914World.com - The largest online 914 community!

Another DDoS attack on the site, Just in time for the new year

SirAndy	Jan 2 2021, 12:04 PM Post #1
Resident German Group: Admin Posts: 42,388 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California	We were the target of yet another DDoS attack over the past few days. https://en.wikipedia.org/wiki/Denial-of-service_attack The attacker(s) managed to bring the server down by draining it of all resources. I've been working with our hosting company on a more permanent solution since this has become a somewhat frequent occurrence. (IMG:style_emoticons/default/dry.gif) Please let me know if there are any problems with the site, errors or other things not working properly. (IMG:style_emoticons/default/beerchug.gif)

Replies

nathanxnathan	Jan 3 2021, 01:56 AM Post #2
Member Group: Members Posts: 294 Joined: 16-February 18 From: Laguna Beach, CA Member No.: 21,899 Region Association: Southern California	With all the hacker issues 914world has had over the years, I've often wondered why it's still "not secure" like it won't load as https:, and says not secure in my browser. -no ssl certificate. I'm not sure if that would help this specific kind of attack. One thing it does cause that seems odd is when Chrome browser puts it up on the homepage of frequently viewed sites, it won't click through because it defaults to https and https://www.914world.com oddly doesn't go to the site - it doesn't even redirect.

SirAndy	Jan 3 2021, 02:17 AM Post #3
Resident German Group: Admin Posts: 42,388 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California	QUOTE(nathanxnathan @ Jan 2 2021, 11:56 PM) With all the hacker issues 914world has had over the years, I've often wondered why it's still "not secure" like it won't load as https:, and says not secure in my browser. -no ssl certificate. I'm not sure if that would help this specific kind of attack. One thing it does cause that seems odd is when Chrome browser puts it up on the homepage of frequently viewed sites, it won't click through because it defaults to https and https://www.914world.com oddly doesn't go to the site - it doesn't even redirect. HTTPS does not make the site any more "secure", all it means is that the data is encrypted on the way from the site to your computer. And since we're not dealing with sensitive information, unlike your bank for example, i don't see any reason to pay for a SSL certificate. It literally does nothing to make the site less vulnerable to any of these attacks. (IMG:style_emoticons/default/shades.gif)

emerygt350	Feb 14 2025, 12:08 PM Post #4
Advanced Member Group: Members Posts: 3,428 Joined: 20-July 21 From: Upstate, NY Member No.: 25,740 Region Association: North East States	QUOTE(SirAndy @ Jan 3 2021, 03:17 AM) QUOTE(nathanxnathan @ Jan 2 2021, 11:56 PM) With all the hacker issues 914world has had over the years, I've often wondered why it's still "not secure" like it won't load as https:, and says not secure in my browser. -no ssl certificate. I'm not sure if that would help this specific kind of attack. One thing it does cause that seems odd is when Chrome browser puts it up on the homepage of frequently viewed sites, it won't click through because it defaults to https and https://www.914world.com oddly doesn't go to the site - it doesn't even redirect. HTTPS does not make the site any more "secure", all it means is that the data is encrypted on the way from the site to your computer. And since we're not dealing with sensitive information, unlike your bank for example, i don't see any reason to pay for a SSL certificate. It literally does nothing to make the site less vulnerable to any of these attacks. (IMG:style_emoticons/default/shades.gif) My college got hit yesterday and this morning as well. They ended up blocking several countries in order to stop it. After 24 years I finally updated my servers to ssl last week, solely because many browsers do their best to not allow you to see old http no matter how non-sensitive the content. I get free certificates from the EFF and use the certbot to update the ssl certs automatically. I was surprised at how easy it all was. Pretty much four lines of instructions and that was done. This was on linux and apache2. As far as the bad guys... I use a perl script to watch requests in the auth_log and when I cared the access.log for apache2. Somebody asks for something stupid I would block them from all ports in iptables. I don't really care about idiots on the webserver so I don't bother with it now but if they try to log in on ssh I block them from everything. Even that won't protect you from ddos of course but at least it makes me feel good. I free them after a few days to keep the iptables sane.

SirAndy	Feb 14 2025, 12:17 PM Post #5
Resident German Group: Admin Posts: 42,388 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California	QUOTE(emerygt350 @ Feb 14 2025, 10:08 AM) ... Somebody asks for something stupid I would block them from all ports in iptables ... The problem with the IP based approach is that they have hundreds of thousands of different computers at their disposal. Each one having a different source IP. And that's before taking IP spoofing into account. For example, last nights attack came from about 280,000 unique IPs. Not sure your iptable would be able to handle that. I've given up on IP based rejection or filtering a long time ago and moved on to other measures. The one last night did catch me by surprise though as they have been changing their tactics lately. (IMG:style_emoticons/default/shades.gif)

Shivers	Feb 14 2025, 12:20 PM Post #6
Senior Member Group: Members Posts: 3,215 Joined: 19-October 20 From: La Quinta, CA Member No.: 24,781 Region Association: Southern California	QUOTE(SirAndy @ Feb 14 2025, 10:17 AM) QUOTE(emerygt350 @ Feb 14 2025, 10:08 AM) ... Somebody asks for something stupid I would block them from all ports in iptables ... The problem with the IP based approach is that they have hundreds of thousands of different computers at their disposal. Each one having a different source IP. And that's before taking IP spoofing into account. For example, last nights attack came from about 280,000 unique IPs. Not sure your iptable would be able to handle that. I've given up on IP based rejection or filtering a long time ago and moved on to other measures. The one last night did catch me by surprise though as they have been changing their tactics lately. (IMG:style_emoticons/default/shades.gif) This may be a silly question Andy, but why would they do this to you? Because they can?

SirAndy	Feb 14 2025, 12:22 PM Post #7
Resident German Group: Admin Posts: 42,388 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California	QUOTE(Shivers @ Feb 14 2025, 10:20 AM) This may be a silly question Andy, but why would they do this to you? Because they can? Answered above: http://www.914world.com/bbs2/index.php?s=&...t&p=3191875 (IMG:style_emoticons/default/bye1.gif)

Posts in this topic

SirAndy Another DDoS attack on the site Jan 2 2021, 12:04 PM

iankarr Apparenty the russians are interested in whether a... Jan 2 2021, 12:08 PM

914_7T3 Apparenty the russians are interested in whether ... Jan 2 2021, 01:04 PM

JeffBowlsby You are the best Andy. Thanks for all you do. Jan 2 2021, 12:15 PM

SKL1 Wondered why it wouldn't load for a day or so.... Jan 2 2021, 12:22 PM

MM1 Thank you, Andy. Life is less enjoyable when 914W... Jan 2 2021, 12:24 PM

Unobtanium-inc I just want to know when I'm getting my 1,000,... Jan 2 2021, 12:26 PM

MM1 I just want to know when I'm getting my 1,000... Jan 2 2021, 12:29 PM

Superhawk996 I just want to know when I'm getting my 1,00... Jan 2 2021, 12:38 PM

ndfrigi Thank you so much Andy! Have a blessed 2021... Jan 2 2021, 12:39 PM

bbrock Thanks Andy! When I couldn't access the s... Jan 2 2021, 12:40 PM

Amphicar770 Thank you Andy. I run the Amphicar forums and hav... Jan 2 2021, 12:44 PM

ValcoOscar Thank you Andy We appreciate EVERYTHING you do to... Jan 2 2021, 12:46 PM

MM1 Thank you Andy We appreciate EVERYTHING you do t... Jan 2 2021, 12:52 PM

andys Andy, Thank you for your effort and hard work to k... Jan 2 2021, 12:55 PM

914werke You are appreciated for all you do for us afflicte... Jan 2 2021, 12:58 PM

rhodyguy :toke: Jan 2 2021, 01:00 PM

Camaro Mike Yes, thank you for everything you do @SirAndy Jan 2 2021, 01:07 PM

Lucky9146 Thank you Andy for for all you do and have to do i... Jan 2 2021, 01:43 PM

Carbon-14 [url=https://eos.com/gallery/satellite-image-of-s... Jan 2 2021, 02:55 PM

Cairo94507 Thanks a bunch Andy. I knew you would be all over... Jan 2 2021, 02:59 PM

76-914 Those Fucher's changed your avatar Andy. Jan 2 2021, 03:34 PM

mgp4591 It was a rough couple of days without my usual fix... Jan 2 2021, 04:05 PM

SirAndy I hope they didn't get anything sensitive in t... Jan 2 2021, 04:14 PM

mgp4591 I hope they didn't get anything sensitive in ... Jan 2 2021, 10:56 PM

r_towle Thank you! @SirAndy Jan 2 2021, 10:08 PM

djway I'm just glad I was not the only one seeing th... Jan 2 2021, 11:17 PM

drem914 All the more reason we should be supporting the si... Jan 3 2021, 12:22 AM

VegasRacer Thanks for saving us, again, Sir Andy. :headbange... Jan 3 2021, 12:49 AM

wonkipop chinese? training their youth for cyber war on th... Jan 3 2021, 01:52 AM

nathanxnathan With all the hacker issues 914world has had over t... Jan 3 2021, 01:56 AM

SirAndy With all the hacker issues 914world has had over t... Jan 3 2021, 02:17 AM

emerygt350 [quote name='nathanxnathan' post='2879875' date='... Feb 14 2025, 12:08 PM

ClayPerrine [quote name='SirAndy' post='2879877' date='Jan 3 ... Feb 14 2025, 12:12 PM

SirAndy ... Somebody asks for something stupid I would blo... Feb 14 2025, 12:17 PM

Shivers ... Somebody asks for something stupid I would bl... Feb 14 2025, 12:20 PM

SirAndy This may be a silly question Andy, but why would t... Feb 14 2025, 12:22 PM

rgalla9146 Andy you are an essential worker. For all o... Jan 3 2021, 07:31 AM

SirAndy And here we are again, a distributed DDoS attack t... Feb 14 2025, 11:16 AM

SirAndy <_< Feb 14 2025, 11:19 AM

FlacaProductions Thanks for bringing it back..... Feb 14 2025, 11:21 AM

NARP74 If only we could monetize that DDoS! Feb 14 2025, 11:32 AM

technicalninja @SirAndy What is the purpose of a DDoS attack ... Feb 14 2025, 11:52 AM

ClayPerrine [b]@[url=http://www.914world.com/bbs2/index.php?s... Feb 14 2025, 11:55 AM

SirAndy [b]@[url=http://www.914world.com/bbs2/index.php?s... Feb 14 2025, 11:58 AM

windforfun [b]@[url=http://www.914world.com/bbs2/index.php?... Feb 15 2025, 06:58 PM

SirAndy Is my PC going to get hijacked? :confused: Feb 15 2025, 07:00 PM

SirAndy [quote name='technicalninja' post='3191870' date='... Mar 10 2025, 05:25 PM

NARP74 Jilted scammer, competition, evil people, fat fing... Feb 14 2025, 11:55 AM

technicalninja Thank you for the reply. Also THANK YOU for being... Feb 14 2025, 12:10 PM

ClayPerrine Keeping hackers, spammers and script kiddies out o... Feb 14 2025, 12:24 PM

technicalninja Keeping hackers, spammers and script kiddies out ... Feb 14 2025, 12:42 PM

SirAndy The internet COULD be more secure if it was ... Feb 14 2025, 12:46 PM

JamesM This is disturbing... The internet COULD be mor... Feb 15 2025, 02:45 PM

SirAndy And they are back ... :shoot2kill: Feb 14 2025, 01:12 PM

emerygt350 Yeah, ip level is tough. At one point I was block... Feb 14 2025, 03:26 PM

ClayPerrine Yeah, ip level is tough. At one point I was bloc... Feb 15 2025, 05:49 AM

SirAndy We're still being attacked ... :( I'm g... Feb 15 2025, 05:38 PM

SirAndy We're still being attacked ... :( I'm ... Feb 15 2025, 06:17 PM

mgp4591 If that's what needs to be done, shut er down ... Feb 15 2025, 07:10 PM

SirAndy If that's what needs to be done, shut er down... Feb 15 2025, 07:15 PM

windforfun If that's what needs to be done, shut er dow... Feb 15 2025, 07:20 PM

SirAndy So I suppose something like a VPN would be superfl... Feb 15 2025, 07:31 PM

SirAndy If that's what needs to be done, shut er dow... Feb 16 2025, 10:18 AM

worn [quote name='SirAndy' post='3192115' date='Feb 15... Feb 16 2025, 08:43 PM

SirAndy I suppose we could cut off the world server from t... Feb 16 2025, 08:50 PM

mgp4591 I suppose we could cut off the world server from ... Feb 17 2025, 12:09 AM

ClayPerrine [quote name='SirAndy' post='3192163' date='Feb 16... Feb 17 2025, 10:58 AM

windforfun What if they did? Feb 15 2025, 08:20 PM

SirAndy What if they did? You would have to make the ser... Feb 15 2025, 08:35 PM

Dion :beer2: Thanks SirAndy for keeping us alive! Feb 16 2025, 12:41 PM

Cairo94507 Thank you @SirAndy . :beer2: Feb 16 2025, 12:49 PM

Jeff_72 @SirAndy I have experience with mitigating DDOS a... Feb 17 2025, 11:44 AM

technicalninja [quote name='technicalninja' post='3191870' date=... Mar 10 2025, 05:38 PM

SirAndy Have the attacks on 914World diminished since the ... Mar 10 2025, 05:46 PM

mate914 Have the attacks on 914World diminished since the... Mar 10 2025, 06:41 PM

ClayPerrine Can we strike back? Joking... Any idea who? S... Mar 11 2025, 06:16 AM

mate914 Can we strike back? Joking... Any idea who? ... Mar 11 2025, 06:29 AM

SirAndy Happening again all day today. Everything is sloo... Apr 4 2025, 02:58 PM

bkrantz The world is full of rotten idiots. Andy, thanks ... Apr 4 2025, 07:29 PM

GBX0073 Andy Appreciate everything you do to keep us runn... Apr 5 2025, 10:18 AM

SirAndy Happening again for the last few days ... <_... Jun 6 2025, 09:49 AM

Root_Werks Shocking that some people have nothing else better... Jun 6 2025, 02:09 PM

SirAndy Here we go again ... <_< Oct 21 2025, 02:13 PM

Root_Werks Haven't noticed any issues a accessing anythin... Oct 22 2025, 02:48 PM

SirAndy And here we go again ... :huh: Dec 30 2025, 08:17 PM

sixnotfour :shoot2kill: :shoot2kill: Dec 30 2025, 09:16 PM

dtmehall must be a Mustang-e owner! :sawzall: Dec 30 2025, 09:32 PM

« Next Oldest · 914World Garage · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: