GamesCreation
New member
A website I often liked to go to was www.spywareinfo.com - they have great updates on security and things and help people who get infected by spyware. The past few weeks, they've been under loads of attacks aimed at them.
Quote:
Mike has a dedicated server in Atlanta which hosts spywareinfo.com/net/org, merijn.org, tomcoyote.org, dogreader.com and mikehealan.com. On Feb 6, there were a few sporadic DDoS attacks that were easily filtered out.
On Feb 11th about 8am, several hundred PCs infected with some sort of trojan started hammering the server with bogus traffic to port 80 (HTTP). Mike's Web host started blocking IPs trying to open too many connections and brought the server up. 10 minutes later, 2,000 more PCs hit the server and knocked it down again. The data center started blocking wide ranges of IP addresses and stopped the attack again. They attacked again after that and the data center finally firewalled the IP address of the server.
On Feb 12, we switched IP addresses and brought the server back up. 2,000 - 3,000 PCs brought the server down again about 15 minutes later and the data center firewalled the new IP address at port 80 (HTTP). That's why Mike's e-mail works, but not the site.
On the 13, Mike moved tomcoyote.org to hostpc.com and merijn.org to xblock.com. He put out a newsletter using tomcoyote.org explaining what was going on and asking for some donations to help cover costs. The next day, several thousand PCs attacked merijn.org and knocked down merijn and xblock. Several thousand more hit tomcoyote.org and knocked it down along with one of hostpc's servers. Both sites are still down, xblock is back up, and the status of hostpc is up in the air.
On Feb 18, the crew put up two proxy servers that pulled data from the server in Atlanta and used a "round robin" DNS failover system to load balance traffic between the two proxies. Spywareinfo was running again and dogreader was partially working the next day. The bad guys hit the servers with about 2,000 PCs and the proxies lasted about 36 hours before they were knocked offline. Both servers have been shut down by their data centers.
On the 19th, the meanies also attacked Net-Integration.net, which hosts the support forums for Spybot S&D. A lot of the moderators and helpers at SWI are also admins or moderators for that support board. N-I is back up.
That's where they currently stand.
From Lockergnome, Read the whole thing here
Anyway, they've been under loads of attacks, apparently up to 64mbits of traffic per second or something, all through port 80.
It's been offline loads but is up for now (in a limited way) through proxies. Anyway, what can a host do about some thing like this? Do they just have to wait it out?
Quote:
Mike has a dedicated server in Atlanta which hosts spywareinfo.com/net/org, merijn.org, tomcoyote.org, dogreader.com and mikehealan.com. On Feb 6, there were a few sporadic DDoS attacks that were easily filtered out.
On Feb 11th about 8am, several hundred PCs infected with some sort of trojan started hammering the server with bogus traffic to port 80 (HTTP). Mike's Web host started blocking IPs trying to open too many connections and brought the server up. 10 minutes later, 2,000 more PCs hit the server and knocked it down again. The data center started blocking wide ranges of IP addresses and stopped the attack again. They attacked again after that and the data center finally firewalled the IP address of the server.
On Feb 12, we switched IP addresses and brought the server back up. 2,000 - 3,000 PCs brought the server down again about 15 minutes later and the data center firewalled the new IP address at port 80 (HTTP). That's why Mike's e-mail works, but not the site.
On the 13, Mike moved tomcoyote.org to hostpc.com and merijn.org to xblock.com. He put out a newsletter using tomcoyote.org explaining what was going on and asking for some donations to help cover costs. The next day, several thousand PCs attacked merijn.org and knocked down merijn and xblock. Several thousand more hit tomcoyote.org and knocked it down along with one of hostpc's servers. Both sites are still down, xblock is back up, and the status of hostpc is up in the air.
On Feb 18, the crew put up two proxy servers that pulled data from the server in Atlanta and used a "round robin" DNS failover system to load balance traffic between the two proxies. Spywareinfo was running again and dogreader was partially working the next day. The bad guys hit the servers with about 2,000 PCs and the proxies lasted about 36 hours before they were knocked offline. Both servers have been shut down by their data centers.
On the 19th, the meanies also attacked Net-Integration.net, which hosts the support forums for Spybot S&D. A lot of the moderators and helpers at SWI are also admins or moderators for that support board. N-I is back up.
That's where they currently stand.
From Lockergnome, Read the whole thing here
Anyway, they've been under loads of attacks, apparently up to 64mbits of traffic per second or something, all through port 80.
It's been offline loads but is up for now (in a limited way) through proxies. Anyway, what can a host do about some thing like this? Do they just have to wait it out?
