Barricading an open access website – reflections on the attack on DOAB
Ronald Snijder
Wed 31 Jan 2024
As many of you might have noticed, last week the Directory of Open Access Books (DOAB) website was unavailable for several days. Sadly, the reason for this was not a technical glitch as we first suspected, but an actual attack on DOAB.
During the weekend of 21 January, someone decided to flood the Domain Name Server (DNS) of our registrar with requests for the DOAB record – a DDoS attack.
A short explanation: when you type in www.doabooks.org, your browser looks up this address in a Domain Name Server, which translates it to an IP address (that looks like, e.g., 123.123.123.123). However, when an attacker overloads the DNS with these lookups, this does not work any more. The result is that the website is working fine, but it can’t be reached.
Sadly, we were not immediately able to understand what was happening, as we did not have any previous experience with this kind of situation. Once the reason was clear, we could take measures. We moved our domain name registration to Cloudflare, a company that specialises in the protection against these kind of attacks. At the same time, we have done this for the OAPEN and the OA Books Toolkit websites as well.
Thank you for your patience with us as we navigated these new circumstances and please accept our apologies for the inconvenience caused. We hope that our explanation was clear, but of course, please contact us if you have any questions or remarks.