DDoS Fears Shatter WikiLeaks Mirror Site Hosting

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.,

Web host SiteGround has suspended at least two WikiLeaks mirror sites, citing fears of disruptive attacks

First it was WikiLeaks. Now, several mirror sites appear to be in the crosshairs, as another Web host, this time SiteGround, suspended accounts claiming the sites violated its terms of service, engaged in illegal activity and were at risk from potential distributed denial of service (DDoS) attacks.

According to a post by Marcia Hofmann of  the Electronic Frontier Foundation (EFF), a WikiLeaks mirror was shut down by its host, SiteGround, as result of pressure from its upstream provider, SoftLayer. SoftLayer claimed the mirror WikiLeaks site violated the company’s acceptable use policy and terms of service, wrote Hofmann.

Action Demanded For Vague Reasons

A Google search turned up at least two users who claimed their WikiLeaks mirrors had been shut down by SiteGround. While the EFF post did not identify the mirror’s owner by name, the stories were identical.

One user, Mark McCoy, a self-professed anarchist, posted on his blog the entire email thread between SiteGround, SoftLayer and himself. SiteGround initially informed McCoy that “some illegal activity” had been performed through his site which “severely” violated SiteGround’s Terms of Use and Acceptable Use Policy. The letter indicated the complaint came from SoftLayer.

SiteGround said in the letter that when “illegal activity” is detected, the company had to “take immediate actions to stop that activity”, or risk having the entire server “unplugged”. SiteGround said McCoy needed to scan his computer with antivirus software, change his account’s password, and delete all the infringing files in the directory. The infringing files, according to the list, were the WikiLeaks cables that had been uploaded to his account.

“Before I delete the ‘evidence’, could you tell me what the exact violation is?” wrote McCoy, noting that the initial email had implied he had malware or an exploit on the site, not HTML and JavaScript files.

Just Comply

McCoy pressed SiteGround for actual details on the violation but the host declined to do so, noting that since the order to suspend his account came from SoftLayer, “We had to comply”.

According to the chain of letters posted on the blog, McCoy then wrote to SoftLayer to discover the exact violation. As there were no further updates, it appears SoftLayer never responded, but McCoy does not maintain a mirror at this time.

According to Hofmann, a customer who had been shut down by SiteGround was told SoftLayer wanted the mirror taken down because it was worried about the potential for DDoS attacks. The user pointed out that no attack had happened and this rationale would allow the company to “use hypothetical future events” to take down any site, Hofmann wrote.

“It’s incredibly disappointing to see more service providers cutting off customers simply because they decide (or fear) that content is too volatile or unpopular to host,” wrote Hofmann.

Slippery Slope Of Censorship

Internet intermediaries need to stick up for their customers, not undermine their freedom to speak online, according to Hofmann.

She said censorship was a “slippery slope”, with the first victim being WikiLeaks which was soon followed by a mirror. She wondered whether a news organisation that posted cables or analysis of the documents could be knocked offline. “If intermediaries are willing to use the potential for future DDoS attacks as a reason to cut off users, they can cut off anyone for anything,” said Hofmann.

WikiLeaks lost its Web and DNS services shortly after it began posting the leaked cables. Since then, it has moved to non-US based providers and relies on more than 1,000 mirror sites to stay online.