I HAVE POWERED six different blogs with separate back end servers since regularly posting things online over the past five years. While Six Apart does an admirable job of keeping the spammers at bay, there is a steady problem with spammers using botnets and this means something worse than comment spam.
Botnets can do much worse than irritate bloggers. Well-orchestrated botnets could damage the financial trading system. The largest botnet that has been taken down so far was 120,000 nodes, which is far more than you'd need to disrupt London trading for a day. On the Irish Open mailing list, some have speculated that a typical hacker could take out an average corporate site with no more than 1000 machines on a botnet. A little sniffing around and you can find people who will rent you a botnet stretching over 500 machines. Hook yourself up to 1000 machines on a botnet and you can take AIB offline for a day. Those 1000 machines could suck up 40 Gbps worth of bandwidth.
Here's the thing--if you're in the business of keeping machines online, you should have a way to respond to a distributed denial of service (DDoS) attack. Six Apart's servers survived at least one of those onslaughts in 2006 and it's inevitable that another DDoS attack will come in 2007 because it's become relatively easy to acquire inexpensive botnet services today.
