DDoS attack
Feb 1 2008, 02:42 PMDowntime occurred from sometime around 11PM EST, to 2:00 PM EST.
The reason for this downtime was a Distributed Denial of Services on the network. This caused pages to load extremely slow, or become unavailable throughout that time.
I tried everything in my ability at the moment to fight off the attack but could not fend it off. Therefore, a new IP address was assigned to escape the attack, which so far is working, for now.
As always, please re-point your domains if you have any on the server to b1.jcink.com or s1.jcink.com
The new IP address is 67.81.111.171
Remember that IP changes can take up to 24 hours update for everyone. Usual wait time however is 5-15 minutes from time of update.
We're sorry for the inconvenience and we're working to resolve this a soon as possible.
-Jcink
Feb 1 2008, 02:44 PM
ah... that explains quite a bit
Feb 1 2008, 02:49 PM
Nice nice. When will the forums be up again?
Feb 1 2008, 02:50 PM
So that's what was going on...
If you have a board that has a URL of "http://_____.b1.jcink.com" should it be up again? Because mine still says "Failure To Connect to Web Server"
Feb 1 2008, 02:50 PM
All the forums are online and operational for me. If they aren't for you, wait for your domain name information on your ISP to update to the new IP address.
Feb 1 2008, 02:50 PM
oh ****..... thats not good you cant even really fight that or prevent it and it could just happen again
Feb 1 2008, 02:51 PM
OK thanks Jcink.
Feb 1 2008, 02:51 PM
QUOTE (posiden5665 @ February 01, 2008 02:50 pm) oh ****..... thats not good you cant even really fight that or prevent it and it could just happen again
You're right.
While we can't directly fight it, I do have two backup plans, though I will not reveal them publicly.
Feb 1 2008, 02:51 PM
oh now im curious XD
Feb 1 2008, 02:52 PM
Thanks Jcink
I can access all the forums fine by the way, so just wait a while and it should be fine.
Feb 1 2008, 02:53 PM
how about IRCs?
All forums are back though good job
Feb 1 2008, 02:54 PM
i dont think ircs are even on jcinks server so they would have been up even through the attack
Feb 1 2008, 02:55 PM
Got no idea about all this, but thanks Jcink
Feb 1 2008, 02:55 PM
V_V I thought the IRC was on jcink's server lol
Feb 1 2008, 02:55 PM
We do have an irc server on the official Live Chat network, irc.nightfire.net, which should work for everyone, but my server has been delinked from the 4 that power it. Still though, there should be no interruptions there. I can't regain connection so I'll need to wait until later.
Feb 1 2008, 02:55 PM
im almost sure that they arent but maybe they are
Feb 1 2008, 02:56 PM
weird mentioning the fact, that I cant get on the IRC via mIRC
Feb 1 2008, 02:57 PM
Maybe try direct: vader.ircnightfire.net
Feb 1 2008, 02:59 PM
thanks
Feb 1 2008, 03:24 PM
Hmmmm nobody should be directly connecting to a sepisific server use load balenced dns at irc.ircnightfire.net
Feb 1 2008, 03:24 PM
I was V_V... I tried that after dexer wouldnt load
Feb 1 2008, 03:25 PM
I told him to connect direct because the round robin still directs people to my server even when it's down. But now everyone can use the load balanced one since I had Matt take my system out.
Feb 1 2008, 03:26 PM
that was FFR
Feb 1 2008, 03:27 PM
one second *Hecter logs off otf the IRC to change to irc.nightfire.net
Feb 1 2008, 04:12 PM
I am glad to see that everything was up and running.. I wasn't sure what was happening, and kinda freaked out a little bit.. (I hadn't saved in a while) but yeah, I am glad that things are back up now.. *rushes off to save*
Feb 1 2008, 04:15 PM
lol so did I
Feb 1 2008, 04:16 PM
By the way -- by save I think you mean back up your forum right?
I just want to confirm and stress that this attack, like any denial of service attack is of absolutely no danger to the hardware. That means there is no risk at all of data loss.
It's the equivalent of suffocating someones face with a pillow and allowing them only to breathe for seconds at a time. Not going to kill them, but they're not gonna do well.
Feb 1 2008, 04:17 PM
yeah lol Im aware I just feel better if I have a back up
Feb 1 2008, 04:21 PM
QUOTE (Jcink @ February 01, 2008 05:16 pm) By the way -- by save I think you mean back up your forum right?
I just want to confirm and stress that this attack, like any denial of service attack is of absolutely no danger to the hardware. That means there is no risk at all of data loss.
It's the equivalent of suffocating someones face with a pillow and allowing them only to breathe for seconds at a time. Not going to kill them, but they're not gonna do well.
Yeah I do mean back up.. and yeah that is understandable, I thought that your hosting went down, and worse.. that your service went the way a few other's I've seen before: quickly, and without warning..
Feb 1 2008, 04:26 PM
So, what is it that prevents major websites from having this happen, is it because they have many servers to fall back on?
Feb 1 2008, 04:28 PM
I think thats the reason but Im not sureq
Feb 1 2008, 04:29 PM
I understand now.
Trust in me has greatly faltered now because of this, I'm sure, but I wanted to be honest with everyone with what was going on rather than hide it for reputations sake. I'm sure several sites will leave now using the backup feature, but there's not much I can do.
Hope everyone sticks around; I won't go down without a fight
Feb 1 2008, 04:30 PM
QUOTE (Jcink @ February 01, 2008 04:29 pm) I understand now.
Trust in me has greatly faltered now because of this, I'm sure, but I wanted to be honest with everyone with what was going on rather than hide it for reputations sake. I'm sure several sites will leave now using the backup feature, but there's not much I can do.
Hope everyone sticks around; I won't go down without a fight
I HAVE NO WHERE ELSE TO GO *crying*
Feb 1 2008, 04:31 PM
Any idea who the DDoSing lame asses were?
Feb 1 2008, 04:32 PM
No I do not. Also, they weren't attacking any specific site or anything, just the network itself.
However, if anyone does have any leads, please email admin@jcink.com
If someone threatened to attack anyone, I need to know, it'll put me one step closer to who is responsible.
Feb 1 2008, 04:33 PM
Anonymous knows.
Feb 1 2008, 04:35 PM
Seriously though, not a good sign. I thought this DDOS stuff was done with since it hasn't happened in a while.
Feb 1 2008, 04:35 PM
Nope, it's back, and way worse than before. This is entirely different than last year. It's been at least 10 months or more since the "DoS" was solved.
Feb 1 2008, 04:37 PM
QUOTE (Jcink @ February 01, 2008 04:35 pm) Nope, it's back, and way worse than before. This is entirely different than last year.
Is there anything you can do to stop it? I really don't know how it all works so I really don't know how major sites avoid this kind of thing. Like I said before I assume it's number of servers or something.
Feb 1 2008, 04:39 PM
QUOTE (TJ @ February 01, 2008 04:37 pm) QUOTE (Jcink @ February 01, 2008 04:35 pm) Nope, it's back, and way worse than before. This is entirely different than last year.
Is there anything you can do to stop it? I really don't know how it all works so I really don't know how major sites avoid this kind of thing. Like I said before I assume it's number of servers or something.
There are ways, but it still can be bypassed.
Feb 1 2008, 04:41 PM
They have lots and lots of money and throw more hardware and bandwidth at it. Or keep changing their IP and rerouting until everything stops. And even then you can still be screwed.
Like I said though, there are two plans I have in mind at the moment to try if things get worse. Not going to say them publicly.
Feb 1 2008, 04:41 PM
QUOTE (Jcink @ February 01, 2008 05:29 pm) I understand now.
Trust in me has greatly faltered now because of this, I'm sure, but I wanted to be honest with everyone with what was going on rather than hide it for reputations sake. I'm sure several sites will leave now using the backup feature, but there's not much I can do.
Hope everyone sticks around; I won't go down without a fight
I think it was the not knowing anything was what got to me, but I always thought in the back of my mind that things would be back up and running.. and that was when I starting thinking that this was downtime for server maintenance or something.. so I took a nap, and when I woke up it was back to normal..
but yeah, I won't speak for others, but my trust in you is the same as it was before, if not more.. and I am not going to leave just because of a little down time.. in fact, I think you'd become sick of me before I left this service..
Feb 1 2008, 04:42 PM
QUOTE (Black Angel @ February 01, 2008 04:41 pm)
Hope everyone sticks around; I won't go down without a fight
I think it was the not knowing anything was what got to me, but I always thought in the back of my mind that things would be back up and running
This has happened so many times before that I know exactly what has happened before I get here.
---Well hopefully you can get things in line. Unlike some people I don't have the resources to just pack up my forum and host it on my own server.
Feb 1 2008, 04:44 PM
QUOTE (Black Angel @ February 01, 2008 04:41 pm) QUOTE (Jcink @ February 01, 2008 05:29 pm) I understand now.
Trust in me has greatly faltered now because of this, I'm sure, but I wanted to be honest with everyone with what was going on rather than hide it for reputations sake. I'm sure several sites will leave now using the backup feature, but there's not much I can do.
Hope everyone sticks around; I won't go down without a fight
I think it was the not knowing anything was what got to me, but I always thought in the back of my mind that things would be back up and running.. and that was when I starting thinking that this was downtime for server maintenance or something.. so I took a nap, and when I woke up it was back to normal..
but yeah, I won't speak for others, but my trust in you is the same as it was before, if not more.. and I am not going to leave just because of a little down time.. in fact, I think you'd become sick of me before I left this service..
same here
I perfer jcink forums over hosting it myself
Feb 1 2008, 04:48 PM
Any time that I never post news in advance of server upgrades/hardware changes, there is a major problem. I can't monitor things 24/7, but I always try to post when I'm doing something, or if there's going to be downtime. Unless it's an emergency downtime, but that only happened once last year to sort out problems with RAM.
Feb 1 2008, 04:48 PM
This stuff happens, unluckily.
Hopefully this won't happen again any time soon.
Feb 1 2008, 04:51 PM
so is everything up and running ok now or not?
Feb 1 2008, 04:51 PM
QUOTE (Hecter @ February 01, 2008 05:44 pm) QUOTE (Black Angel @ February 01, 2008 04:41 pm) QUOTE (Jcink @ February 01, 2008 05:29 pm) I understand now.
Trust in me has greatly faltered now because of this, I'm sure, but I wanted to be honest with everyone with what was going on rather than hide it for reputations sake. I'm sure several sites will leave now using the backup feature, but there's not much I can do.
Hope everyone sticks around; I won't go down without a fight
I think it was the not knowing anything was what got to me, but I always thought in the back of my mind that things would be back up and running.. and that was when I starting thinking that this was downtime for server maintenance or something.. so I took a nap, and when I woke up it was back to normal..
but yeah, I won't speak for others, but my trust in you is the same as it was before, if not more.. and I am not going to leave just because of a little down time.. in fact, I think you'd become sick of me before I left this service..
same here
I perfer jcink forums over hosting it myself
Same here.. my brother has a friend who offered to host the forum we run together on his server since he is made of money or something (my brothers words not mine) and as slow as it was when it was running, we always experienced downtime between 10pm and 6am Sunday-Friday and 12am - 8am on Saturdays it turned out that the kid was turning the server off at night when he went to bed because his parents wouldnt let him keep it on overnight..
so yeah, I agree with you, and thanks again Jcink for resolving this, and for the explanation. I appreciate the fact that you told us what was up instead of trying to sugarcoat it..
Feb 1 2008, 04:54 PM
Also, this problem differentiates from last years because it's a distributed attack on the network.
Last years, I claimed it was a "DDOS" but that was misusing the term. It was really just a DoS, which is easy to do to any website really, especially when we didn't have the good hardware and setup that we have now for the server, and guarding tools that I custom made. They kept crashing the server itself again and again, not the network. Once that was solved, it has worked like a charm since. But...
A DoS is one, two, or three people, or a small group. A distributed one, like this case, is many. We have very good DoS defense now, but not DDoS. It's a bit difficult to protect from that without paying thousands of dollars. It's not coming from one or two IPs, but lots and lots of them.
However, I'll say one more time, I have two really good plans in mind to try if this keeps up. And I think they'll work.
Feb 1 2008, 04:55 PM
QUOTE (snowgoose @ February 01, 2008 04:51 pm) so is everything up and running ok now or not?
At the moment, everything is perfectly fine.
Feb 1 2008, 05:11 PM
i wanted to ask...has this altered forums in any way...cus on my forum...i noticed a few minor things have changed...
like i checked my CSS...and its all pushed together...it works..
but there is no spaces in between...now i need to go through it to make those spaces just because it easier when navigating through the CSS lol...
i make my own skins so i need it like that lol..
but also..it took the code you need for the post bit out for some reason..
Feb 1 2008, 05:20 PM
Nope. That's an unrelated issue. I would post for some support. It sounds like maybe someone clicked optimize CSS in your ACP.
If anything has changed within any of your boards or anything like that, this has nothing to do with it.
Feb 1 2008, 05:30 PM
ok thanks...i just find it odd my post bit has been taken away also...
put its minor like i siad...so no worries..fixed already
Feb 1 2008, 05:37 PM
i really want to figure these plans out XD cause like you said its multiple ips i was talking to web cave about it telling him you cant just ban an ip if you think its trying to attack you because its not going to be just one or two ips so i really have no clue how your going to do this without messing up all the ips of potential real members
i might have to bug you on msn for what your going to do XD
Feb 2 2008, 04:04 AM
QUOTE (posiden5665 @ February 01, 2008 05:37 pm) you cant just ban an ip if you think its trying to attack you because its not going to be just one or two ips so i really have no clue how your going to do this without messing up all the ips of potential real members.
That's correct. I will be doing nothing like that, don't worry, hitting random IPs in the dark won't solve it and I know it.
Feb 2 2008, 11:48 AM
If its a linux server the bottom half of this should be useful
http://www.linuxsecurity.com/content/view/121960/171/
Feb 2 2008, 12:05 PM
This attack was not threw the server it was a Network attack and those are very hard to fight off
Feb 2 2008, 12:07 PM
Ahh i see, well hopefully it will not happen in the future or any time soon i hope, was there a reason for the attack?
Feb 3 2008, 12:10 AM
We have found no reason for the attack at this time but there will be a extensive investigation to find out why and who did this attack and additional measures will be taken to prevent this in the future.
Feb 3 2008, 12:53 AM
So far all leads to Anonymous.
Feb 3 2008, 01:16 AM
I know you're joking around, but please don't say things like that. This is serious business.
Unless information comes from me or the staff on this issue, take it with a grain of salt.
On the issue, I may not seem like I've been here, but I've been watching things in the background. So far there have no attacks at all. Otherwise we would have gone down for sure. There is no one that I suspect did this in particular. We have no information, no recent threats against us or anyone else reported. Once again, if anyone does know anything, and especially if anyone threatened to DDoS someone recently on the services, please email me at admin@jcink.com
As far as preventing this in the future, as stated in the topic, it is difficult to prevent it altogether. There are however ways to limit the effectiveness of it as I've learned in research.
I did do a few minor things while further looking into this and they've been applied as of now. Though I don't know how effective they are (if at all).
My big plans, A and B, (my backup plans) have not been done. I do not know if they will even work. Plan A is an excellent one from what I understand, it will just require time to make it really strong & well done and I'll continue to research and get that setup for the future in case we get attacked. It's a solution used by several professional and large hosting companies, schools, as well as users at home. (Yes, believe it or not, if someone doesn't like you, they very well could DDoS your IP (which is what happened here) and render your internet useless or extremely slow. You don't need to be running hosting services to be a victim.)).
Then I can try it out and know that it works.
Plan B will probably cost a lot of money. That's last resort, and only to be used in bad situations if at all, so I won't go near that one.
Feb 3 2008, 06:24 AM
The .co.nr people went down for around a day because of a DDoS on the same day aswell. Anyways, glad everything is sorted now
Feb 7 2008, 04:02 PM
I think I did notice the downtime around the time this happened, but thought it was just regular maintenance downtime and didn't give it a second thought...
srs bsns indeed...
Feb 7 2008, 04:21 PM
Nah. Most of the maintenance I do, unless its an emergency, I happen to do it late at night (around 2am EST), and I inform people of it beforehand if its going to be fairly long (a 10 second server restart to install/change something I obviously don't post about). The last time we even had any maintenance was 90 days ago to install the new hard disk.
Also, as far as this issue, so far not a drip. Been a week with no DDoS attacks, so things are looking up, and there's time for me to setup solutions to break out if this issue happens again.
Feb 9 2008, 02:19 PM
not to sound like an idiot, whats DDoS stand for? I read this whole topic..thats pretty ridiculous
Feb 9 2008, 02:44 PM
http://en.wikipedia.org/wiki/Denial-of-ser...tributed_attack
Distributed Denial of Service.
Almost all websites are vulnerable to this. To put it easier, it's where one person has control of a large number of computers and sends bogus traffic to the site to try to flood it down.
Feb 9 2008, 11:35 PM
QUOTE (Jcink @ February 09, 2008 02:44 pm) http://en.wikipedia.org/wiki/Denial-of-ser...tributed_attack
Distributed Denial of Service.
Almost all websites are vulnerable to this. To put it easier, it's where one person has control of a large number of computers and sends bogus traffic to the site to try to flood it down.
Hmm, alright, so is that why I had around 15 guests on with the same IP except for 1 number at the end on at once 2 weeks ago? It was like..
182.662.191.2
182.662.191.3
181.662.191.4
181.662.191.5
181.662.191.6
It wasnt those IPs exactly but thats what it looked like...
Feb 10 2008, 01:14 AM
that's not a ddos. that's a bot scanning over your board, a searchbot really. you'll know if someone ddoses you... the server will be down, you wont be able to even see that page.
Feb 10 2008, 06:57 PM
Good thing its over
Mar 20 2008, 06:55 AM
Bad thing, its back
Mar 20 2008, 07:05 AM
yeah. Why would they even try??