More attacks

Aug 9 2009, 02:36 PM

This morning from around 10AM EST we suffered another denial of service attack similar to what happened last time. I blocked the offending IP addresses again to solve the problem.

If anyone has any issues legitimately accessing the server after this blocking, please email me at admin@jcink.com

*EDIT*: Looks like I spoke too soon. The attack still continues again. Please do not email me until I give the clear the attack is fully over.

*EDIT 2*: Ok, things appear to be fine now. Attack seems over and blocked for the moment.

Apologies for any inconveniences,

Jcink

View forum post | 20 Comments »

Comments

  1. chakka Says:
    Aug 9 2009, 03:08 PM

    This comes days after the mass Twitter/Facebook DDOS attacks I wonder if they're connected...

    (j/k )

    Glad to see its fixed atm thought this might be going on :/

  2. Jcink Says:
    Aug 9 2009, 03:21 PM

    Yes, they are basically targetting us with something that isn't being fully filtered right by our firewalls. But I can tell when it's happening and I see what they'e doing, I'm going to have to come up with some sort of script to attempt to automate this process.

  3. MisterKalas Says:
    Aug 9 2009, 05:27 PM

    Just thankful this issue is fixed.

    Would it be better to install an effective anti-DDoS protection software for the server?

    BlockDoS.net - Detects and blocks attacks in real time

  4. Jcink Says:
    Aug 9 2009, 05:35 PM

    Services like that are viable but only in major emergencies... and even then... the problem is that they run up a cost of thousands of dollars a month so it's not something we can use.

    Pretty much their protection and services similar "block" this by just throwing lots of hardware and bandwidth at it; that's easy... but it'll cost you a pretty penny. This problem as I've said before is not really the type you can "fix" permanently, you can only take it as it comes / throw more money at it.

    We have our own hardware firewall but I don't know why it's not picking this kind of attack up. It's picking up around half of their crapstorm. I think all I need to do is tweak the ruleset a little and this should be a non issue. It's a fairly low level attack that's easy to block by me just checking the situation out and blocking the IPs individually.

    Which is good because it means there's some sort of pattern for me to look for to automate this.

  5. MisterKalas Says:
    Aug 9 2009, 05:54 PM

    QUOTE We have our own hardware firewall but I don't know why it's not picking this kind of attack up. It's picking up around half of their crapstorm.

    Probably the firewall or its policies need to be updated to the current version, to block off future hack attempts.

  6. Jcink Says:
    Aug 9 2009, 06:59 PM

    not quite... all my software is kept up to date... it's just something difficult to filter directly every time.

  7. nr.tc Says:
    Aug 9 2009, 07:35 PM

    Who'd wanna attack a website like this? It's not like it's caused any harm to anybody... Google I could understand=p

  8. Jcink Says:
    Aug 9 2009, 07:40 PM

    Remember that it's not necessarily directed at jcink.com itself, rather, probably somebody who has a forum with us and they have enemies.

  9. T3rminator Says:
    Aug 9 2009, 08:32 PM

    jcink there is a saying that "Locks where ment to be broken into", there will always be people out there trying to hack or destroy our servers, these people are losers and should get alife for trying to destroy someones work. Thanks for all your hard work jcink for fixing this problem, i know alot of other admins who think there too busy for most stuff, which is bull****, and your the most dedicated person i know!

  10. Sandy Says:
    Aug 10 2009, 08:43 PM

    Thanks for keeping us informed and being on top of things.

    ~Sandy

  11. Miku Says:
    Aug 15 2009, 03:22 PM

    - DDOS, If it was targeted in specific forums then the only objectives can be Political forums. I will see what I can do from my Server Admin end, to help you with filtering of the DDOS.

  12. MegaMaster Says:
    Aug 22 2009, 08:53 PM

    If this attacks the site will it attack all our sites made. Do they have to try to hack you to hack our sites?

  13. posiden5665 Says:
    Aug 22 2009, 11:06 PM

    There isn't any "hacking" going on here.....

  14. Pandemikk Says:
    Aug 23 2009, 02:43 AM

    Lol @ Megamaster.

    A DDOS is usually just way of slowing servers downs to limit or completely stop all incoming/outgoing traffic. I wouldn't worry about it if I were you, as jcink already said he blocked out the offending IP's and the people doing it were probably script kiddies using LOIC or something lol.

  15. Jcink Says:
    Aug 23 2009, 04:15 PM

    Be nice, some people do not understand the concept of DDoS vs. Hacking.

    In laymen terms, DDoS simply means using multiple computer systems to send hits to a website. Servers can only hold so many connections, think of each connection as a little pinhole. The goal is simply to flood those holes so nobody else can get their legitimate request through.

    It's not "hacking" - they're not trying to get access to the files or delete information. No damage is ever taken during a DDoS, it creates a temporary annoyance, and that's pretty much it.

  16. Bryan Says:
    Aug 24 2009, 12:28 AM

    People need to get a life

  17. Taylor W Says:
    Aug 24 2009, 01:04 AM

    QUOTE (Bryan @ August 23, 2009 10:28 pm) People need to get a life

    Yes. Unfortunately that is a perfectly fair assessment.

  18. Mr. Stosh Says:
    Aug 24 2009, 09:14 PM

    QUOTE (Taylor W @ August 24, 2009 12:04 am) QUOTE (Bryan @ August 23, 2009 10:28 pm) People need to get a life

    Yes. Unfortunately that is a perfectly fair assessment.

    QFT.

  19. MisterKalas Says:
    Aug 27 2009, 07:47 PM

    QUOTE (Pandemikk @ August 23, 2009 02:43 am) Lol @ Megamaster.

    A DDOS is usually just way of slowing servers downs to limit or completely stop all incoming/outgoing traffic. I wouldn't worry about it if I were you, as jcink already said he blocked out the offending IP's and the people doing it were probably script kiddies using LOIC or something lol.

    Right on, that pretty much sums it up about DDoS. I wish firewalls have a solution to trace an attack back to its source.

    Hacking is another kind of attack where a hacker exploits a vulnerability found in a website, software, operating system, etc. This kind of attack doesn't necessarily have to do with internet traffic but it ruins and destroy software and files.

  20. Jcink Says:
    Aug 28 2009, 02:53 AM

    QUOTE I wish firewalls have a solution to trace an attack back to its source.

    It's impossible. The only way to trace a real DDoS attack is to identify a few IPs and start phoning ISPs. Then, the customer(s) whos computers are compromised need to be reached as well and have to be willing to conduct some investigation with you to figure it out, since it's their computer, who is connected back to the command and control center running the show.

    A big mess. And when you're dealing with IP addresses from 3rd world countries, you can just forget about that whole process... they could absolutely care less... even in the US, such a process is difficult. Only thing to do is start blocking.