Why and Who Is Attacking Anime-Related Websites?

Posted by | Anime, Info | 60 Comments
  • 0
  • September 02, 2014

I’m assuming you’ve noticed over the past few days that anime-related sites mainly to do with pirating are being attacked which is resulting in downtime. The current sites which are currently experiencing this are: Haruhichan, Nyaa, Tokyo Toshokan and AnimeTake. The websites are / were being attacked and taken down by DDoS / DRDOS.

On the 30th of August we received an email from one of our host providers stating that our one of our server’s IP has been put into a mitigation infrastructure to attempt to stop the DDoS attack that we were experiencing. Note that I didn’t notice this right away until multiple users reported problems about accessing the site and its poor performance. We started to experience the attack on the 28th of August.

OVH DDoS attack 2 OVH DDoS attack DDoS Protection email

I decided to look into it and did a trace route on the IP, as the above stated we were actually put behind multiple firewalls to try and filter out the DDoS.

server 1 tracert

Server 1 chilling in the mitigation infrastructure

This resulted in poor performance on the website as well as downtime which is very stressful and time consuming.

Downtime 1 Downtime 2

After switching servers back and forth and trying to figure out how to counter this problem, we finally found a solution which we have passed onto most webmasters in the anime community (Nyaa, HorribleSubs, AnimeTake etc). As a result of this, one of our servers had about 8-hours downtime in the process due to the fact it took the 2nd big wave of the attack which Tokyo Toshokan estimated to be 25Gbps+.

server chan tango down

Poor server, didn’t stand a chance.

Well at least it’s up now.

2ed583

This image is fake according to users and not being able to find the attack on the Digital Attack Map website.

After seeing Geektoku‘s tweet I decided to do a little bit of research using the Digital Attack Map website and on the dates we were suffering poor performance and switching between 6 different servers located in different areas of the world to try and mitigate the attack to bring our site back online.

Japan to Germany

DDoS while in the mitigation infrastructure

Japan to Luxembourg

Before our IP was put into a mitigation infrastructure.

As the above image states; while we were in the mitigation infrastructure the DDoS was originating from Japan. Lets not point fingers at the Japanese Government now, it could be anyone in Japan or someone who has servers located in Japan but is located somewhere else in the world.

We kept switching servers located all around the world to try provide false targets so we could gain access back to one of our servers. We decided to switch to a USA server to host the website, the moment this happened, we were instantly attacked which caused poor performance / random outage on the website.

USA server ddos

Japan to United States

We were getting hit multiple times to the same IP of the server which was hosting the website at the time and it resulted in us not having access to the server for a while.

USA server DDoS 2

You can’t keep us down.

When all is considered; I personally don’t believe the Japanese Government or any anime industry have anything to do with the attack. I believe someone is trying to start a conspiracy with the MAG Anti-Piracy Campaign recently going live. The attack did originate from Japan for us. We just don’t know who did it.