Ebuyer and the 1 Pound Self Inflicted Denial of Service

The largest website we deal with has around 3,000 visitors per minute. My guess is that eBuyer's website has been dealing with a couple of orders of magnitude larger than that today; or rather, I should say, it has *not* been dealing with it.

What seemed like a clever marketing plan (and it may yet recover), has turned a bit sour for the online electronics giant Ebuyer; who have successfully arranged a denial of service attack on their own site - and the saddest bit is, they've timed it to re-occur once per hour for the whole day.

What does this actually mean? I'll explain. Ebuyer have been promoting a campaign recently which started today - £1 clearance, with some ticket items that are normally £200 or more going for just a pound. Their marketing team geared up the social side of things with promotions across facebook - and then, when the alotted hour arrived, it fell flat on it's face. Harsh - but it's business, and in reality, they should have been better prepared.

Why do sites like this fall over? Well, it's an occurrence known as distributed denial of service (DDOS). In the past (and present), malicious hackers arranged for thousands of computers to connect to a server all at the same time - and the servers cannot cope. This is very likely not what happened to eBuyer. The eBuyer site crashed due to self inflicted DDOS; hundreds (probably thousands) of people connecting all at the same time.

Unfortunately, these situations can slip out of control very quickly due to human behaviour. What often happens, is that someone will try to connect - and it will be slow. They assume there's a problem, so hit 'refresh', or click the link again. This creates another connection to the website - and escalates the problem. Frustrated users may hit refresh lots of times - or open new windows, assuming it's a problem their end... and the already struggling hardware groans, and falls over.

Fixing this sort of issue is a nightmare; and I speak from experience. Depending on how eBuyer's architecture is set up, they may be able to roll out extra capacity 'hot' - and by that, I mean they may be able to effectively add in extra servers (or processor power) on the fly. If they aren't on a flexible system, all they can really do is 'throttle' the visitors, and hope it calms down - ie, cut some people off, which is dreadful for the user experience.

Either way, it's a shame; and it will undoubtedly hurt them in the short term. What will be interesting for Ebuyer is the medium term - what will they do to appease an angry customer base - and will people remember next time and vote with their feet?

Years ago, I consulted for a well known mens magazine - and every Friday, they would send out an e-mail to half a million users listing their 'website of the week'. 10 minutes later, those sites would have crashed, as a flood of readers hit them all at the same time. This is an old problem; Ebuyer should have known better...