Another DDoS attack on the site, Just in time for the new year Options

[SirAndy]

@SirAndy
What is the purpose of a DDoS attack on a site like this?
Looks like work with no gain to me.
Why is it worth their time to jack up a niche site?

My guess is they are probably doing a test run for some major attack on some valuable targets.
These are quite literally distributed attacks from thousands of hacked computers all around the world.

They're probably doing these tests to make sure they still have control over those computers before launching the real attack.
(IMG:style_emoticons/default/dry.gif)

[emerygt350]

With all the hacker issues 914world has had over the years, I've often wondered why it's still "not secure" like it won't load as https:, and says not secure in my browser. -no ssl certificate.

I'm not sure if that would help this specific kind of attack.

One thing it does cause that seems odd is when Chrome browser puts it up on the homepage of frequently viewed sites, it won't click through because it defaults to https and https://www.914world.com oddly doesn't go to the site - it doesn't even redirect.

HTTPS does not make the site any more "secure", all it means is that the data is encrypted on the way from the site to your computer.

And since we're not dealing with sensitive information, unlike your bank for example, i don't see any reason to pay for a SSL certificate.

It literally does *nothing* to make the site less vulnerable to any of these attacks.
(IMG:style_emoticons/default/shades.gif)

My college got hit yesterday and this morning as well. They ended up blocking several countries in order to stop it.

After 24 years I finally updated my servers to ssl last week, solely because many browsers do their best to not allow you to see old http no matter how non-sensitive the content. I get free certificates from the EFF and use the certbot to update the ssl certs automatically. I was surprised at how easy it all was. Pretty much four lines of instructions and that was done. This was on linux and apache2.

As far as the bad guys... I use a perl script to watch requests in the auth_log and when I cared the access.log for apache2. Somebody asks for something stupid I would block them from all ports in iptables. I don't really care about idiots on the webserver so I don't bother with it now but if they try to log in on ssh I block them from everything.

Even that won't protect you from ddos of course but at least it makes me feel good. I free them after a few days to keep the iptables sane.

[technicalninja]

Thank you for the reply.

Also THANK YOU for being our defense!

Seems silly IMO to target such a site as 914world.

Like mugging an 85-year-old woman!

[ClayPerrine]

With all the hacker issues 914world has had over the years, I've often wondered why it's still "not secure" like it won't load as https:, and says not secure in my browser. -no ssl certificate.

I'm not sure if that would help this specific kind of attack.

One thing it does cause that seems odd is when Chrome browser puts it up on the homepage of frequently viewed sites, it won't click through because it defaults to https and https://www.914world.com oddly doesn't go to the site - it doesn't even redirect.

HTTPS does not make the site any more "secure", all it means is that the data is encrypted on the way from the site to your computer.

And since we're not dealing with sensitive information, unlike your bank for example, i don't see any reason to pay for a SSL certificate.

It literally does *nothing* to make the site less vulnerable to any of these attacks.
(IMG:style_emoticons/default/shades.gif)

My college got hit yesterday and this morning as well. They ended up blocking several countries in order to stop it.

After 24 years I finally updated my servers to ssl last week, solely because many browsers do their best to not allow you to see old http no matter how non-sensitive the content. I get free certificates from the EFF and use the certbot to update the ssl automatically. I was surprised at how easy it all was. Pretty much four lines of instructions and that was done. This was on linux and apache2.

As far as the bad guys... I use a perl script to watch requests in the auth_log and when I cared the access.log for apache2. Somebody asks for something stupid I would block them from all ports in iptables. I don't really care about idiots on the webserver so I don't bother with it now but if they try to log in on ssh I block them from everything.

Even that won't protect you from ddos of course but at least it makes me feel good. I free them after a few days to keep the iptables sane.

I actually prefer to firewall off the outside world, only allowing HTTP and HTTPS to the server. Then forcibly redirect the HTTP to HTTPS. Any SSH access comes in from the internal network.

[SirAndy]

... Somebody asks for something stupid I would block them from all ports in iptables ...

The problem with the IP based approach is that they have hundreds of thousands of different computers at their disposal. Each one having a different source IP. And that's before taking IP spoofing into account.

For example, last nights attack came from about 280,000 unique IPs.
Not sure your iptable would be able to handle that.

I've given up on IP based rejection or filtering a long time ago and moved on to other measures.

The one last night did catch me by surprise though as they have been changing their tactics lately.
(IMG:style_emoticons/default/shades.gif)

[Shivers]

... Somebody asks for something stupid I would block them from all ports in iptables ...

The problem with the IP based approach is that they have hundreds of thousands of different computers at their disposal. Each one having a different source IP. And that's before taking IP spoofing into account.

For example, last nights attack came from about 280,000 unique IPs.
Not sure your iptable would be able to handle that.

I've given up on IP based rejection or filtering a long time ago and moved on to other measures.

The one last night did catch me by surprise though as they have been changing their tactics lately.
(IMG:style_emoticons/default/shades.gif)

This may be a silly question Andy, but why would they do this to you? Because they can?

[SirAndy]

This may be a silly question Andy, but why would they do this to you? Because they can?

Answered above:
http://www.914world.com/bbs2/index.php?s=&...t&p=3191875
(IMG:style_emoticons/default/bye1.gif)

[ClayPerrine]

Keeping hackers, spammers and script kiddies out of any IT system is like playing whack-a-mole. You legally cannot attack. All you can do is play defense and kill their attack when it pops up. If the government would allow us to make retaliatory attacks and actually go after them on their home systems without us get prosecuted, it would deter the hackers from a lot of their attacks.

But we are the good guys, so we can't.

[technicalninja]

Keeping hackers, spammers and script kiddies out of any IT system is like playing whack-a-mole. You legally cannot attack. All you can do is play defense and kill their attack when it pops up. If the government would allow us to make retaliatory attacks and actually go after them on their home systems without us get prosecuted, it would deter the hackers from a lot of their attacks.

But we are the good guys, so we can't.

This is disturbing...

The internet COULD be more secure if it was "fair".

This is something that should be looked into.

In a modern country the weakest link IS the Internet.

Take it out and chaos would result.

It SHOULD have oversite from an organization that can use ANYTHING to promote stability.

Setting up that organization might be difficult.

[SirAndy]

The internet COULD be more secure if it was "fair".

LoL and who would you trust to decide what "fair" means?

Hitting them back isn't an easy task by any means.
The days of script kiddies doing this in their parents basements are long gone.
Today, these attacks are run by organized crime and governments (sometimes one and the same).

And just to reiterate my point above, the computers these attacks come from belong to ordinary people who have no clue their computer/device is even hacked.

So you can't go after the individual sources of the attacks. You have to find who is controlling them. And that part is exceedingly difficult.
(IMG:style_emoticons/default/shades.gif)

[SirAndy]

And they are back ...
(IMG:style_emoticons/default/ar15.gif)

[emerygt350]

Yeah, ip level is tough. At one point I was blocking whole blocks. I can't keep ssh internal only but having 23 and 443 as the only ports help.

I remember back in the past century trying stuff like sending back Christmas tree scans on attacking ips but nowadays there is nobody home to care if your prey is trying to fight back. What are you going to do? Crack 250000 computers?

[ClayPerrine]

Yeah, ip level is tough. At one point I was blocking whole blocks. I can't keep ssh internal only but having 23 and 443 as the only ports help.

I remember back in the past century trying stuff like sending back Christmas tree scans on attacking ips but nowadays there is nobody home to care if your prey is trying to fight back. What are you going to do? Crack 250000 computers?

The trick would be taking over one of the attacking machines and using that to find the control computer. Then go after it.

[JamesM]

This is disturbing...

The internet COULD be more secure if it was "fair".

This is something that should be looked into.

In a modern country the weakest link IS the Internet.

Take it out and chaos would result.

It SHOULD have oversite from an organization that can use ANYTHING to promote stability.

Setting up that organization might be difficult.

What is your favorite flavor of kool-aid? Hopefully the one you have been getting served.

Seriously though as someone who has spent the last 30 years in tech including for major internet and streaming providers, what you are bringing up is money driven politics. Unfortunately though, from a technical standpoint, giving huge monopolistic companies the ability to throttle traffic of their competitors would do very little to increase anyone's site security no matter how much Fox News and Newsmax say otherwise.

[SirAndy]

We're still being attacked ...
(IMG:style_emoticons/default/sad.gif)

I'm going to take the site offline for a while and try something that hopefully will solve some of our crashing issues.

Fingers crossed i won't break anything.
(IMG:style_emoticons/default/popcorn[1].gif)

[SirAndy]

We're still being attacked ...
(IMG:style_emoticons/default/sad.gif)

I'm going to take the site offline for a while and try something that hopefully will solve some of our crashing issues.

Fingers crossed i won't break anything.
(IMG:style_emoticons/default/popcorn[1].gif)

Anyone having any weird issues with the site?
(IMG:style_emoticons/default/idea.gif)

Seems to be working OK for now.
(IMG:style_emoticons/default/chowtime.gif)

[windforfun]

@SirAndy
What is the purpose of a DDoS attack on a site like this?
Looks like work with no gain to me.
Why is it worth their time to jack up a niche site?

My guess is they are probably doing a test run for some major attack on some valuable targets.
These are quite literally distributed attacks from thousands of hacked computers all around the world.

They're probably doing these tests to make sure they still have control over those computers before launching the real attack.
(IMG:style_emoticons/default/dry.gif)

Is my PC going to get hijacked?

(IMG:style_emoticons/default/dry.gif) (IMG:style_emoticons/default/dry.gif) (IMG:style_emoticons/default/dry.gif)

[SirAndy]

Is my PC going to get hijacked?

(IMG:style_emoticons/default/confused24.gif)

[mgp4591]

If that's what needs to be done, shut er down for a bit. Any idea when or how long? It's not a big deal so whenever you need to.
Thanks for keeping us as safe as you can! (IMG:style_emoticons/default/beerchug.gif)

[SirAndy]

If that's what needs to be done, shut er down for a bit. Any idea when or how long? It's not a big deal so whenever you need to.
Thanks for keeping us as safe as you can! (IMG:style_emoticons/default/beerchug.gif)

Already done ... (IMG:style_emoticons/default/biggrin.gif)
Waiting for the next attack to see if it makes a difference.

I think i'm going to pour myself some medicinal Jägermeister.
(IMG:style_emoticons/default/beer3.gif)