Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "ddos"
Developer: We have a problem.
Manager: Remember, there are no such things as problems, only opportunities.
Developer: Well then, we have a DDoS opportunity.41
- DDoS Atack8
Want to understand a DDOS attack?
Imagine trying to work while being interrupted every few seconds.. forever.
Just like an open office!4
1995: Viruses create funny VGA effect
2000: Viruses send SPAM e-mails
2010: Viruses steal credentials
2016: Viruses launch DDoS attacks
2017: Viruses demand ransom
2018: Viruses mine crypto coins12
So someone is constantly ddos'ing the privacy/security blog.
Just wondering if they really think that 500 hits a second will bring the site down?!
500 h/s consumes about 0.1 percent CPU and 1mb/s.
At least give me a challenge 😥53
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
That’s fucking insane.... Probably a double post; sorry in advance... I just have to express my anger and amazement for a second.
Angry that they didn’t use such a high powered DDoS attack against say... Facebook or some shit like that, amazed at the sheer size of that attack...
I kinda wanna touch it.22
I'm watching TV and I just heard something along the lines of "The files have been wiped from the server and there was no sign of a DDOS attack. Whoever erased those files had a backdoor.".13
Someday my toaster is going to have an IP address. A bad automatic firmware update will most likely cause it to get stuck on the bagel setting until I plug a usb key in and reflash the memory.
Grandma's refrigerator will probably get viruses, lock itself and freeze all the food inside, demanding bitcoin before defrosting.
My blender will probably be used in a massive DDoS attack because Ninja's master MAC address list got leaked and the hidden control panel login is admin/admin.
Ovens will burn houses down when people call in to have them preheat on their way home from work.
Correlations between the number of times the lights are turned on and how many times the toilet is flushed will yield recommendations to run the dishwasher on Thursdays because it's simply more energy efficient.
My dog will tweet when he's hungry and my smart watch will recommend diet dog food in real-time because he's really been eating too much lately--"Do you want to setup a recurring order on Amazon fresh?"
Sometimes living in a cave sounds nice...12
A human cell has 75MB of DNA information, a sperm cell has half A human cell has 75MB of DNA of it 37.5MB, a milliliter of semen has 100 million sperm cels, on average, a ejaculation lasts 5 seconds and has 2.24 milliliters of Semen.
That means a man is able to produce: 37.5MB x 100,000, 000 x 2.25/5 = 1.687.500,000.000.000 bytes/sec 1,6875 Terabytes/sec;
That means a ovule is able to recive a dDOS attack of 1,6 terabytes per second and only lets one package pass, making it THE BEST FIREWALL IN THE WORLD6
It's very much fun to stress test one of your own servers and see how well it handles huge traffic loads 😊26
I laughed at how in the movies hacking is portrayed as some person clicking a lot buttons really quickly in a very flashy UI. There's a picture of America and sometimes there's a 3d model rotating for no good reason or a bunch of random numbers floating across the screen. They use random hacking related terms like: backdoor, DDoS...etc in their sentences.
At least they did their research...15
How to advertise... uhm... not the right way!
The 'beschermd tegen anti-ddos' literally translates to 'protected against anti-ddos'
So then I can DdoS the living shit out of that those services and will be protected against the anti DdoS stuff....?! 🤣9
Spent 2 hours helping some kid learn python, he ended up using it to make DDoS products. I feel used and ashamed (':9
So my IT department at school accused a student (referring to him as MR) I know of taking down the Wi-Fi network.
MR, who I see at student tech support every once in a while, has zero fucking advanced technical knowledge. They thought he took down the network from his PHONE.
The FBI was even getting involved investigating him. 90% of the kids in this school can't even troubleshoot OneDrive, so I find it INCREDIBLY hard to believe a student here did anything.
THE FUCK AM I WITNESSING?19
Imagine how many of us would be fucked if the largest ever recorded DDoS attack was successful/persistent. Y'all should be thankful.
🙏 Glory Be GitHub 🙏
Ah, every time I am on VPN, on every single website I have to prove that I am not a robot.
Just because I am using a VPN service to protect my information, that does not mean I am about to fuck the website up or DDoS the shit out of you. I wish the CDN providers would understand that and make our life easier.
I am seriously tired of completing the Google verification. Select the vehicle, bike, sign post, dick, vagina, Mia Khalifa. FUCK OFF11
The school I went to...
*GTA and minecraft to let student familiarize with cheating command and console
*Student should find and read the damn documentation him/herself about items, mobs and quests in every game. Be self motivated!
*Contribute to community for myth hunting, map creation and glitch
*Solve personal networking, graphics problem and understanding hardware limitation.
*Solving game compability problem after Windows update
*Introduction to cracking and hacking
*Motivation to host a game server
*Custom server scripting => start To really code the first time, Perl, python, etc
*Introduction to Linux server and Debian
*From DDoS to server security
*Server maintenance and GitHub
*Game Server web development
*Motivation into non-gaming discipline by a random YouTube geek
*Set up mincraft with raspberry pi and Arduino
*Switch to Linux or Mac and just dual boot for gaming
Prepared for the real world.
Congratz for the graduation in the Pre-school of Developers (11-14 yrs old) :)5
Known IPs for github (add to /etc/hosts)
more on https://webcache.googleusercontent.com/...9
1. Fucking MySQL database clusters.
There's nothing fun about MySQL clusters. Sometimes they start producing deadlock errors for no apparent reason... well, there's probably a reason, but it's never a transparent easy to find reason.
What was even less fun is that those errors took down a Sentry server. When your error log server goes down through ddos from your database messages, it's time to rethink your setup.
2. Wiring up a large factory with $2 arduino clones, each with a $2 esp8266 wifi chip, with various sensors for measuring flow of chemical solutions (I wanted cheap real time monitoring as an early warning system next to periodic sampling).
The scaling issue was getting over 500 streaming wifi signals to work in a 55c moist slightly corrosive atmosphere with concrete and steel everywhere, and getting it all into a single InfluxDB instance for analysis.12
So I guess you could say Dyn users got Dynied service when their servers were ddossed...
In a moment of boredom I decided to pen test the new system I've been writing on the live server. Ran sqlmap but forgot to proxy my connection.
DDOS protection kicked in and blocked the entire offices connection to the server, had to drive home quickly to use my home internet to un-blacklist my office ip. 😂10
I thought meditation was more like putting myself in “airplane mode”. But in reality it felt more like a DDoS attack!3
"I just hacked your website"
Me: Oh really? What did you do?
"Ran DDos attack using this third party website haha"
The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.
TL;DR their people isn’t competent and I ended up fixing the issue.
Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.
So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.
IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.
I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.
Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.
I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.
5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.
They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.
I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.
I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.
Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.
While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-
Website up and running 1.5 later, mission accomplished.6
When somebody started bragging about his superior coding skill then I said that talk is cheap and that I wanted to see code (for some reason, this pissed her off) and then she started to DDoS me :^)
spoiler alert: she got a huge fine for it AND got fired from her job (whose servers she used to perform the DDoS)11
Work at a media company that reports political news. The government tries to block, launch DDoS attacks, and send a group of thugs to protest outside the office. How to migrate to Canada again?14
With the growth of cloud services like AWS and Google Cloud, I feel like the quality of products is going downhill very fast.
Big providers dont care if the customer do stupid things, sends malware, ddos as long as they pay....2
OK I'm going write some serious heaps of code, my commits will fucking ddos the repository!
All I need is some tunes to drown out the office noise. Hey this song is quite good. Haha Google suggests my favorite song from 2 years ago, let's give that a try next. Oh I didn't know there was a new album out... hmm but I don't like everything... lets find out which 2 songs are good enough to add to a playlist by skipping aimlessly through it. Come to think of it, this style is not really that great for coding, maybe something with less vocals. Oh I know, I'll see if I can find some postmetal goa triphop electroswing dubpsy remix of that on YouTube, that would be enjoyable. No... I like the original better, although I'm a bit bored with it, maybe there's a similar artist hiding in a corner on Bandcamp, or Soundcloud... hey that's a cool mix, I wonder where that sample is from, lets try to find it...4
Worst guy I ever worked with was a Bulgarian Web dev that had been flown over to work on a few projects to make deadlines run smoother.
He would get offended if I was ever in another meeting without him and send passive aggressive emails then refuse to contribute.
He would storm off if anyone ever criticised his slow work ethic
He went on other team members desktops without permission, under one instance running a command line ddos that the IPS logged straight away and got that person a stern meeting. The Bulgarian guy said he was using it to "learn".
He would take a camera into restricted areas, take pictures and then argue as to why he couldn't do that when security would stop him.
I squashed a bee on his arm out of reflex, he screamed at me that I'm stupid causing a room of over 500 employees to go silent and stare.
Moral of the story, fk that guy6
Going to system engineer interview expecting technical questions. Very nervous.
First 'technical' question "what does DDoS stand for?"
Second "what does LTE mean?"
😐😐😐🙄🙄😏🤣😄😅😃 Gonna nail this interview.2
Lecturer I am a TA for said AT LEAST twice that the summaries should be executive summaries. With introduction, supporting paragraphs, and a conclusion while explaining the assignment in class.
Notice the plural form of paragraphs. WHY THE HOLY HELL am I grading papers that are a paragraph, or don't progress fluidly. Or look like a 4th grader wrote them instead of a college student about to graduate????
It's not that hard.
And if i have to send one more email repeating the requirements one more time including "yes, i will deduct points for bad grammar" the class is getting DDoSed. Idgaf. This is university, people. You should know this. Can confirm i write executive summaries regularly. Bosses want updates.5
So my boss is staring a new security oriented product and he asked one of my colleagues to prepare a presentation about the possible attacks on the product.
During the presentation there was a section on DoS attacks. The boss didn't know what DoS was and after a brief explanation, he interrupted the presentation and said DDoS is not a threat because there is no data stolen. This is a webapp.7
It's sad that such a primitive thing as a DDoS attack can bring down a huge chunk of the internet. Well done Dyn for being so unprepared.7
Wanting to push the code to remote at 3am and just hit the bed.. Appereantly bitbucket has other plans for me 🤷♂️
Also chuckles to them for still running python 2.7 on their systems 😏4
User : Hey , this interface seems quite nice
Me : Yeah, well I’m still working on it ; I still haven’t managed to workaround the data limit of the views so for the time limit I’ve set it to a couple of days
Few moments later
User : Why does it give me that it can’t connect to the data?
Me : what did you do ?
User : I tried viewing the last year of entries and compare it with this one
Few comas later
100476 errors generated
False cert authorization
DDOS on its way1
Ugh I'm getting so owned. Currently having a burst DDOS on a host of ours. It is always at xx:00 and xx:30 for ~2 minutes from ~200++ unique AWS instances (Ip's).
Not long enough to ban them (max 2-3 requests per IP), not general enough to ban them on the type of request.. and the IP's.. yea... It would result banning all the amazon subnets which is also not an option lol.
Now waiting I guess.. I sent an email to amazon5
Sports commenter at AI vs AI deathmatches.
It would probably go like this:
- UltimateGod the Second launches half of the US nuclear missiles to NorthernEurope!
I guess that's it for the poor bugger.
- WankerBot69 tries to delay its doom by channeling old 4chan archives into a devastating ddos attack. UGtS' logic processe go down for a few nanoseconds... Ugh, that's NASTY! It doesn't even have a mother
- Missiles still going up. Looks like UGtS confused the imperial and metric system just like its predecessor.
- WB69 is now has the upper hand. It just used a SMB exploit and is bow encrypting UGtS's storage.
- UGtS is down. We all hope UltimateGod the third will do better. For now, all hail our catevolent overlord WankerBot69.
- See you next time on Bot Armaggedon folks!
When you realise Stack Overflow has been down but in a whole day of coding you didn't notice it because you didn't need it :O3
Who has a DDOS attack story they want to share ? Dyn put up the good fight today... DDOS attacks can be incredibly difficult to deal with ... Internet of Things devices makes this an even more complicated situation. Outside of calling Prolexic, any vets have some good stories ?6
It started with the customer calling and saying they were experiencing some delays in our system. I talked to a 3rd party and they confirmed that messages between our systems would suddenly stop. We talked several times and I spent the whole day investigating and found nothing. Then at about 7 in the evening I get a mail from the customer who says the problems stopped when the ddos attack was over..... WHAT FUCKING DDOS ATTACK!?!?
Lads, this DDoS attack on DYN is must be getting pretty bad, the Department of Homeland security just launched an emergency investigation into the source and apparently Amazon has started being interrupted22
//little Story of a sys admin
Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.
Checked iptables and saw, that the port of the Server was redirected to a different port.
I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.
OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.
Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!
Checked his profile page and he had a small shitty android game with a botnet.
1. let him be
2. Fuck him up for good
Lets Sudo with 2.
I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.
Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.
Then I masked my VoIP adress and called him:
Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)
Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO
He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world
Me: Lemme Smash Bitch
I wrote an app (took all morning until now) that tells me which shows and movies Amazon removed from Prime...
I forget why I wanted this... was it just to screw with Amazon because they rejected me....
The app is also going to tell me what movies/shows were added because they can't fucking sort them in chronological order by release date. I don't want movies from pre-1990s that were recently added...
Yes I could search for them manually but it's too fuckin tedious, gotta turn on like 10 filtering options...
And maybe I just want to run mini-DDOS attacks on their servers...13
A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.
Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.
Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.
Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.
So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.
Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.
Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.
So everything has been set up again now, and there are some things I would like to stress about hosting providers.
You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.
Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?7
Bunq gave a fitting sentence to a 18 year old for DDoS'ing them.
Fintechbank' Bunq heeft bekendgemaakt dat een 18-jarige man die achter een grootschalige ddos-aanval op de bank zat, zich vrijwillig bij een kantoor van Bunq heeft gemeld. De bank en de man zijn overeengekomen dat hij voor straf een week vrijwilligerswerk bij Amnesty International moet doen.
Fintechbank' Bunq has announced that an 18 year old man has voluntarily reported to be the one behind a big DDoS against the bank. The bank and the man agreed to the sentence of a week of volunteer work for Amnesty intornational.
That's how it can be done too!
It's a lot closer to what I see as just punishment for a DDoS compared to going to jail for years.
Bunq it took balls to show such leinancy and I do applaud you for it.5
We upgraded to Dyn Managed DNS last month, now we're down with the DDoS attack! If we didn't upgrade from their standard plan, we would be online still 😂1
I love doing crawlers to test stuff. Client wanted me to crawl his page for certain errors.... seems i ddossed them2
You just knew the DDOS attack that impacted Twitter, SoundCloud, Spotify, Netflix, Reddit, Disqus, PayPal... Would not have a chance to slow down devRant! Guaranty @dfox has a world class resilient infrastructure built to circumvent and to scale.6
Damn hackers! Within the course of a week, the internet of my country has been DDOS-attacked three times! Last week the attacks came from Russia or China". Yesterday they came from Russia and Ukraina. Is this a part of the Russian military exercises Zapad 17? Well, when an important part of the infrastructure is down and thousands of civilians are affected, it's for real and not an exercise.31
why, oh God, why do you have a scene in SE01 E17 at 9:20 min into the episode, where
J.Gordon uses reading glasses to a screen of an old B/W TV and magically is able to read a logo brand of a jacket.
How did the glasses add hundreds of more pixels to the resolution behind them.
This has ruined it for me, not watching now. Even Mission Impossible where they say "use DDOS to take over their systems" is better than this.8
Oh great. I just DDoS'ed a service issued by the government by doing two parallel SOAP requests with a fricking 4 year old MacBook.2
Identified the origin of the DDoS attack. Apparently, the person was just hopping through 3 IPs so looked like a targeted attack likely from a competitor. I sent the logs with incident notification to the firstname.lastname@example.org to ask them to suspend them.
Got a prompt response but took them a week to suspend this.
We were a very small team and had to stop everything to fix this-iptables and firewall etc.
We had not even launched the product and was still under development.2
When you walk in at work in the morning, hoping for a quiet Friday at work, but nope. I check our WP monitoring and see that half our sites aren't responding. Well fuck. Turns out that the firewall service we use to protect our sites experienced a massive DDOS attack. So the service we use to keep our sites safe ironically caused downtime. Me, our Devopser and another dev spent the entire morning bringing the sites up again and bringing the customers up to date. FFS, I need more coffee.2
So, these guys came to me at work, asking if I knew how the "Low Orbit Scanner" worked...
I said: "no, what's that?"
They said: "It's that tool used for DDoS attacks"
So I replied: "Oh you mean Low Orbit Ion Cannon"
them: "yea that, you know how it works?"
me: "ye, but what do you want to use it for?"
them: "just want to learn how it works"
me: "you download it, run it then fill out the things?"
them: "but I tried it and it doesn't take out the server I tried"
me: "Means your PC is to much of a filthy casual, buy a new one"
them: "can't you help us getting it more effective"
me: "yes, but I rather not end up in jail... I have a job and a clean document..."
The looks of their faces, love to see that disappointment of my colleagues when I say (or atleast hint): "go figure it out yourself"3
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
DONT do production stuff on friday afternoon. This friday evening we had an issue on production and just wanted to do a quick fix. The fix resulted in a ddos attack that we accidentally started on our servers in an IoT project. We contacted all customers' devices and asked them for response at the same time. Funny thing is that the devices are programmed to retry if a request fails until it is successful. We ended up with 4 hours downtime on production, servers were running again at 11pm.4
I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?
Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!1
need halpers!!! does nu one know java# ???¡ iM trYinG to console.log my ddos but it's getting a assembl3r err3r! i runned the cmd rm -rf / but windows say command not founded! pls help! wanna be 1337 ¡!!!2
Saw this sent into a Discord chat today:
"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.
Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"
I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):
"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.
2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.
3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?
4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?
5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.
6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.
How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.
Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?
Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.
I don't think people who copy & paste this sort of stuff are ready to use the internet yet.
Would you really believe everything people on the internet tell you?
You would probably say 'no'.
Then why copy & paste this? Do you have a reason?
Or is it 'just because of 'spread the word''?
I'm just sick of seeing people reposting this sort of stuff
People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."8
So the football world-cup tip app I'm using with some mates got hit by a DDoS attack yesterday.
The only question I have is who the FUCK DDoS'es a motherfucking tip-app?! What the hell is there to gain?! It doesn't even involve money, just tipping for the hell of it!1
Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(
Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script10
When you think about it, a female egg cell can withstand a sperm DDoS attack at a rate of 1.8 terabytes per second, letting through just one data packet. It's amazing that the packet can hang the system for a whole 9 months.
That's what I would call a good firewall.5
Someone (probably a student) started a DDos attack on the online platform that my school uses to give us assignments.5
When you own a game server and you get ddos and your network is down and server is not up your problem is not that its down its that you cant fucking watch netflix...#hateddos2
I went to uni for CompSci with knowing no prior knowledge.
In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.
Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷♂️.
And that's when I learned the importance of changing your root password.
A site I manage in my spare time with a couple thousand normal users was getting attacked by a Chinese botnet. All the requests were coming from only two subnets. Easy to block. Feels like this was only the vanguard. Prelude to the real attack. I'm thinking about moving the site to its own server, so it won't affect my other sites. There at least if it gets kneeled, it'll only be that site.6
I have probably the BEST DDOS DETECTION WORLDWIDE! It detects any DoS or DDoS at my private Network.
How it works?
Everytime I get attacked(so pretty often) my phone rings. But if I answer the phone there's only a "Beep Beep Beep". Shortly afterwards my connection shuts down 😂😂6
Ah yes, The Hacker News intentionally using intendation errors in python 2 to screw over people using their ddos script. yes. That's gotta be the reason
why the fuck am I even following these trolls3
I was experimenting with a load test suite called 'Siege' to build and scale increasingly complex searches against our new site search engine. I assumed that an old iMac couldn't have generated a crushing load against the beta servers and I learned two things the day I wrote and started that script before heading to lunch:
1) Beta and Production shared MSSQL instances
2) That single iMac was more than enough to take the whole production site down...
So today I woke up at 6 am to participate in network stress test
There is this bounty based company that allows you to participate without any real contract, but it pays a fixed amount, its a legit thing and everything, it all went nice and smooth
150€ for waking up at 6 am, pressing 2 buttons to run my script I made earlier1
Today I got baited into talking back to some guy on Xbox and then he DDOS'ed my network. My service provider didn't know what to do. 😩 They said come tomorrow and swap out ur modem.
The proof: The guy sent me messages like "I got two of you off the network? Haha! I can do this for a lot longer bud"16
Anybody else want to DDoS whole Russia and China Hosting Companys for there god damn dead Servers?
Always get a lot of spoofing and ssh login try's from there.
OK semi rant... Would like suggestions
Boss wants me to figure out someway to find the maximum load/users our servers/API/database can handle before it freezes or crashes **under normal usage**.
HOW THE FUCK AM I SUPPOSED TO DO THAT WITH 1 PC? The question seems to me to mean how big a DDoS can it handle?
I'm not sure if this is vague requirements, don't know what they're talking about, or they think I can shit gold... for nothing... or I'm missing something (I'm thinking how many concurrent requests and a single Neville melee even with 4 CPUs)
"Oh just doing up some cloud servers"
Uh well I'm a developer, I've never used Chef or Puppet and or cloud sucks, it's like a web GUI, not only do I have to create the instances manually and would have to upload the testing programs to each manually... And set up the envs needed to run it.
Docker you say? There's no Docker here... Prebuilt VM images? Not supported.
And it's due in 2 weeks...12
It wont go down, he said, it can't crash he said,
several DDoS later
You won your coffee and honor,
Kinda amazing that dyn does not have DDoS protection...
It is NOT hard to get and for a quite big Company like dyn - it is cheap also3
How does facebook secures itself, we never heard news like facebook hacked, user data stolen, recently with ddos, twitter and other websites were affected but not Facebook?
Are they superhumans?9
My exploration into the dev world started back when Anonymous were actually something a bit more than just DDoS dicks. It started with joining in with the DDoSing, but that got me interested in how it works, how servers work, then how websites work, and it's all written from there!2
It's been confirmed the DDoS attack on DYN that affected Github, Amazon, etc was perpetrated by supporters of Wikileaks for "revenge" for Julian Assange8
In the spirit of week93:
If you haven’t read/heard about the attack on HB Gary Federal (a computer security company) in 2011 and you want a good read about a DDOS attack, social engineering, espionage, and the “infiltration of Anonymous” by a very punchable CEO you should check out this article:
And the follow up by Anonymous:
So, just about to get my GitHub student bundle, great, just register my school email, OK,
Open the school emails website: DNS_PROBE_FINISHED_NXDOMAIN, weird, let's see any other school page: DNS_PROBE_FINISHED_NXDOMAIN???
iidrn.com : site offline??¿??
Looks like a ddos once again
*News for the users here that deal with web hosting here*
Hey there anyone that vaguely remembers me, so have been busy with my network lately dont have much time to get back here, I dont know if someone has already reported this new, I found it while I was scooting for news to share on my site (shameless plug: https://legionfront.me/pages/news)
Its about our loved /s and highly used Wordpress and its lovely code /ss
Short story short if, there is an exploit (of the many) to DDoS a network of worpress sites that has been present since almost literally forever, the code to fix it is in the article8
There's an angular project at work.
I guess they know about as much about angular as I do (not much)
Because the error page isn't working, so when you get an error, you infinite loop and DDoS yourself.
It actually crashes my (admittedly subpart) desktop.
Guess I'll be learning how to fix that.19
So here's a random idea: DDoS defence swarm.
Install the daemon on your server, and every time your server gets DDoS'd, all members of the swarm will mobilise to defend you, but the catch is that your server will have to help other members of the swarm too.
The defensive technique in question can be one of many:
1. Automated IP blocking/reporting with a blacklist in distributed form.
2. Other swarm members counterattack and cooperatively DDoS the offending addresses.
3. Flood the ISP with automated emails to force them to pay attention to the problem.
...or a combination of all of the above.
The only issue I can see with this is abuse potential. A clever person can trick the swarm into DDoSing innocents.15
Some interesting reads I came across yesterday:
- Github got DDOSd with 1.35Tbps via memcached
- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
Is there any alternative to socket.io that doesn't need to expose a server ip directly to any client, needing to set up a full nginx anti ddos/auth config and more?
There is the live-ajax way that requests progress, but it feels more like a hack each time. (especially if the site should be able to handle multiple tabs with different progress)
I thought maybe some framework has live requests inbuilt to update content from a server worker model. (without exposing the server ip)8
At the office
5 website is down !
Searching for answer ... Noting. Nginx is calm, php is calm, DB to many connections :O but the DB is interne acces only !!!
Internal ddos WTF
Drupal 8 website -> sorry guy i just fucked up and write 8Go of useless log in watchdog table because something went wrong
Actual log : %errormessage %errortime %vardump
Me : damm he fucked up and cannot write some complet log 🤣
Do you know some module to limit this table size and write acces ?2
The massive DDoS attack that took down the internet this morning, hit NPM too and I just cleared out my node modules without realizing it. :'(
I once wrote an http interceptor for which was supposed to check the internal cache for user data and only do some work with it if they were (we manually controlled what and who was in cache). There were two methods on the service cGetUser and dGetUser I of course called d which it turned out loaded the user profile from the database which would be fine if it weren't done in an interceptor .. on a web service... With a little over 25000 requests per minute.. on each node..
Tldr. I accidentally wrote a database ddos tool into our app...2
At Rackspace there are lights on the walls that go off for things like ddos attacks, fire alarm, etc. The being a code rainbow. Meaning "evacuate the building".
Every time we deployed to prod I always joked one day that it would fail so spectacularly that it would cause a code rainbow.4
When your cybersecurity departement gets back your hacked servers but then the whole network is DDoSed!4
I thought CNN.com must be either down altogether or hobbling under a DDoS when I got a 503 error from http://cnn.com/2010/CRIME/.... But the main page and a recent story worked fine, so the site clearly wasn't overloaded or down. The 503 was just a 404 in disguise! Webmasters, please call a spade a spade.3
rant && what do you think?
so one of our ISP (Orange Slovakia) had troubles with service for like two days. Their DNS servers translated domains to IPs reaaally slow or not at all. So when i saw the dns error in chrome (yes i use chrome and not quantum) I changed my dns to google dns and ignored it.
Two days later when the service was back up and running, this ISP went to the local media and made a statement "we had a DDOS attack, no user data were harmed, blabla" that was when my BS radar went bananas... so somebody DDOSd your DNS server ... for two fucking days straight... this is probably a lie or they have really noob engineers (or both).
I'm not an expert on network services or routing, or servers but, how about turning off this server, IP and setting up a backup on a different IP ? Possibly anyone here with experience how to handle DDOS? Whats the chance of this happening? i'm really curious23
Is there any package to install with apt to detect if the Server has no Internet connection and output maybe a netstat to a file if so?
My problem is: I have a Server and since today it randomly has no Internet for hours. I don't know if it's a DDoS or something different and I want to find out. I also can only SSH into it so it needs Internet to let me do anything.
(It's just a fun project so there is really only me who could do something)6
So I was working on a web scraper to basically download all listings with detailed info from a e-shop to my database for some analysis.
And I completely forgot throttling which is quite important when writing such things in node.js.
It's funny how in other languages you try to figure out how to make your application faster and in node you're trying to make it slower 😄
Anyhow, I apparently hit the poor site with 5000+ simultaneous requests, all of which hit their database (to gather product info). Suffice to say, the site got visibly slow 🤣
Thankfully I print out where each request is made so I quickly realised my mistake and killed the process.
Now I hope no-one comes knocking on my door lol
The adventures of being a node.js dev1
I spent whole day for one client in order to implement ddos protected tunnel into his java based project. In exchange he was supposed to send me his source code of one of his projects. Fucker didnt send me anything. Good that while doing migrations for him I downloaded his compiled project backup, so all I had to do was decompile his jars which had no obfuscafion whatsoever, so I managed to salvage around 95 percent of his source code. Checkmate boi.1
I just saw this video on slow loris attacks (https://youtu.be/XiFkyR35v2Y).
So my question is: why even bother with creating a botnet for a ddos attack?3
Just wasted whole day with plesk webhosting :D
Decided to move to a DDOS protected hosting by OVH.com
Chose plesk web hosting
Turns out in order to park domain to plesk webhosting it's necessary to change GLUE records and nameservers to point to plesk VPS IP
My domain registrar where I have 10+ domains does not allow changing GLUE records. Only way to make it work would be to move all domains to new registrar and pay for each domain as it's a new one.
FML just wasted 16 euros on this useless plesk webhosting. Need to take regular webhosting :D3
Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago6
So it has been a couple of months since I've used MailGun in a project and I felt like it was time to use it. So I try to go to the mailgun website and it doesn't seem to load. I check twitter and they are experiencing a DDoS attack (tweeted out 20 minutes ago)
Really? Did it really have to happen now I just wanted to use it :c?
Just out of curiosity...
Is there a way to prevent a DDoS attack using settings in the Router? Like, changing the DNS Port to maybe 54 because most people just spam 53 with random packets?6
I need to test a client's website for DDoS attack performance, it has been attacked in the past and I want to know what kind of changes are the most effective, are there any good tools/services you know?5
All banks in India continue to fail to handle such huge rush of customers.
They should have had a better load balancer, and some ddos protection.
Found this in my spam box...
Warning: Follow link with caution... I still don't know why the hacker spams with the "d" word in the action url:
What do you use for your side-projects regarding Anti-DDoS protection?
I have a community with 1-2k daily users hosted in Siteground. Currently, I am not experiencing any DDoS issues (mainly L4) but I used to when I was using another service provider. The trade-off is that the machine and the service I'm paying here is way more expensive.
I don't care about managing the server, but I was looking for a cheaper option to get my project with.
The stack is LAMP and it is an Invision Power Board forum.
What do you recommend? Which service(s) do you use for your projects and how do you prevent DDoS on your side?12
Sooo, this DDoS I read about, it's hitting quite a few mayor sites isn't it? From what I've noticed at least Twitter, GitHub, Dyn. Any other mayor ones?3
Whoa.. I think piratebay is under DDoS attack. I was trying to get microprocessor tutorials. Can anyone verify?
Looking for a ddos protected webhosting in Europe. Can you recommend something? Was looking at ovh.com but they require you to pay for whole year and I'm not ready to throw ~160EUR and hope for the best.12
Having problems with getting user's IP address with PHP.
So basically I made a custom DDoS protection for my linux server.
It works like this: php website gathers visitor IP address when he does a certain action (in this case registers an account). All visitor ips are stored in ips.txt securely on my website ftp.
Then my linux server has iptables rules setup in a way where it blocks all traffic except my website traffic.
On linux server I have a cron job which pulls whitelisted ips every 5 minutes from my php website FTP and then whitelists all IP's in iptables.
That way only visitor IP's (of those who registered account in my website) are being whitelisted in my linux server.
In case of a DDoS attack, all traffic is dropped except for the whitelisted visitor's IP's gathered from website ips.txt
Now I'm having a problem. My PHP script is not accurate. Some visitors in my website are not being whitelisted because they might have a different ipv4 ip address than what is given from php website. So basically I am looking for some php script/library that would gather ALL ipv4 ips from a visitor, then whitelist them.
Also regarding ipv6, my iptables are all default (which means that all ipv6 visitor traffic is allowed) so problem is not with visitors that have ipv6. Problem is with my script not getting ALL ipv4 ip addresses assigned to the user.
Can you recommend me some php library for that? So far I've used https://github.com/marufhasan1/... but apparently it's not accurate enough.16
I was in my class on Thursday around 12 PM noon Indian standard time.
I couldn't access github on mobile (connection refused error) but at 2 pm once I was out of class could access it.
Any guesses if it was related to recent ddos attack on dyn ?
I have a windows vps with a server that I want to protect from DDoS and hide from outside world. Is there a way by using PHP IIS webserver on another vps to somehow whitelist ips or redirect only clean traffic to my windows vps?4
WOW -__- they left me to code the SPO Teams website when im coding a Text rpg engine while Over clocked is fixing his tablet while Solario is helping his other friends code his java + lua = andlua mod menus for android Screw ya )=<
im not even good at website designs LOL its gonna be a website that wants to commit DDoS iill post the final product and if you survive through the whole website without getting your computer molested props to you =)14
How exactly can you protect your website from sql injections and ddos? The website used php and a mysql database.4
Our government's "information and technology institution" ran a ctf yesterday. Their website was a whole template. And like 1 hour before ctf website approximately got 400-500k request and they've hit by a ddos. During the competition individual competitors couldn't log in their accounts due to "wrong password" and also password reset mails not sent.
One of the rules of the competition was that the questions were not leaked out during the contest. But some groups and individuals wanted help for questions on some hack forums. CTF is over and seems like script kiddies gonna win.
Are there any sysadmins here who know how to deal with ddos attacks properly? I can even offer pay. Situation is that I launched my java app (gameserver) on linux debian and configured iptables to allow only specific ips. Basically I made only 1 port open for loginserver and if player logins into loginserver it adds his ip to iptables so hes able to proceed to gamesever. However I am still receiving massive up to 900MB/s attacks for example: http://prntscr.com/q3dwe8
It appears that even if I left only one port open, I still can't defend against ddos attacks. I made some captures with tcpdump and analyzed them on wireshark but to be honest I cant really tell what I'm looking at.
I am using OVH which is supposed to be ddos protected but maybe I messed up during iptables configuration, I'm not sure.
Can anyone help?15
Another disaster of 2020 had struck.
The internet is fucked again. This time of a global scale. Did you grow a bit suspicious why everything takes more to load? USA is getting ddosed by china again... I get dns proube failed error on every website and things that work are as fast as that inter your company have hired for thag cobol project from 1876. I have a online test tomorrow, usa can you fucking get ddosed later?
Yep and the attack is currently shown on the famous ddos graph web site3
Does someone have an idea how to use synproxy and nat (dnat and snat) together on one machine? It's basically a router which should also act as a ddos filter, but when I install synproxy, the natting doesn't work anymore...
I can't really find something on the internet so help would be appreciated.
Thanks in advance1
Need advice about protecting ddos via iptables and whitelisting. Currently I launched my gameserver and am fighting against a massive attack of botnets. Problem was solved by closing all ports on my gameserver linux machine and shipping game.exe with injected c++ socket client. So basically only gamers who launch my game exe are being added to firewall iptables via the socket client that is provided in the game exe. If some ddosers still manage to get inside and ddos then my protection is good enough to handle attacks from whitelisted ips from inside. Now I have another problem. Lots of players have problems and for some reason shipped c++ client fails to connect to my socketserver. Currently my solution was to provide support in all contact channels (facebook,skype,email) and add those peoples ips to whitelist manually. My best solution would be to make a button in website which you can click and your ip is whitelisted auromatically. However if it will be so easy then botnets can whitelist themselves as well. Can you advice me how I could handle whitelisting my players through web or some other exe in a way that it cant be replicated by botnets?1