As covered last time the www A record sends you to www.express.co.uk and the @ A record sends you to http://express.co.uk. On entering http://express.co.uk on Tuesday I ended up at www.bluechief.ie. Both Blue Chief and the newspaper use Dublin. AWS for their hosting. I tweeted to Blue Chief and The Daily Express, and emailed The Daily Express on the same day of discovering the issue.
By The Daily Express entering 54.154.197.209 not 52.213.188.170, end users typing in http://express.co.uk ended up at Blue Chief’s website not express.co.uk. A simple mistake with bad consequences. Bluechief.ie for likely 24 hours received a fair chunk of express.co.uk’s web traffic hence overloading their website for the time period.
The Daily Express has not replied yet to the email nor the form submission, but Shannon of Blue Chief did…

It turns out getting free traffic intended for a major UK tabloid has its cons. Another thought is, can you actually protect against this type of “DDoS” attack since the traffic is from genuine users just hitting the wrong website?/! The answer might be with difficulty since they are normal home users manually going to a website not controlled as part of a botnet or using a special malicious tool.
The moral of the story? Manage your DNS records properly and monitor your website for errors!
*The first time (I spotted this) was Manga High in September.