07/23/2020 DDOS attack on forum & fix - do you notice any complications?

Status
Not open for further replies.

neptronix

Administrator
Staff member
Joined
Jun 15, 2010
Messages
17,523
Location
Utah, USA
Hey all. The forum got hit by a pretty nicely designed DDOS last night. I went through and analyzed the traffic pattern and added some extra server rules which are quite restrictive.

Do let me know if you have issues viewing and using the forum as a result. More particularly if images aren't loading, etc.
 
I was browsing the forum at the time it happened. Didn’t know what the deal was, but it was obvious that something broke. I wonder what was the point?
 
People who want what ever they are selling to come up higher on the search engines will post links on forums. Search engines use spider robots. When these spiders see links to a certain product or web site, they rank them higher because they think people are linking to them.

Example - Check out the new sheets I bought from https://www.jcpenney.com/ I looked around on the internet and they seemed to have the lowest price and I can save on shipping by picking up at the store. Got a pink extra long sheet to put on the couch. Protect your couches and they will last longer. How will these sheets hold up? Only time will tell.

When a search engine spider reads the above text is might surmise that JCPenney is a good place to look for sheets, extra long sheets, and pink sheets. When people search for these items on the internet, JCPenney should come up higher on the first page.

I would guess that the intention of the DDOS creators is to plant robots in the server. These robots will post links to whatever they are selling. Or whoever they are trying to get elected. I might be wrong about this?

Some of the members here seem like computer chat robot trolls with artificial intelligence, programed to alter the US election or sell bedding for JCPenney?
 
i noticed i could not get into the sphere last night. pics from es would come up on google but i couldnt get to the forum
 
Balmorhea said:
I was browsing the forum at the time it happened. Didn’t know what the deal was, but it was obvious that something broke. I wonder what was the point?

They wanted to take the server down by overloading the database with SQL injections that caused expensive queries to run. It was only partially effective. I don't know why we were targeted.

Of all my server administration clients, ES has been attacked the most and required the most attention. Possibly by someone who was banned or does not like the owner, ebikes, etc. Who knows.

marty said:
I would guess that the intention of the DDOS creators is to plant robots in the server. These robots will post links to whatever they are selling. Or whoever they are trying to get elected. I might be wrong about this?

No, and that would be really, really, really hard to do. There are easier ways to set up spambots with legitimate user accounts. And our moderation team gets to deal with that fun part of things..
 
neptronix said:
Possibly by someone who was banned or does not like the owner,

I got 20$ says it was Eric.

No hijack, no spam, just petty annoyance. This is Erick Hicks of Lunacycle in a nutshell.

Well, you all let him get away with criminal acts in the past, so I guess you folks are just OK with it?
 
I can't say I've seen a glitch beyond my unreliable local connection.

neptronix said:
Of all my server administration clients, ES has been attacked the most and required the most attention. Possibly by someone who was banned or does not like the owner, ebikes, etc. Who knows.

Any pattern of what's been getting posted at the time? Like a poster suddenly gets angry?

AngryBob said:
Well, you all let him get away with criminal acts in the past, so I guess you folks are just OK with it?

But you think he would attack the board that way but not register and try to degrade topics? The programming can be fixed, but if he could run everyone off that would achieve the apparent goal. I think a more motivated attacker thinks like Neps.
 
Oh, he's Motivated, he's just not very bright. Does have money to spend, though.

I haven't noticed any of his fake accounts or paid shills being active lately, have you? He would certainly find that deeply frustrating if his mouthpieces were muzzled.

A DDOS attack is not an attempt to hack in, just to shut down the site. Could be random, of course, but if ES was specifically targeted, who else makes a better suspect?

Any IP address locations obtained, like in California, perhaps?
 
AngryBob said:
Well, you all let him get away with criminal acts in the past, so I guess you folks are just OK with it?

Please save your conspiracy theories and accusations of inaction for another thread.

I just want to know if the site is functioning the same for you guys after i have patched against this type of attack, because it could have affected those who use it, and your experience of ES is extremely important to me.

Unlike many years ago, we have regular redundant backups, we have a ridiculously locked down backend, and we have two systems administrators available to respond to issues like this. Our downtime is a fraction of what it used to be, but there will always be oddball events like this. We'll be ok!

Identifying a suspect is a lot less important than patching against attacks so that they never happen again.
 
Dauntless said:
Any pattern of what's been getting posted at the time? Like a poster suddenly gets angry?

That's extremely time consuming and not worth looking into because taking action to remedy and prevent a future attack is 100x faster than going on a witch hunt. The results of a witch hunt need to result in legal action which is expensive in both time and financial resources, both of which we don't have. Prosecuting a hacker doesn't make us any more secure against a future one.

Most of the time an attacker is a bot that's indiscriminately attacking the web at large, trying to gain access to systems that aren't adequately secured. As a linux systems administrator, i see server logs so full of this type of this low effort script kiddie shit every day. Your disk will fill up with these logs if you don't use log rotation, lol. The second you expose an IP address to the internet, someone is trying to hack it, and that's just a fact of how this game of cat and mouse is.

If someone was actually persistent and clever in attacking us, i'd take notice and investigate into who is doing it. But i have never seen anything serious enough to give a shit about who is behind it.
 
Eric has doxxed at least two people on this website. Ask Ypedal, Methods, or Marty. Or I could send you the screenshot.

$1000 Cash offered.

There was definite action taken to prevent prosecution. I can tell you who, and I can prove it.
 
AngryBob said:
There was definite action taken to prevent prosecution. I can tell you who, and I can prove it.

Your story is interesting to me for research purposes, I still fancy myself getting the chance to have a screenplay produced. But 'Named and Shamed' works mostly in the imagination of those who try to weaponize it. As Neps says, most likely more trouble than it's worth.

Mostly you have to make him feel he failed. Like with the trolls and the flying monkeys, you make them realize they gain nothing and therefore feel robbed of their adrenaline rush. The system runs fine, the bad guy is out there somewhere, crying 'Curses. Foiled again.'

I do find myself thinking of a low budgeter with a guy like you're describing as the villain. . . .
 
Okay, i got the information i needed. thanks.
 
Status
Not open for further replies.
Back
Top