20i Domains

Hacker Attack - Experienced People

Discussion in 'General Board' started by crabfoot, Dec 1, 2010.

Thread Status:
Not open for further replies.
  1. crabfoot United Kingdom

    crabfoot Active Member

    Joined:
    Jan 2009
    Posts:
    889
    Likes Received:
    16
    The forum at experienced-people,net is currently under attack by hackers. They did a DDoS last week, and they have stepped up to another level this week.

    Just what they are trying to achieve is a mystery, as the forum is not operated for profit. Anybody got a clue what they are trying to achieve?

    Only thing I can think of is that a couple of people tried to plug dud biz opportunities on there, and got nothing but sarky comments - might be revenge.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. rob

    rob Founding Member

    Joined:
    Jan 2005
    Posts:
    5,961
    Likes Received:
    83
    Probably - its a real shame as its a cracking forum with utterly no cruft.
     
  4. ScottJ United Kingdom

    ScottJ Well-Known Member

    Joined:
    Nov 2005
    Posts:
    1,412
    Likes Received:
    13
    Pointless and poor timing with Clinton away in Oz now I think.
     
  5. expertc

    expertc Well-Known Member

    Joined:
    Apr 2009
    Posts:
    1,009
    Likes Received:
    16
    Been there... Nasty thing... In my case it was (as I've figured it out) a competing entity. They should talk to their host, it might be able to handle (some!) DDOS.
     
    Last edited: Dec 1, 2010
  6. crabfoot United Kingdom

    crabfoot Active Member

    Joined:
    Jan 2009
    Posts:
    889
    Likes Received:
    16
    It was DDoS last week, Clinton showed the email from the hackers saying they were going to step up to something nastier this week (can't remember the exact description). But they were not demanding anything, although Clinton said something like, "next they will be demanding money".
     
  7. jimm United Kingdom

    jimm Active Member

    Joined:
    Feb 2008
    Posts:
    689
    Likes Received:
    13
    From talking to peers there have been a lot of random attacks of late. Though these muppets seem to want the site down.
     
  8. expertc

    expertc Well-Known Member

    Joined:
    Apr 2009
    Posts:
    1,009
    Likes Received:
    16
    BTW, as a pro: does cloud hosting help against DDoS? What do you think?
     
  9. GreyWing

    GreyWing Retired Member

    Joined:
    Aug 2006
    Posts:
    4,068
    Likes Received:
    59
    Doesn't it cost them money to perform these attacks? Or a lot of resources to make these things happen. Just wondering what the point is for these people if it isn't to blackmail people.

    If it's free then fair one, even then though wonder what the point is.
     
  10. fish United Kingdom

    fish Well-Known Member

    Joined:
    Nov 2006
    Posts:
    2,724
    Likes Received:
    27
    Usually it's compromised computers which will send automated http requests to the target site
     
  11. jimm United Kingdom

    jimm Active Member

    Joined:
    Feb 2008
    Posts:
    689
    Likes Received:
    13
    No, Cloud hosting (depending on your definition) can help scale a site to handle the extra load but a dos needs to be dealt with at the network level for anything over a small attack. But it also depends on the kind of attack. Some of them will send very small packets in huge numbers, then the switches and routers cant cope, or some send attacks which tie up the connections on the server holding them open so no more requests can get through or one of the multitude of other kinds of attacks.
     
  12. Ashton Canada

    Ashton Well-Known Member

    Joined:
    Feb 2010
    Posts:
    1,609
    Likes Received:
    29
    To those unaware, a ddos is performed by a botnet (a group of compromised computers who are sent commands via IRC) they are then told to 'ping' the site, meaning they request all the site's data again and again - raping its resources. I used to have one of these and there isn't really much you can do. Dos protection is about all you can do (which bans the ip's and disconnects them as soon as they connect)

    As for the owner being away - thats really unfortunate. As soon as they get back get them to phone there hosts to either establish the ddos protection they have or move hosts to someone who can deal with it.

    Cloud won't help, only disperse the load over lots of servers (which will cost a bomb with most cloud being scalable to how much you use) which isn't a real solution.
     
  13. jimm United Kingdom

    jimm Active Member

    Joined:
    Feb 2008
    Posts:
    689
    Likes Received:
    13
    Most of the time it is a bot net yes.

    Sometimes IRC, but most time communicate direct with a master(s) through their own methods.


    Its rarely ping (if you actually mean ICMP) now. It tends to by SYC floods in the millions of packets per second as that can really stop your network. But again there are a multitudes of vectors which can be used.


    There are lots of things to do to handle the traffic. It all depends on your pockets. The simple and cheap way is to blackhole your IP at the edge.
    Your site will be down but its not costing a fortune.
    You can tar pit ips so after an amount of requests they get slowed down or blocked, you can use proper filtering using hardware so it decides what is a legitimate request and what isnt. There are proxy services which will handle the traffic and only pass legit traffic on. Many options. Depends on the size of the attack, type of attack and your budget.

    As mentioned, its not just a case of moving to someone who can deal with it. It costs money and significant sums of money.
    It mentioned 2Gbps attack i think on the site. To accept that level of traffic would cost £5000 per month minimum (£2.50 per Mbps on a large commit to crap routes over Cogent for example) before you add any cost to either filter it or provide the infrastructure to handle the requests.

    Agreed
     
    • Like Like x 1
  14. Ashton Canada

    Ashton Well-Known Member

    Joined:
    Feb 2010
    Posts:
    1,609
    Likes Received:
    29
    Haha good dissection - to make it clear I was going by my experience (I used irc) and in layman's terms. I haven't heard it put as well as you just did though :)

    By better hosting I didn't mean more B/W I meant by better ddos protection :)
     
  15. crabfoot United Kingdom

    crabfoot Active Member

    Joined:
    Jan 2009
    Posts:
    889
    Likes Received:
    16
    Maybe I am getting it - pay the hackers to go away, because it is cheaper than paying for the elevated bandwidth for zero real traffic?

    Am I right?
     
  16. Ashton Canada

    Ashton Well-Known Member

    Joined:
    Feb 2010
    Posts:
    1,609
    Likes Received:
    29
    Unfortuantely paying them will just mean they do it to some other unfortunate person.

    I would say get what DDOS protection you can and wait it out. Jimm seems very competent so maybe he can recommend some hosts that offer great ddos protection - or check if your hosts do.

    Ideally work to convince them that you are unable to pay - explain that the forum already costs money and doesn't make any and you literally cannot pay them and you will have to just shut the forum down permanently if they continue. They may stop earlier if they realise they aren't going to get anything either way and move onto the next target on their list (that is if they are really blackmailers and not hired by or they themselves a competitor)

    Good luck :/
     
  17. crabfoot United Kingdom

    crabfoot Active Member

    Joined:
    Jan 2009
    Posts:
    889
    Likes Received:
    16
    Last edited: Dec 5, 2010
  18. crabfoot United Kingdom

    crabfoot Active Member

    Joined:
    Jan 2009
    Posts:
    889
    Likes Received:
    16
    Hypothetical question, since no-one knows the origin of the attack, and Clinton's host claims to be the best v. DDoS attacks - but would it be possible to apply a redirect to the domain under siege, so that the $ht lands on the heads of an "enemy" domain, whether guilty or not?

    Yea, were it feasible, how hard would it be to conceal that action so that it looks like a total chance event?

    Get your Black Hats on ...
     
    Last edited: Dec 6, 2010
  19. jimm United Kingdom

    jimm Active Member

    Joined:
    Feb 2008
    Posts:
    689
    Likes Received:
    13
    If the attack is aimed at the domain and not the server it is possible to do.
    Legal or ethical I shall not comment.
     
Thread Status:
Not open for further replies.