Strange days

our sweet, sweet ladies

Moderator: Raytech

Strange days

Postby sbando on Wed Jun 06, 2007 1:25 pm

My older tin.it e-mail address is not working at the moment and I cannot send emails outside the tin.it domain.

Strange things are happening, one major company (close friends of ours) is under attack and they've been fighting for a few days now.
That will cost them tons of money but it will also cost us a few bucks.
Good luck!

Nop, Bunny, be on the look-out.
Last edited by sbando on Sun Jun 10, 2007 3:04 pm, edited 1 time in total.
User avatar
sbando
Extinct
 
Posts: 9308
Joined: Tue Apr 10, 2007 8:25 pm
Location: Firenze, IT

Postby Walter Burns on Wed Jun 06, 2007 7:40 pm

IAFD has had attacks as well recently. And don't forget the old place was attacked too. Might we have a porn crusader/hacker on our hands? Without giving too much away, are the attacks coming from Turkey?
Walter Burns
Mr. Burns
 
Posts: 550
Joined: Thu Apr 19, 2007 12:44 pm

Postby sbando on Wed Jun 06, 2007 8:34 pm

I don't know any details, it's a DDoS attack of massive proportions, not just a defacing.
User avatar
sbando
Extinct
 
Posts: 9308
Joined: Tue Apr 10, 2007 8:25 pm
Location: Firenze, IT

Postby Walter Burns on Wed Jun 06, 2007 11:49 pm

Seems to be different in nature than what happened on the IAFD.
Walter Burns
Mr. Burns
 
Posts: 550
Joined: Thu Apr 19, 2007 12:44 pm

Postby wretch on Fri Jun 08, 2007 3:52 am

Time to nullroute!
wretch
Almost human
 
Posts: 97
Joined: Wed May 09, 2007 5:26 pm

Postby Steve on Tue Jun 12, 2007 2:59 am

Ask your host to filter ICMP packets and ping data and the average DDoS vanishes.

Any idea why a botnet would be used against you though? Generally, they are only used when there is a commercial gain for the botnet owner, so I cannot think of a reason to hit a site that is not profit making or directly attacking them in some competitive way.

Usually botnet owners are too busy leasing out there compromised PC network to the highest bidding spammer.

To be blatant, don't blame the spammer for sending all this shite out to everyone. Blame the idiots who run their PC's with no firewall or virus protection allowing their PC's to end up compromised with spam sending software and other crap all over it.

In my line of work I can analyse any computer that connects to my server and the amount that I see that are compromised with stuff like "Fun Web Products" on their browser and whatnot. It's a stupidly high amount of people.

The spammer, or bot net owner (apart from being the scum of the earth) are just simply making money out of other peoples laziness or stupidity (or usually, both).
Steve
 

Postby Steve on Tue Jun 12, 2007 3:03 am

Oh, one more thing. A common attack nowadays seems to be exploiting malformed strings. Check your stat software for anything reporting a code 400 and see if that IP address needs blocking.

Should also find a string of code that contains the url w00tw00t. If its there, its trying to find your phpmyadmin using a bot. Best to block it (I see this a lot on almost every site that I maintain).

I would assume your phpmyadmin is installed below root, but if not then this is even more essential

Cheers

Steve
Steve
 

Postby Steve on Tue Jun 12, 2007 3:06 am

Just did a scan of IAFD wondering why they would be attacked. Windows Server!!! I think thats all I needed to know :)
Steve
 

Postby sbando on Wed Jun 13, 2007 12:16 am

Since there's some meaningful conversation about the topic, I'm moving it back to the tech section.

IAFD is traditionally Windows-based, due to Jeff's skills as SQL coder.

As said above, we're not talking about simple ownage here, but MASSIVE bot attacks. So massive that they can put entire clusters on their knees, for days and days, with no easy solution in sight. In those situations, filtering packages just won't fix it.
User avatar
sbando
Extinct
 
Posts: 9308
Joined: Tue Apr 10, 2007 8:25 pm
Location: Firenze, IT

Postby Steve on Wed Jun 13, 2007 11:16 pm

Still doesn't cover why anyone would want to bring Eurobabeindex to its knees or infact any free site that is not directly effecting someone elses business.

It only takes a few hundred compromised PC's on a fast connection to drop a site or even a network if the command is to send fragmented packets. You can receive literally billions of requests in a very short space of time which would appear to be a massive attack.

Do you have a log of the IP addresses attacking? Is it a distributed denial or reflected.

I always think back to the DDOS and DRDOS attacks that took down grc.com a few years back when they were still relatively new (well, distributed and reflected were new, Satan DOS attacks were already well known then). Maybe something on the story that Steve Gibson posted on grc.com could be of help

Steve
Steve
 


Return to Eurogirls

Who is online

Users browsing this forum: No registered users and 59 guests