Wednesday, September 14, 2011

How does WikiLeaks host their site?


Whether you believe what Julian Assange is doing is right or wrong, you’ll still have to admit that the amount of traffic WikiLeaks is generating is the dream of any web site owner and the dread of every web host. It is estimated to be receiving over 3,000 visitors per second. Not to mention the DDoS attacks and hack attempts. So how do they actually do it? Lets take a look at how WikiLeaks have been working hard to keep their site online.
WikiLeaks
The original WikiLeaks site wikileaks.org has been online since 2006, but only came under the spotlight in April 2010 when it published a video of a 2007 US air strike on Baghdad. Since then it hasn’t been out of the news for long, and has been under a barrage of legal and digital attacks.
The majority of the changes to the WikiLeaks website occurred in the first week of December 2010, just after the release of the CableGate files. At that time the site was hosted on servers in France, and they had just started an account on Amazon’s EC2 cloud(It already had over 300 mirrors around the world). It came under a massive DoS attack, in excess of 10 Gbps, on December 1st. They survived the attack that lasted only 15 minutes, but Amazon decided to pull the plug and their account was closed on the 2nd. The original site name wikileaks.org was then dropped by its registrar EveryDNS.net on the 3rd, due to multiple DoS attacks on their DNS service.
WikiLeaks then decided to move it services to Europe, where it already had servers managed by the Swedish Pirate Party, and they assumed the new doman name wikileaks.ch. Two of those servers are at the now famousBahnhof Internet “Pionen” center. Situated in central Stockholm, this data center is located 30 meters below the Pionen White Mountains, in what was once used as a nuclear-safe shelter.
Today, with over 1400 mirrors, the wikileaks.ch site itself is hosted on servers in Sweden, Netherlands and Australia. The servers located in Sweden, and hosted by Bahnhof Internet, are Debian GNU/Linux based servers running Apache 2.2.16. The servers in the Netherlands are also Linux based, running various versions of Apache 2, and appear to be directly managed by the Pirate Party. The servers in Australia, hosted by OVH Systems are also Linux based, but are running nginx 0.8.53. The WikiLeaks site itself has been designed for simplicity and employs only html, css, javascript and png static files. This help reduce the resources required, especially with the large amount of traffic the servers are expected to handle.