Denial of Service/DDoS Attack on - Bulgarian Property Portal

Share Article

The Largest Bulgarian property, travel and tourism portal 'My Bulgaria' based in Guildford, Surrey has received and successfully repelled a DDoS attack directly against its domain name

On Friday 4th May 2007 (the start of a public holiday weekend in the UK) the Largest Bulgarian property, travel and tourism portal 'My Bulgaria' based in Guildford, Surrey started to receive a DDoS attack directly against its domain name

A brief description of what a DDoS (or Denial of Service) attack is can be found here:

My Bulgaria receives around 4 million page views per month normally and being that popular the site owners fully expected some sort of blackmail demand following. This is almost expected with DDoS attacks instigated for commercial gain. You can read about such an attack that occurred in 2006 to the popular Million Dollar Home Page here:

Chris Northam, the Managing Director of My Bulgaria Ltd said:

"With the absence of any prior or following attempt at extortion (which we would never have paid in any event) and given the timing and intensity of the attack (we were unable even to allow a holding page to appear which at the least would have explained why we were temporarily offline) we came to the conclusion that what we were experiencing was a deliberate, premeditated and malicious effort to ensure that the My Bulgaria portal remained offline indefinitely, if not forever. This would have had serious consequences not just for us as a business and our many thousands of users but also for our mainly real estate related advertisers most of whom rely on the existence of My Bulgaria for the bulk of their new inquiries. When we realized that our own efforts at combating this attack and its potential consequences were proving fruitless we immediately contacted and subsequently implemented the leading cutting edge security solution provided by Prolexic".

Chris went on to say "this was a difficult decision for us as the chosen solution is not inexpensive in relation to our turnover. Other solutions were less expensive but we viewed this as a direct aggressive attack against us and our businesses and therefore felt that we had a choice of either buying a Mini or a Rolls Royce. As we intend fully to be around for the long term in spite of these upsets, we chose the larger car! We were however potentially faced with the decision to either close the business or implement the best long term site security solution available. We chose the latter for two reasons. Firstly we did not want to let down our users, advertisers and employees and secondly because we did not want the paymaster of this attack to have the satisfaction of winning".

The incident itself and all supporting evidence as to who may have had the motivation and desire to pay for and instigate this attack and for whatever reason have been passed to the appropriate e-crimes unit in the UK along with a very short list of 'possible' suspects.

The IT Manager at My Bulgaria commented:

"Internet businesses do not plan for DDoS attacks generally unless they are extremely high profile or have multi-million pound turnovers. We had planned for most other eventualities and have been on line almost continuously since early 2004 as a result. DDoS attacks however are becoming increasingly common and are surprisingly inexpensive to instigate but equally costly to protect against. Although we have as a result had to invest a considerable additional amount to protect ourselves in the future, at least we can now rest assured that we can concentrate on what is most important: our businesses"!

In closing Chris Northam added: "We would like to thank all of our users for their phone calls and messages of support and similarly our advertisers (without whom we would not exist in the form that we do) for their patience and understanding. We would also like to thank the lesser publicised Bulgarian based internet forums such as Brits in Bulgaria (BiB) for their assistance in allowing us to post update messages.

A spokesman from the team investigating the attack on My Bulgaria commented: "Due to the timing and nature of this attack against an extremely popular and viable site, combined with the fact that no attempt at extortion was made, we are convinced that this was a commercially motivated attempt designed to put the victim out of business. As such we are concentrating our investigation on those who for whatever reason may be harbouring a grudge against the site, such as the possibility that they may be an ex user or an ex client or advertiser of the victim site". Most advertisers on My Bulgaria are involved in the Bulgarian real estate market.

Whilst visitor numbers and Internet rankings for My Bulgaria are now back to normal any remaining users that continue to experience site access problems should send a note of their IP address.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

My Bulgaria Ltd
00 44 1483 532977
Email >
Visit website