Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "ddos"
Developer: We have a problem.
Manager: Remember, there are no such things as problems, only opportunities.
Developer: Well then, we have a DDoS opportunity.32
Calling a DDoS attack a hack is like blowing a door off its hinges with semtex and then telling people you can pick locks.16
- DDoS Atack8
Want to understand a DDOS attack?
Imagine trying to work while being interrupted every few seconds.. forever.
Just like an open office!5
1995: Viruses create funny VGA effect
2000: Viruses send SPAM e-mails
2010: Viruses steal credentials
2016: Viruses launch DDoS attacks
2017: Viruses demand ransom
2018: Viruses mine crypto coins12
So someone is constantly ddos'ing the privacy/security blog.
Just wondering if they really think that 500 hits a second will bring the site down?!
500 h/s consumes about 0.1 percent CPU and 1mb/s.
At least give me a challenge 😥55
While working support a client calls saying he's being DDoS-ed. The whole team went into high alert. Everyone is checking network traffic but there is no evidence of an attack. The client insists, calls all the way up to our CEO complaining of our incompetence and that he's losing thousands of dollars every second.
I take it on myself to look a little deeper. After some Sherlocking, I find that the client's developers managed to build an infinite loop that makes HTTP requests to localhost. The client was DDoS-ing them selves.
I got no thanks for my competence no apology regarding my incompetence. 😑4
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
That’s fucking insane.... Probably a double post; sorry in advance... I just have to express my anger and amazement for a second.
Angry that they didn’t use such a high powered DDoS attack against say... Facebook or some shit like that, amazed at the sheer size of that attack...
I kinda wanna touch it.22
I'm watching TV and I just heard something along the lines of "The files have been wiped from the server and there was no sign of a DDOS attack. Whoever erased those files had a backdoor.".13
Someday my toaster is going to have an IP address. A bad automatic firmware update will most likely cause it to get stuck on the bagel setting until I plug a usb key in and reflash the memory.
Grandma's refrigerator will probably get viruses, lock itself and freeze all the food inside, demanding bitcoin before defrosting.
My blender will probably be used in a massive DDoS attack because Ninja's master MAC address list got leaked and the hidden control panel login is admin/admin.
Ovens will burn houses down when people call in to have them preheat on their way home from work.
Correlations between the number of times the lights are turned on and how many times the toilet is flushed will yield recommendations to run the dishwasher on Thursdays because it's simply more energy efficient.
My dog will tweet when he's hungry and my smart watch will recommend diet dog food in real-time because he's really been eating too much lately--"Do you want to setup a recurring order on Amazon fresh?"
Sometimes living in a cave sounds nice...12
A human cell has 75MB of DNA information, a sperm cell has half A human cell has 75MB of DNA of it 37.5MB, a milliliter of semen has 100 million sperm cels, on average, a ejaculation lasts 5 seconds and has 2.24 milliliters of Semen.
That means a man is able to produce: 37.5MB x 100,000, 000 x 2.25/5 = 1.687.500,000.000.000 bytes/sec 1,6875 Terabytes/sec;
That means a ovule is able to recive a dDOS attack of 1,6 terabytes per second and only lets one package pass, making it THE BEST FIREWALL IN THE WORLD6
It's very much fun to stress test one of your own servers and see how well it handles huge traffic loads 😊26
I laughed at how in the movies hacking is portrayed as some person clicking a lot buttons really quickly in a very flashy UI. There's a picture of America and sometimes there's a 3d model rotating for no good reason or a bunch of random numbers floating across the screen. They use random hacking related terms like: backdoor, DDoS...etc in their sentences.
At least they did their research...17
How to advertise... uhm... not the right way!
The 'beschermd tegen anti-ddos' literally translates to 'protected against anti-ddos'
So then I can DdoS the living shit out of that those services and will be protected against the anti DdoS stuff....?! 🤣9
Spent 2 hours helping some kid learn python, he ended up using it to make DDoS products. I feel used and ashamed (':9
So my IT department at school accused a student (referring to him as MR) I know of taking down the Wi-Fi network.
MR, who I see at student tech support every once in a while, has zero fucking advanced technical knowledge. They thought he took down the network from his PHONE.
The FBI was even getting involved investigating him. 90% of the kids in this school can't even troubleshoot OneDrive, so I find it INCREDIBLY hard to believe a student here did anything.
THE FUCK AM I WITNESSING?19
Imagine how many of us would be fucked if the largest ever recorded DDoS attack was successful/persistent. Y'all should be thankful.
🙏 Glory Be GitHub 🙏
Ah, every time I am on VPN, on every single website I have to prove that I am not a robot.
Just because I am using a VPN service to protect my information, that does not mean I am about to fuck the website up or DDoS the shit out of you. I wish the CDN providers would understand that and make our life easier.
I am seriously tired of completing the Google verification. Select the vehicle, bike, sign post, dick, vagina, Mia Khalifa. FUCK OFF11
'Twas the night before deployment and all through Hipchat
Not an intern was stirring, or a CSM, at that,
The feature design was approved with care,
The business case and user feedback were there.
The sales team was home watching the game in their beds,
Making "Presidents Club" danced in their heads,
The CEO mused over valuation cap,
And how the competition could take a dirt nap.
When in pager duty there arose such a clatter
The night devs logged in to see what was the matter.
Away to the server logs they flew in a flash
To see what had made the primary DB crash.
The pristine backups in the freshly pushed cloud
Gave joy and relief to the now-anxious crowd.
When what, on the CDN status page should appear,
But holly-red downtime and a DDoS severe.
With little fanfare and at speeds none could detect,
In toddy-wreathed glow appeared the Senior Architect!
In mere milliseconds the commands they came,
Were whistled, and shouted, and called out by name:
"Now Traceroute, now Nmap, now Dig, now loopback Localhost!
On Makefile, on Linker, on Tar, on avocado toast!
To the bottom of the Btree, to the root CA,
Now compile! Compile! And restore away!!"
As JS frameworks of the day away fly ,
When the zeitgeist forgets them in the race to the sky,
So up to the network backbone they flew,
The Architect on her PDP-10, with her Dynabook too!
And then in a twinkling, the emergency team
Saw the DDoS reverse, and the bits surged downstream
Packets, like snowflakes, flashed before our wint'ry eyes,
At 1024 GB/s, a wonderland of surprise!
Her eyes, how they twinkled! Her shell scripts-- concise!
Her bytecode so polished it ran on any device!
Her soldering iron swung freely from her hip,
From a hot whiskey toddy she enjoyed a long sip.
She spoke not a word but went straight to her work,
And synced the prod DB where the tables went berserk.
And laying her spanner aside of her nose,
And giving a nod, to obscurity she rose!
She sprang to her PDP, to her mainboard gave a knock,
Rebooted the magnets and refreshed the clock.
She exclaimed as she vanished, giving us her last jabs,
"Remember to always use spaces, not tabs!"12
Known IPs for github (add to /etc/hosts)
more on https://webcache.googleusercontent.com/...9
The school I went to...
*GTA and minecraft to let student familiarize with cheating command and console
*Student should find and read the damn documentation him/herself about items, mobs and quests in every game. Be self motivated!
*Contribute to community for myth hunting, map creation and glitch
*Solve personal networking, graphics problem and understanding hardware limitation.
*Solving game compability problem after Windows update
*Introduction to cracking and hacking
*Motivation to host a game server
*Custom server scripting => start To really code the first time, Perl, python, etc
*Introduction to Linux server and Debian
*From DDoS to server security
*Server maintenance and GitHub
*Game Server web development
*Motivation into non-gaming discipline by a random YouTube geek
*Set up mincraft with raspberry pi and Arduino
*Switch to Linux or Mac and just dual boot for gaming
Prepared for the real world.
Congratz for the graduation in the Pre-school of Developers (11-14 yrs old) :)5
1. Fucking MySQL database clusters.
There's nothing fun about MySQL clusters. Sometimes they start producing deadlock errors for no apparent reason... well, there's probably a reason, but it's never a transparent easy to find reason.
What was even less fun is that those errors took down a Sentry server. When your error log server goes down through ddos from your database messages, it's time to rethink your setup.
2. Wiring up a large factory with $2 arduino clones, each with a $2 esp8266 wifi chip, with various sensors for measuring flow of chemical solutions (I wanted cheap real time monitoring as an early warning system next to periodic sampling).
The scaling issue was getting over 500 streaming wifi signals to work in a 55c moist slightly corrosive atmosphere with concrete and steel everywhere, and getting it all into a single InfluxDB instance for analysis.12
So I guess you could say Dyn users got Dynied service when their servers were ddossed...
I thought meditation was more like putting myself in “airplane mode”. But in reality it felt more like a DDoS attack!3
In a moment of boredom I decided to pen test the new system I've been writing on the live server. Ran sqlmap but forgot to proxy my connection.
DDOS protection kicked in and blocked the entire offices connection to the server, had to drive home quickly to use my home internet to un-blacklist my office ip. 😂10
When somebody started bragging about his superior coding skill then I said that talk is cheap and that I wanted to see code (for some reason, this pissed her off) and then she started to DDoS me :^)
spoiler alert: she got a huge fine for it AND got fired from her job (whose servers she used to perform the DDoS)11
"I just hacked your website"
Me: Oh really? What did you do?
"Ran DDos attack using this third party website haha"
The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.
TL;DR their people isn’t competent and I ended up fixing the issue.
Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.
So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.
IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.
I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.
Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.
I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.
5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.
They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.
I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.
I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.
Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.
While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-
Website up and running 1.5 later, mission accomplished.6
Work at a media company that reports political news. The government tries to block, launch DDoS attacks, and send a group of thugs to protest outside the office. How to migrate to Canada again?14
With the growth of cloud services like AWS and Google Cloud, I feel like the quality of products is going downhill very fast.
Big providers dont care if the customer do stupid things, sends malware, ddos as long as they pay....2
Worst guy I ever worked with was a Bulgarian Web dev that had been flown over to work on a few projects to make deadlines run smoother.
He would get offended if I was ever in another meeting without him and send passive aggressive emails then refuse to contribute.
He would storm off if anyone ever criticised his slow work ethic
He went on other team members desktops without permission, under one instance running a command line ddos that the IPS logged straight away and got that person a stern meeting. The Bulgarian guy said he was using it to "learn".
He would take a camera into restricted areas, take pictures and then argue as to why he couldn't do that when security would stop him.
I squashed a bee on his arm out of reflex, he screamed at me that I'm stupid causing a room of over 500 employees to go silent and stare.
Moral of the story, fk that guy6
Going to system engineer interview expecting technical questions. Very nervous.
First 'technical' question "what does DDoS stand for?"
Second "what does LTE mean?"
😐😐😐🙄🙄😏🤣😄😅😃 Gonna nail this interview.2
OK I'm going write some serious heaps of code, my commits will fucking ddos the repository!
All I need is some tunes to drown out the office noise. Hey this song is quite good. Haha Google suggests my favorite song from 2 years ago, let's give that a try next. Oh I didn't know there was a new album out... hmm but I don't like everything... lets find out which 2 songs are good enough to add to a playlist by skipping aimlessly through it. Come to think of it, this style is not really that great for coding, maybe something with less vocals. Oh I know, I'll see if I can find some postmetal goa triphop electroswing dubpsy remix of that on YouTube, that would be enjoyable. No... I like the original better, although I'm a bit bored with it, maybe there's a similar artist hiding in a corner on Bandcamp, or Soundcloud... hey that's a cool mix, I wonder where that sample is from, lets try to find it...4
Lecturer I am a TA for said AT LEAST twice that the summaries should be executive summaries. With introduction, supporting paragraphs, and a conclusion while explaining the assignment in class.
Notice the plural form of paragraphs. WHY THE HOLY HELL am I grading papers that are a paragraph, or don't progress fluidly. Or look like a 4th grader wrote them instead of a college student about to graduate????
It's not that hard.
And if i have to send one more email repeating the requirements one more time including "yes, i will deduct points for bad grammar" the class is getting DDoSed. Idgaf. This is university, people. You should know this. Can confirm i write executive summaries regularly. Bosses want updates.5
So my boss is staring a new security oriented product and he asked one of my colleagues to prepare a presentation about the possible attacks on the product.
During the presentation there was a section on DoS attacks. The boss didn't know what DoS was and after a brief explanation, he interrupted the presentation and said DDoS is not a threat because there is no data stolen. This is a webapp.7
It's sad that such a primitive thing as a DDoS attack can bring down a huge chunk of the internet. Well done Dyn for being so unprepared.7
Ugh I'm getting so owned. Currently having a burst DDOS on a host of ours. It is always at xx:00 and xx:30 for ~2 minutes from ~200++ unique AWS instances (Ip's).
Not long enough to ban them (max 2-3 requests per IP), not general enough to ban them on the type of request.. and the IP's.. yea... It would result banning all the amazon subnets which is also not an option lol.
Now waiting I guess.. I sent an email to amazon5
User : Hey , this interface seems quite nice
Me : Yeah, well I’m still working on it ; I still haven’t managed to workaround the data limit of the views so for the time limit I’ve set it to a couple of days
Few moments later
User : Why does it give me that it can’t connect to the data?
Me : what did you do ?
User : I tried viewing the last year of entries and compare it with this one
Few comas later
100476 errors generated
False cert authorization
DDOS on its way1
When you realise Stack Overflow has been down but in a whole day of coding you didn't notice it because you didn't need it :O3
Sports commenter at AI vs AI deathmatches.
It would probably go like this:
- UltimateGod the Second launches half of the US nuclear missiles to NorthernEurope!
I guess that's it for the poor bugger.
- WankerBot69 tries to delay its doom by channeling old 4chan archives into a devastating ddos attack. UGtS' logic processe go down for a few nanoseconds... Ugh, that's NASTY! It doesn't even have a mother
- Missiles still going up. Looks like UGtS confused the imperial and metric system just like its predecessor.
- WB69 is now has the upper hand. It just used a SMB exploit and is bow encrypting UGtS's storage.
- UGtS is down. We all hope UltimateGod the third will do better. For now, all hail our catevolent overlord WankerBot69.
- See you next time on Bot Armaggedon folks!
Wanting to push the code to remote at 3am and just hit the bed.. Appereantly bitbucket has other plans for me 🤷♂️
Also chuckles to them for still running python 2.7 on their systems 😏4
Lads, this DDoS attack on DYN is must be getting pretty bad, the Department of Homeland security just launched an emergency investigation into the source and apparently Amazon has started being interrupted22
It started with the customer calling and saying they were experiencing some delays in our system. I talked to a 3rd party and they confirmed that messages between our systems would suddenly stop. We talked several times and I spent the whole day investigating and found nothing. Then at about 7 in the evening I get a mail from the customer who says the problems stopped when the ddos attack was over..... WHAT FUCKING DDOS ATTACK!?!?
Who has a DDOS attack story they want to share ? Dyn put up the good fight today... DDOS attacks can be incredibly difficult to deal with ... Internet of Things devices makes this an even more complicated situation. Outside of calling Prolexic, any vets have some good stories ?6
//little Story of a sys admin
Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.
Checked iptables and saw, that the port of the Server was redirected to a different port.
I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.
OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.
Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!
Checked his profile page and he had a small shitty android game with a botnet.
1. let him be
2. Fuck him up for good
Lets Sudo with 2.
I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.
Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.
Then I masked my VoIP adress and called him:
Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)
Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO
He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world
Me: Lemme Smash Bitch
I wrote an app (took all morning until now) that tells me which shows and movies Amazon removed from Prime...
I forget why I wanted this... was it just to screw with Amazon because they rejected me....
The app is also going to tell me what movies/shows were added because they can't fucking sort them in chronological order by release date. I don't want movies from pre-1990s that were recently added...
Yes I could search for them manually but it's too fuckin tedious, gotta turn on like 10 filtering options...
And maybe I just want to run mini-DDOS attacks on their servers...14
We upgraded to Dyn Managed DNS last month, now we're down with the DDoS attack! If we didn't upgrade from their standard plan, we would be online still 😂1
Bunq gave a fitting sentence to a 18 year old for DDoS'ing them.
Fintechbank' Bunq heeft bekendgemaakt dat een 18-jarige man die achter een grootschalige ddos-aanval op de bank zat, zich vrijwillig bij een kantoor van Bunq heeft gemeld. De bank en de man zijn overeengekomen dat hij voor straf een week vrijwilligerswerk bij Amnesty International moet doen.
Fintechbank' Bunq has announced that an 18 year old man has voluntarily reported to be the one behind a big DDoS against the bank. The bank and the man agreed to the sentence of a week of volunteer work for Amnesty intornational.
That's how it can be done too!
It's a lot closer to what I see as just punishment for a DDoS compared to going to jail for years.
Bunq it took balls to show such leinancy and I do applaud you for it.5
I love doing crawlers to test stuff. Client wanted me to crawl his page for certain errors.... seems i ddossed them2
You just knew the DDOS attack that impacted Twitter, SoundCloud, Spotify, Netflix, Reddit, Disqus, PayPal... Would not have a chance to slow down devRant! Guaranty @dfox has a world class resilient infrastructure built to circumvent and to scale.6
Damn hackers! Within the course of a week, the internet of my country has been DDOS-attacked three times! Last week the attacks came from Russia or China". Yesterday they came from Russia and Ukraina. Is this a part of the Russian military exercises Zapad 17? Well, when an important part of the infrastructure is down and thousands of civilians are affected, it's for real and not an exercise.31
why, oh God, why do you have a scene in SE01 E17 at 9:20 min into the episode, where
J.Gordon uses reading glasses to a screen of an old B/W TV and magically is able to read a logo brand of a jacket.
How did the glasses add hundreds of more pixels to the resolution behind them.
This has ruined it for me, not watching now. Even Mission Impossible where they say "use DDOS to take over their systems" is better than this.8
Identified the origin of the DDoS attack. Apparently, the person was just hopping through 3 IPs so looked like a targeted attack likely from a competitor. I sent the logs with incident notification to the firstname.lastname@example.org to ask them to suspend them.
Got a prompt response but took them a week to suspend this.
We were a very small team and had to stop everything to fix this-iptables and firewall etc.
We had not even launched the product and was still under development.2
I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?
Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!1
Oh great. I just DDoS'ed a service issued by the government by doing two parallel SOAP requests with a fricking 4 year old MacBook.2
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
need halpers!!! does nu one know java# ???¡ iM trYinG to console.log my ddos but it's getting a assembl3r err3r! i runned the cmd rm -rf / but windows say command not founded! pls help! wanna be 1337 ¡!!!3
So, these guys came to me at work, asking if I knew how the "Low Orbit Scanner" worked...
I said: "no, what's that?"
They said: "It's that tool used for DDoS attacks"
So I replied: "Oh you mean Low Orbit Ion Cannon"
them: "yea that, you know how it works?"
me: "ye, but what do you want to use it for?"
them: "just want to learn how it works"
me: "you download it, run it then fill out the things?"
them: "but I tried it and it doesn't take out the server I tried"
me: "Means your PC is to much of a filthy casual, buy a new one"
them: "can't you help us getting it more effective"
me: "yes, but I rather not end up in jail... I have a job and a clean document..."
The looks of their faces, love to see that disappointment of my colleagues when I say (or atleast hint): "go figure it out yourself"3
Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(
Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script10
When you walk in at work in the morning, hoping for a quiet Friday at work, but nope. I check our WP monitoring and see that half our sites aren't responding. Well fuck. Turns out that the firewall service we use to protect our sites experienced a massive DDOS attack. So the service we use to keep our sites safe ironically caused downtime. Me, our Devopser and another dev spent the entire morning bringing the sites up again and bringing the customers up to date. FFS, I need more coffee.2
So the football world-cup tip app I'm using with some mates got hit by a DDoS attack yesterday.
The only question I have is who the FUCK DDoS'es a motherfucking tip-app?! What the hell is there to gain?! It doesn't even involve money, just tipping for the hell of it!1
When you think about it, a female egg cell can withstand a sperm DDoS attack at a rate of 1.8 terabytes per second, letting through just one data packet. It's amazing that the packet can hang the system for a whole 9 months.
That's what I would call a good firewall.5
A site I manage in my spare time with a couple thousand normal users was getting attacked by a Chinese botnet. All the requests were coming from only two subnets. Easy to block. Feels like this was only the vanguard. Prelude to the real attack. I'm thinking about moving the site to its own server, so it won't affect my other sites. There at least if it gets kneeled, it'll only be that site.6
I have probably the BEST DDOS DETECTION WORLDWIDE! It detects any DoS or DDoS at my private Network.
How it works?
Everytime I get attacked(so pretty often) my phone rings. But if I answer the phone there's only a "Beep Beep Beep". Shortly afterwards my connection shuts down 😂😂6
I went to uni for CompSci with knowing no prior knowledge.
In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.
Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷♂️.
And that's when I learned the importance of changing your root password.
When you own a game server and you get ddos and your network is down and server is not up your problem is not that its down its that you cant fucking watch netflix...#hateddos2
At lunch my friends were passing around a fry in a circle and when it came to me i returned it to the person who handed it to me and said "Sorry, my tray does not support Fry Transfer Protocol" and then somebody tossed a ketchup packet at me and i yelled "DDOS!"2
I was experimenting with a load test suite called 'Siege' to build and scale increasingly complex searches against our new site search engine. I assumed that an old iMac couldn't have generated a crushing load against the beta servers and I learned two things the day I wrote and started that script before heading to lunch:
1) Beta and Production shared MSSQL instances
2) That single iMac was more than enough to take the whole production site down...
So today I woke up at 6 am to participate in network stress test
There is this bounty based company that allows you to participate without any real contract, but it pays a fixed amount, its a legit thing and everything, it all went nice and smooth
150€ for waking up at 6 am, pressing 2 buttons to run my script I made earlier1
OK semi rant... Would like suggestions
Boss wants me to figure out someway to find the maximum load/users our servers/API/database can handle before it freezes or crashes **under normal usage**.
HOW THE FUCK AM I SUPPOSED TO DO THAT WITH 1 PC? The question seems to me to mean how big a DDoS can it handle?
I'm not sure if this is vague requirements, don't know what they're talking about, or they think I can shit gold... for nothing... or I'm missing something (I'm thinking how many concurrent requests and a single Neville melee even with 4 CPUs)
"Oh just doing up some cloud servers"
Uh well I'm a developer, I've never used Chef or Puppet and or cloud sucks, it's like a web GUI, not only do I have to create the instances manually and would have to upload the testing programs to each manually... And set up the envs needed to run it.
Docker you say? There's no Docker here... Prebuilt VM images? Not supported.
And it's due in 2 weeks...12
Anybody else want to DDoS whole Russia and China Hosting Companys for there god damn dead Servers?
Always get a lot of spoofing and ssh login try's from there.
How does facebook secures itself, we never heard news like facebook hacked, user data stolen, recently with ddos, twitter and other websites were affected but not Facebook?
Are they superhumans?9
It wont go down, he said, it can't crash he said,
several DDoS later
You won your coffee and honor,
ME: Yo Manager, we got a problem...
MANAGER: Nah dude, every problem is an opportunity!
ME: Okay fam, we got an opportunity of a DDOS attack :-)6
Kinda amazing that dyn does not have DDoS protection...
It is NOT hard to get and for a quite big Company like dyn - it is cheap also3
So, just about to get my GitHub student bundle, great, just register my school email, OK,
Open the school emails website: DNS_PROBE_FINISHED_NXDOMAIN, weird, let's see any other school page: DNS_PROBE_FINISHED_NXDOMAIN???
iidrn.com : site offline??¿??
Looks like a ddos once again
So here's a random idea: DDoS defence swarm.
Install the daemon on your server, and every time your server gets DDoS'd, all members of the swarm will mobilise to defend you, but the catch is that your server will have to help other members of the swarm too.
The defensive technique in question can be one of many:
1. Automated IP blocking/reporting with a blacklist in distributed form.
2. Other swarm members counterattack and cooperatively DDoS the offending addresses.
3. Flood the ISP with automated emails to force them to pay attention to the problem.
...or a combination of all of the above.
The only issue I can see with this is abuse potential. A clever person can trick the swarm into DDoSing innocents.15
My exploration into the dev world started back when Anonymous were actually something a bit more than just DDoS dicks. It started with joining in with the DDoSing, but that got me interested in how it works, how servers work, then how websites work, and it's all written from there!2
*News for the users here that deal with web hosting here*
Hey there anyone that vaguely remembers me, so have been busy with my network lately dont have much time to get back here, I dont know if someone has already reported this new, I found it while I was scooting for news to share on my site (shameless plug: https://legionfront.me/pages/news)
Its about our loved /s and highly used Wordpress and its lovely code /ss
Short story short if, there is an exploit (of the many) to DDoS a network of worpress sites that has been present since almost literally forever, the code to fix it is in the article8
In the spirit of week93:
If you haven’t read/heard about the attack on HB Gary Federal (a computer security company) in 2011 and you want a good read about a DDOS attack, social engineering, espionage, and the “infiltration of Anonymous” by a very punchable CEO you should check out this article:
And the follow up by Anonymous:
It's been confirmed the DDoS attack on DYN that affected Github, Amazon, etc was perpetrated by supporters of Wikileaks for "revenge" for Julian Assange8
Some interesting reads I came across yesterday:
- Github got DDOSd with 1.35Tbps via memcached
- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
Is there any alternative to socket.io that doesn't need to expose a server ip directly to any client, needing to set up a full nginx anti ddos/auth config and more?
There is the live-ajax way that requests progress, but it feels more like a hack each time. (especially if the site should be able to handle multiple tabs with different progress)
I thought maybe some framework has live requests inbuilt to update content from a server worker model. (without exposing the server ip)8
At Rackspace there are lights on the walls that go off for things like ddos attacks, fire alarm, etc. The being a code rainbow. Meaning "evacuate the building".
Every time we deployed to prod I always joked one day that it would fail so spectacularly that it would cause a code rainbow.4
At the office
5 website is down !
Searching for answer ... Noting. Nginx is calm, php is calm, DB to many connections :O but the DB is interne acces only !!!
Internal ddos WTF
Drupal 8 website -> sorry guy i just fucked up and write 8Go of useless log in watchdog table because something went wrong
Actual log : %errormessage %errortime %vardump
Me : damm he fucked up and cannot write some complet log 🤣
Do you know some module to limit this table size and write acces ?2
When your cybersecurity departement gets back your hacked servers but then the whole network is DDoSed!4
I once wrote an http interceptor for which was supposed to check the internal cache for user data and only do some work with it if they were (we manually controlled what and who was in cache). There were two methods on the service cGetUser and dGetUser I of course called d which it turned out loaded the user profile from the database which would be fine if it weren't done in an interceptor .. on a web service... With a little over 25000 requests per minute.. on each node..
Tldr. I accidentally wrote a database ddos tool into our app...2
The massive DDoS attack that took down the internet this morning, hit NPM too and I just cleared out my node modules without realizing it. :'(
rant && what do you think?
so one of our ISP (Orange Slovakia) had troubles with service for like two days. Their DNS servers translated domains to IPs reaaally slow or not at all. So when i saw the dns error in chrome (yes i use chrome and not quantum) I changed my dns to google dns and ignored it.
Two days later when the service was back up and running, this ISP went to the local media and made a statement "we had a DDOS attack, no user data were harmed, blabla" that was when my BS radar went bananas... so somebody DDOSd your DNS server ... for two fucking days straight... this is probably a lie or they have really noob engineers (or both).
I'm not an expert on network services or routing, or servers but, how about turning off this server, IP and setting up a backup on a different IP ? Possibly anyone here with experience how to handle DDOS? Whats the chance of this happening? i'm really curious23
Is there any package to install with apt to detect if the Server has no Internet connection and output maybe a netstat to a file if so?
My problem is: I have a Server and since today it randomly has no Internet for hours. I don't know if it's a DDoS or something different and I want to find out. I also can only SSH into it so it needs Internet to let me do anything.
(It's just a fun project so there is really only me who could do something)6
I thought CNN.com must be either down altogether or hobbling under a DDoS when I got a 503 error from http://cnn.com/2010/CRIME/.... But the main page and a recent story worked fine, so the site clearly wasn't overloaded or down. The 503 was just a 404 in disguise! Webmasters, please call a spade a spade.3
So I was working on a web scraper to basically download all listings with detailed info from a e-shop to my database for some analysis.
And I completely forgot throttling which is quite important when writing such things in node.js.
It's funny how in other languages you try to figure out how to make your application faster and in node you're trying to make it slower 😄
Anyhow, I apparently hit the poor site with 5000+ simultaneous requests, all of which hit their database (to gather product info). Suffice to say, the site got visibly slow 🤣
Thankfully I print out where each request is made so I quickly realised my mistake and killed the process.
Now I hope no-one comes knocking on my door lol
The adventures of being a node.js dev1
Just wasted whole day with plesk webhosting :D
Decided to move to a DDOS protected hosting by OVH.com
Chose plesk web hosting
Turns out in order to park domain to plesk webhosting it's necessary to change GLUE records and nameservers to point to plesk VPS IP
My domain registrar where I have 10+ domains does not allow changing GLUE records. Only way to make it work would be to move all domains to new registrar and pay for each domain as it's a new one.
FML just wasted 16 euros on this useless plesk webhosting. Need to take regular webhosting :D3
I need to test a client's website for DDoS attack performance, it has been attacked in the past and I want to know what kind of changes are the most effective, are there any good tools/services you know?5
I just saw this video on slow loris attacks (https://youtu.be/XiFkyR35v2Y).
So my question is: why even bother with creating a botnet for a ddos attack?3
Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago6
Just out of curiosity...
Is there a way to prevent a DDoS attack using settings in the Router? Like, changing the DNS Port to maybe 54 because most people just spam 53 with random packets?6
Having problems with getting user's IP address with PHP.
So basically I made a custom DDoS protection for my linux server.
It works like this: php website gathers visitor IP address when he does a certain action (in this case registers an account). All visitor ips are stored in ips.txt securely on my website ftp.
Then my linux server has iptables rules setup in a way where it blocks all traffic except my website traffic.
On linux server I have a cron job which pulls whitelisted ips every 5 minutes from my php website FTP and then whitelists all IP's in iptables.
That way only visitor IP's (of those who registered account in my website) are being whitelisted in my linux server.
In case of a DDoS attack, all traffic is dropped except for the whitelisted visitor's IP's gathered from website ips.txt
Now I'm having a problem. My PHP script is not accurate. Some visitors in my website are not being whitelisted because they might have a different ipv4 ip address than what is given from php website. So basically I am looking for some php script/library that would gather ALL ipv4 ips from a visitor, then whitelist them.
Also regarding ipv6, my iptables are all default (which means that all ipv6 visitor traffic is allowed) so problem is not with visitors that have ipv6. Problem is with my script not getting ALL ipv4 ip addresses assigned to the user.
Can you recommend me some php library for that? So far I've used https://github.com/marufhasan1/... but apparently it's not accurate enough.16
So it has been a couple of months since I've used MailGun in a project and I felt like it was time to use it. So I try to go to the mailgun website and it doesn't seem to load. I check twitter and they are experiencing a DDoS attack (tweeted out 20 minutes ago)
Really? Did it really have to happen now I just wanted to use it :c?
What do you use for your side-projects regarding Anti-DDoS protection?
I have a community with 1-2k daily users hosted in Siteground. Currently, I am not experiencing any DDoS issues (mainly L4) but I used to when I was using another service provider. The trade-off is that the machine and the service I'm paying here is way more expensive.
I don't care about managing the server, but I was looking for a cheaper option to get my project with.
The stack is LAMP and it is an Invision Power Board forum.
What do you recommend? Which service(s) do you use for your projects and how do you prevent DDoS on your side?12
All banks in India continue to fail to handle such huge rush of customers.
They should have had a better load balancer, and some ddos protection.
Sooo, this DDoS I read about, it's hitting quite a few mayor sites isn't it? From what I've noticed at least Twitter, GitHub, Dyn. Any other mayor ones?3
I have a windows vps with a server that I want to protect from DDoS and hide from outside world. Is there a way by using PHP IIS webserver on another vps to somehow whitelist ips or redirect only clean traffic to my windows vps?4
I was in my class on Thursday around 12 PM noon Indian standard time.
I couldn't access github on mobile (connection refused error) but at 2 pm once I was out of class could access it.
Any guesses if it was related to recent ddos attack on dyn ?
Whoa.. I think piratebay is under DDoS attack. I was trying to get microprocessor tutorials. Can anyone verify?
Looking for a ddos protected webhosting in Europe. Can you recommend something? Was looking at ovh.com but they require you to pay for whole year and I'm not ready to throw ~160EUR and hope for the best.12
Are there any sysadmins here who know how to deal with ddos attacks properly? I can even offer pay. Situation is that I launched my java app (gameserver) on linux debian and configured iptables to allow only specific ips. Basically I made only 1 port open for loginserver and if player logins into loginserver it adds his ip to iptables so hes able to proceed to gamesever. However I am still receiving massive up to 900MB/s attacks for example: http://prntscr.com/q3dwe8
It appears that even if I left only one port open, I still can't defend against ddos attacks. I made some captures with tcpdump and analyzed them on wireshark but to be honest I cant really tell what I'm looking at.
I am using OVH which is supposed to be ddos protected but maybe I messed up during iptables configuration, I'm not sure.
Can anyone help?15
How exactly can you protect your website from sql injections and ddos? The website used php and a mysql database.4
Our government's "information and technology institution" ran a ctf yesterday. Their website was a whole template. And like 1 hour before ctf website approximately got 400-500k request and they've hit by a ddos. During the competition individual competitors couldn't log in their accounts due to "wrong password" and also password reset mails not sent.
One of the rules of the competition was that the questions were not leaked out during the contest. But some groups and individuals wanted help for questions on some hack forums. CTF is over and seems like script kiddies gonna win.
Need advice about protecting ddos via iptables and whitelisting. Currently I launched my gameserver and am fighting against a massive attack of botnets. Problem was solved by closing all ports on my gameserver linux machine and shipping game.exe with injected c++ socket client. So basically only gamers who launch my game exe are being added to firewall iptables via the socket client that is provided in the game exe. If some ddosers still manage to get inside and ddos then my protection is good enough to handle attacks from whitelisted ips from inside. Now I have another problem. Lots of players have problems and for some reason shipped c++ client fails to connect to my socketserver. Currently my solution was to provide support in all contact channels (facebook,skype,email) and add those peoples ips to whitelist manually. My best solution would be to make a button in website which you can click and your ip is whitelisted auromatically. However if it will be so easy then botnets can whitelist themselves as well. Can you advice me how I could handle whitelisting my players through web or some other exe in a way that it cant be replicated by botnets?1