greg_r 81 Posted May 12, 2015 Not fun. We've been hit by this kinda attack several times and whilst there's stuff that can mitigate it to a degree, if they throw enough packets in your direction, all you can do is sit behind your firewall and wait it out. Hope it lets up soon, Joran! Share this post Link to post
Ruski91 1 Posted May 12, 2015 I just dont understand why people do this - what is the goal for this type of attack. What information are they trying to obtain by hacking a forum? Maybe i am asking a naive question as i am not that well educated in IT, but i just dont see the reasoning for this. Share this post Link to post
onzenuub 306 Posted May 12, 2015 Just admit it, it's the pornsites you are visiting. Share this post Link to post
greg_r 81 Posted May 12, 2015 I just dont understand why people do this - what is the goal for this type of attack. What information are they trying to obtain by hacking a forum? Maybe i am asking a naive question as i am not that well educated in IT, but i just dont see the reasoning for this. They aren't going to gain any information - it's not a 'hack' as such, just a brute force flood. All this will do is take the site down while the attack continues. Share this post Link to post
BadPickle 2,741 Posted May 12, 2015 I for one have no clue what any of this means, but it sounds like badass trouble for next door..... God luck Joran Share this post Link to post
DR3M3L 4 Posted May 12, 2015 And we're back - currently only acception connections trough Cloudflare in the firewall.. Enjoy! Share this post Link to post
Stuvetjee 17 Posted May 12, 2015 Looks like my IP banning system is up and running with good results... They are now being banned in about 10 seconds after they start spooling. However, due to the heavy attack I have set the BAN limits quite low, if you get a 503 error you are probably banned for 600 seconds. I'll raise the limits again when the attack is going away to make sure no non-attackers are banned again. Thanks all, looks like we can enjoy the dark side again. And a 521 error? :P Me blocking any incoming connections right now. You mean cockblocking right? I thought he sets all ports wide open for those? Joran is not amused with me today. Hang in there buddy. haahahaa Share this post Link to post
co-axial 0 Posted May 12, 2015 And we're back - currently only acception connections trough Cloudflare in the firewall.. Enjoy! Wizard! B) Share this post Link to post
Martycus 3 Posted May 12, 2015 Well, I am not sure if and when punishment for hacking makes sense, but honestly this is not ok. MAybe its North Korea and they are jeleous that there TDs are not being acknowlegeded! lol Without coming across as a sphincter, this isn't hacking, per se, but disrupting services by flooding a website with traffic. The initial DOS (denial of service) was thwarted then it looks like the person(s) went to DDOS (Distributed DOS) which is much harder to stop because how do you distinguish real intent from malicious? Share this post Link to post
Phil G 5 Posted May 12, 2015 I just dont understand why people do this - what is the goal for this type of attack. What information are they trying to obtain by hacking a forum? Maybe i am asking a naive question as i am not that well educated in IT, but i just dont see the reasoning for this. They aren't going to gain any information - it's not a 'hack' as such, just a brute force flood. All this will do is take the site down while the attack continues. We Shall Fight on the Beaches................................... Share this post Link to post
co-axial 0 Posted May 12, 2015 Please note that access with tapatalk is not possible atm Share this post Link to post
scorpion 0 Posted May 12, 2015 Joran you could try a squirt of this stuff............................oh wait best not as its only certified for use on RWG Share this post Link to post
GenTLe 1,501 Posted May 12, 2015 I shouldn't have said anything..... Boom, there we go, thousands of IP's are sending smaller packets.... We're down again, and will be for quite some time I'm afraid. Don't expect the site to be up in the next hour as I also need to drive home, will update later. Track the IPs... Do they come from CH? Mate, I have at work a couple of Fortigate 300B (clusterizables) unused now. May they be needed? If you really need them I can try to get them out of the company backdoor (we already replaced them with the 300D version). They were the wan main firewalls for the company I work for, doing qos, packet filtering, VPN terminator, content filtering etc etc Share this post Link to post
GenTLe 1,501 Posted May 12, 2015 I just dont understand why people do this - what is the goal for this type of attack. What information are they trying to obtain by hacking a forum? Maybe i am asking a naive question as i am not that well educated in IT, but i just dont see the reasoning for this. Showing muscles? For example to someone interested in buying such kind of attack to some more sensitive target? There is a big market for botnet clients in the deepweb... Share this post Link to post
GenTLe 1,501 Posted May 12, 2015 I for one have no clue what any of this means, but it sounds like badass trouble for next door..... God luck Joran It is like when someone start to throw watches at you. Until they are like 1 every 3 seconds it's ok and you are happy to get new watches. When they throw you hundreds watches per seconds you get covered by them and stop "functioning". It is the same here but with tcp/ip packets Share this post Link to post
retrospex 0 Posted May 12, 2015 I'm going to agree with Thrasher here and suspect it's an industry insider attack o.0 Thanks for the great work Joran Share this post Link to post
TxRub779 1 Posted May 12, 2015 Its some fuck called Meile over there,,,,he is in our box, showing off about his skills Share this post Link to post
TxRub779 1 Posted May 12, 2015 I have been harassing the hell out of him.....imagine that, ME harrassing someone Share this post Link to post
gartfield 0 Posted May 12, 2015 well miele certainly does know his computer terminology. just made three threats about taking the site down. then he said, "say goodbye to your site" then not a couple minutes later it's down. Maybe coincidence. but he's a troll anyway. Share this post Link to post
JAFO 0 Posted May 12, 2015 Yeah, this f*ckstick showed up a few days ago, being a prick. I wasn't one bit surprised when the board was down this morning. This guy needs to have his house set on fire. With him in it. Share this post Link to post
TxRub779 1 Posted May 12, 2015 (edited) Maybe I provoked him.....Hehehe I might have taking that a LITTLE to far with Col's board. Uh oh. I couldnt help myself. I am sick, I mean a sinus suffections. I dont feel good. Being a dick makes me feel better. I cant help it...I cant Edited May 12, 2015 by TxRub779 Share this post Link to post
gartfield 0 Posted May 12, 2015 No, you were fine Rob. We all knew he was a troll. But what he was saying was completely unacceptable Share this post Link to post
JSJ 0 Posted May 12, 2015 No, you were fine Rob. We all knew he was a troll. But what he was saying was completely unacceptable Damn, I missed all that fun. Should be over on RWI more. Thought you were all too nice for that sort of stuff. Share this post Link to post
TxRub779 1 Posted May 12, 2015 I was....but but I am really NOT gay. Okay. i'm not Share this post Link to post