway at that time. Piryx CEO Tom Serres said. It also knocked out services for about 150 other Piryx clients, Serres said.

Piryx is a nonpartisan Austin, Texas, based start-up that provides services to help political candidates and nonprofits manage online campaigns and fundraising.

Serres said the company was contacted by Wilson’s office last week and asked to manage online donations from supporters rallying behind the congressman after he shouted “You lie!” during President Obama’s address to Congress on health care reform Wednesday.

Hours after the company began hosting Wilson’s homepage on its servers, Piryx found itself the target of a distributed denial of service attack, Serres said. Such attacks are designed to render servers and networks inaccessible by flooding them with useless traffic.

The attacks appear to have been directed at the joewilsonforcongress.com site, Serres said. At the time the attacks started, the site was handling about 100 transactions per minute and had already collected more than $100,000 from people who wanted to contribute to Wilson’s campaign, he said.

Initially, the traffic generated by the DDoS attack was manageable but soon Piryx began noticing “massive bandwidth spikes” that knocked its servers offline, Serres said. The data center hosting Piryx’s servers confirmed that it was the victim of a DDoS attack. At its peak, the DDoS flood generated about 1 gigabit of traffic per second, which is about 1,000 times the normal traffic on Piryx, Serres said.

After several failed attempts at mitigating the attacks, filters to block the traffic went into place early Saturday morning. Service has been normal since then, he said. It’s not known from where the attacks originated, but Serres said it appears to have been initiated by those opposed to Wilson’s comments, he said. “It was clearly politically motivated to take down Wilson’s ability to raise funds online,” Serres said.

The incident appears to be one of the rare instances of a politically motivated attack against a Web site in the U.S. said Kirsten Dennesen, an intelligence analyst with Verisign Inc.’s iDefense Labs. The attention attracted by Wilson’s comments, especially through social media tools such as Facebook and Twitter, appears to have contributed to the attack, she said.

“One question is whether there are going to be any response attacks,” she said.