Distributed Denial of Service attack

[Steve St.Laurent]

It's been a loooooooooong day. First we get hacked into and the front page changed. We found that within 4 minutes of it being done and took the site off line. We contacted our security consultant and between the two of us we had the hole plugged and the server wrapped up tighter than a drum and back online within an hour and a half. Well, that didn't make the hacker very happy so he's decided to attack us with a distributed denial of service attack. Let me tell you - that is a nightmare. There's really nothing that can be done to stop it short of appeasing the individual doing the attack or manually blocking out every IP address that the attacks are coming from (which we are starting to do) - which are quite LITERALLY all over the world. I took the site offline again tonight for a little while and tried contacting the hacker involved through the email address he gave in his original message to tell him he won and that we give up. He seems to have stopped the attack for now and we hope it stays that way. Some of the best sites and security experts have been hit by DDoS attacks. vBulletin.com which is the home site for the software we run was taken off line for a month by a DDoS attack. We'll keep doing our best to keep the site up!



-Steve St. Laurent

Webmaster

 

[Chipstien]

Great work Steve. Hackers are a pain in the ***

 

[csevers]

Why is it that some people have to be total A holes?? I don't see any reason for people to hack in to stuff. These people could be doing productive jobs somewhere but they chose to be dumb and F up things for others just to make them selfs feel better or for laughs. It just doesn't make any sense.



Craig

 

[Rman]

there's tons of reason to ask why... but no real answer. I used to hack stuff because I was bored. I never shut stuff down and sent the world for a loop... I just wanted to see if I could do it, I just looked at things I shouldn't have been... never had the guts to do anything though, too much to risk losing, for well nothing. I grew out of it I guess and now piddle with it to stay on top of things. Things have changed so much since I used to hack BBS's before there was a real "internet" Thanks to al gore though we're all here now.



Good job Steve, you've really kicked this in the butt and taken care of things.

 

[TORQUE THIS]

Steve, is there anything we should look out for?? I am on the site quite a bit during the day.



If you know who it is, can there be any legal action taken???

 

[BarryG]

Steve:

Good job getting it squared away as best and quickly as possible. We got hit at work early last year and it literally cost us 25k to repair the damage and to try to keep from happening again. So far it has been successful. Seems no matter how tight you make it they can still get in if determined too. When we got hit the secret service paid us a visit and wouldn't even let us fix the machines until they looked at them as it was at the time an unkown way of hacking. What a pita and tremendous waste of resources.

 

[Steve St.Laurent]

Now that I've gotten some sleep I can give you guys some more information. If you wish to read up on distributed denial of service attacks you can read a BUNCH of info here - http://www.grc.com/dos/drdos.htm . After spending all night digging through log files and researching this problem I want to crawl into a hole and pull a blanket over my head - it's a scary world out there. Last night when I shut the site down there were 28 pc's from all over the world hitting us with 240 simultaneous requests. Apache by design can only handle 256 simultaneous requests so once you get to that point you are shut down to further traffic. When I would boot those machines we would get hit by others. These machines were literally coming from around the world (Germany and Japan were a couple of them). We have a throttle set on our connection at twice what our normal peak volume is and we were hitting that throttle for a several hours last night while I was battling this. Fortunately we have that throttle in place or the financial costs would have gone up from what they already are.



The sad news is that there are a number of attacks that can be and are regularly done that can bring a site to its knees and there isn't much that can be done about it until after the fact with a LOT of work and if the hacker wishes he can just switch to another and hit you immediately again. I wish there was better news but there isn't any - any web site on the net is vulnerable to this type of attack and all you can do is react to it after the fact and if they really want to keep you down they can. Until the entire protocol of the internet is changed there doesn't look like there is going to be anything that can be done about this.



-Steve

 

[Gary - K7GLD]

So, whoever it was was SPECIFICALLY targeting THIS site - or was this just one of a number being attacked simultaneaosly?

 

[Steve St.Laurent]

Oh no, they were specifically targeting this site. First he hacked into our MySQL server and changed the front page. Then when I shut him out from doing that he start up the DDoS attack.

 

[Bill Lins]

Don't suppose you could give us his name & address, could you?

 

[Gary - K7GLD]

Sure sounds to me like someone with a grudge - or something to "prove" - certainly nothing to be gained financially or "fame"wise - why risk it on a site like this unless there was something it it for them at some personal level...



Sorta narrows it down to someone with a better than average computer/board skills that has reason to feel disgruntled over something...

 

[ToolManTimTaylor]

Would it help?

Steve, I run an anti-mining / anti data gaterhing and control software ... commonly known programs such as Ad_aware and such. Could we as members be more dilligent in running this so that our very own member's pc's can't succumb to such control attacks?



For those who use widows and other MS products keep visiting Windows update (As I do daily) and get the latest software patches and fixes to combat theese sort of things.

 

[SMorneau]

Death would be a suitable penalty for these people. Anti virus software is a huge industry and that is only the tip of the iceberg ... couldn't that money be used for bombing instead? Death would certainly cure the boredom.

 

[DJW]

Of Hackers, I Firmly Believe in the Death Penalty, Legal or Passably so, sadly the Law Courts exist to Protect the Guilty, the Victim is the Neglected Involuntary Participant. Scrum Down

 

[Joseph Donnelly]

If we had his email address, 18,000 TDR members could send him an email every few minutes.