Jump to content











Photo
* * * * * 1 votes

New attack?


  • Please log in to reply
21 replies to this topic

#1 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 16 November 2011 - 11:16 AM

I currenty saw more then 28000 users online.
users1.gif
Most of them are looking at Ubuntu MRT Rescue
users2.gif
What makes this topic so interesting?

The last post is done "Posted 14 March 2011 - 01:56 PM"

Peter

EDIT: And now they all have great interest for SARDU:
users3.gif

#2 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 16 November 2011 - 01:12 PM

Yep, it seems like a DDoS is underway. You report 28 000 but some 7 hours ago it peaked on 33 000.

The visitor statistics are normal, meaning these "visitors" may be bots as they typically don't execute Javascript.

Let them troll, our server can take the load. :cheers:

#3 Tripredacus

Tripredacus

    Frequent Member

  • Expert
  • 234 posts
  • Interests:K-Mart-ian Legend
  •  
    United States

Posted 16 November 2011 - 03:51 PM

I don't think a DDoS would actually register visitors to the site. Those visitor numbers are determined by cookies and DDoS usually doesn't come through using a browsery type interface.

#4 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 16 November 2011 - 04:36 PM

The site for me was down for about 5 minutes earlier, and I was wondering what it was

#5 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 16 November 2011 - 04:38 PM

There are different ways of performing a DDoS.

It can be as simple as a wget instruction looping from a script to a specific URL as a distributed computing environment with thousands of different zombies targeting hundreds of pages and mimicking normal users.

On this case, I would imagine something more on the range of the wget category of attacks. Getting the page content but not executing the javascript portion since it is not viewed under a browser. I have no idea of what they are using. Almost two years ago we really had a series of attacks that made the site unusable for half a month.

Will see what can be done to counter-act this prank.

:)

#6 florin91

florin91

    Frequent Member

  • Team Reboot
  • 197 posts
  •  
    European Union

Posted 16 November 2011 - 05:13 PM

130 members, 25363 guests


25 000 guests is too much to be real.

If the forum has Ads and it's payed to the numbers of views, I wonder what G***** says about this.

Of course the 10 pages rule doesn't apply for guests because there are viewing one page and the attack is well timed and thought.


Should the forum be made members only?

#7 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 16 November 2011 - 05:19 PM

If the forum has Ads and it's payed to the numbers of views, I wonder what G***** says about this.

It says nothing, the ads are only triggered by javascript which does not seem to be executed on this case. In either way, they are well used to handle these things from other sites across the web.


Should the forum be made members only?

No need, we proceed with business as usual. :cheers:

#8 Ghoster

Ghoster
  • Advanced user
  • 8 posts
  • Location:Somewhere Or Other
  •  
    Canada

Posted 17 November 2011 - 04:33 AM

Heh. I didn't know that a DDoS would come across as visitors. That's interesting.

#9 Tripredacus

Tripredacus

    Frequent Member

  • Expert
  • 234 posts
  • Interests:K-Mart-ian Legend
  •  
    United States

Posted 17 November 2011 - 04:00 PM

I did check yesterday that neither of the other two forums (that I bothered checking) on this IP are showing the same amount of users. It definately appeared to be directed to this forum for sure.

#10 greatdevourer

greatdevourer

    Newbie

  • Members
  • 27 posts
  • Location:United States
  •  
    United States

Posted 17 November 2011 - 04:06 PM

Seems more list a screen scrap of data than a DDOS. Typical DDOS attacks would not show up as visitors. The DDOS attack makes TCP connections to the server to flood resources, but doesn't really need to actually query pages. Check the logs and see how many other pages those 'visitors' hit.

#11 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 November 2011 - 04:32 PM

Don't worry. We know well how to handle these matters and we are well prepared to face them.

In the past they caused havoc, right now their effects are barely noticeable enough to disrupt our services.

:)

#12 enciktangankidal

enciktangankidal

    Member

  • Members
  • 43 posts
  • Interests:Love to learn about developing software. Hope someday can be developer. ^^,
  •  
    Malaysia

Posted 18 November 2011 - 11:14 PM

Don't worry. We know well how to handle these matters and we are well prepared to face them.


:crazy:

#13 Flyboarder

Flyboarder

    Member

  • .script developer
  • 95 posts
  •  
    Canada

Posted 20 November 2011 - 07:14 PM

Nuno, they trolled my download!!! As happy as I would be with over 4000 downloads of TracePE. I dont even have that many views, anyway to fix it so my stats are not messed up?

#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 November 2011 - 10:53 PM

Don't worry. We know well how to handle these matters and we are well prepared to face them.

In the past they caused havoc, right now their effects are barely noticeable enough to disrupt our services.

:)

Yes what we are now experiencing must be a trick of the mind, let us fake that the forum is normally functional, that one page evey two doesn't time out and needs to be refreshed/reloaded and expecially let us fake that it is normal that to edit a post 10 minutes or more of repeated attempts are needed.

The ostrich has survived for a lot of time using a similar technique:
http://en.wikipedia.org/wiki/Ostrich
Of course at the time Pliny the Elder wrote his report, they did actually bury their head in the sand, the fact that nowadays they don't anymore, is that in the meantime they learned how futile it is. ;)


:cheers:
Wonko

#15 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 November 2011 - 09:02 AM

Hmm.. they probably picked TracePE because it was a juicy download of 300Mb.

Ninja pendisk also has amazing stats, over 20 000 downloads to a mere 14 000 page views.

It is such a good program that people don't even visit the download page and download it right away.. :lol:

I disabled anonymous login to prevent this leeching from continuing.

:cheers:

#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 November 2011 - 09:19 AM

I disabled anonymous login to prevent this leeching from continuing.

And the board is responding again! :thumbsup:

:cheers:
Wonko

#17 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 21 November 2011 - 02:14 PM

I currenty saw more then 28000 users online.



IPB online counter on the forum has gone to hell after this issue.

rebuild done.

should be ok now.

:good:

#18 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 21 November 2011 - 02:23 PM

The ostrich has survived for a lot


:buehehe:

#19 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 21 November 2011 - 06:41 PM

I disabled anonymous login to prevent this leeching from continuing.

I browsed reboot.pro w/o login.

No "Download" tab / buttom / link visible (or I didn't see). But by clicking one of the "Latest Files" I came into the download area and could browse it.

Browse is ok, but e.g. to download winbuilder.exe there is no way.

Is that intended?

Maybe unregistered users get a captcha for download something ???

Peter

#20 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 22 November 2011 - 09:23 AM

By registering, new users also receive the newsletter and that is important to promote the new activities going on at the forum.

So, I prefer to see them registered and raise awareness for the work that is being done around here.
  • pscEx likes this

#21 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 20 February 2012 - 09:19 AM

IPB online counter on the forum has gone to hell after this issue.

rebuild done.

Sorry for reviving an old thread, but curious to know whether the counters were resetted to zero after the rebuild?

#22 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 February 2012 - 10:45 AM

No reset is done.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users