NEWS Online payment service WorldPay is still struggling to maintain the availability of its systems in the face of a "sustained" denial of service attack.
WorldPay, which is part of the Royal Bank of Scotland Group, was initially hit by the massive DoS attack on Tuesday, which flooded the company with bogus requests and brought its payment and administration systems to a grinding halt.
Customers, including Vodafone, Sony and hundreds of online retailers, who use WorldPay to process card transactions, were notified of the problems in an email yesterday. WorldPay said it was filtering and re-routing requests and giving customers the option of accessing a back-up service.
Simon Fletcher, head of UK communications at WorldPay, told silicon.com the company was aiming to restore something like normal service today but he admitted that the continued attack is still affecting availability.
"Though many of the measures we put in place yesterday are working effectively, the "denial of service" attack is being sustained and availability of our systems is at times intermittent as a result of this," he said.
Fletcher stressed that the integrity of WorldPay's systems had not been compromised and that the attack was purely aimed at knocking the service offline by overloading it with bogus requests.
"We are continuing to execute our contingency plans and are committed to achieving full restoration of the service as soon as we are able. We are keeping our customers briefed through all means possible," he said.
Comments
There are 5 comments. Join the discussion
1. Frank Smith
So why doesn't the back up system take over completely? (load balance?)
Or is it the backup system will have the same problem if brought online for all customers?
2. Brian Smart
I use Mailwasher and this will delete and bounce the e-mails I'm supposed to get from WorldPay because "the origin is blacklisted by SpamCop". Luckily I scan the list before letting Washer do its thing!
3. Jennifer L
If the backup system is used in place of the normal one, the DoS attack will simply switch to that one. There's no real way of circumventing it by taking the 'attacked' servers offline; that's the point of DoS.
4. Khushil Dep
WorldPay's system were ( when I used to work there ) some of the best in the country with more security than most government servers! The guys we had there were also top notch so I don't think people have to worry about leaks of CC numbers and stuff. Load balance is a very tricky thing to do and let's face it this is the first time that a DoS attack has happened to WP. They are most likely adjusting the backup server to meet demand but then I don't really know what they have in place at the moment - no outside WP should. The fact that NatWest and RBS have invested in this company should be an indication at how seriously WP take issues like security and contingency planning. Be interested to find out where the DoS is coming from really.
5. Stephen Spears
Is someone trying the DoS attack so that they can short the shares which will most likely dip heavily once the attack is underway and reported.