GoFuckYourself.com - Adult Webmaster Forum - View Single Post

gero · 03-27-2008, 04:49 PM

I got many follow ups via ICQ from you guys trying to help us out what we really appreciate. This post will hopefully clarify few things regarding our attacker, our host CWIE and Prolexic to let the industry see clear.

CWIE was giving us all the help what they were capable of on their side as a host. They were giving us advises and guidances how they see the problem and what we should try. They were trying to fix network problems - I assume the best they could - with Prolexic together if it was arising. At this point that's all they could do as they have no in-house DDoS mitigation solution what many of you are "asking for" from the host side. Big props for Tom on CWIE side for his help, I feel he was the one who helped us the most and who was the most responsive and cooperative on solving arising problems. I would feel totally lost without him for sure.

On Prolexic; they are responsible for the DDoS mitigation at this point on our side 100%. They try to keep the track with the attacks and adjust their filtering as it changes. If we notice and notify them if something is not working, then they try to follow up with the problem and adjust what they can. I guess they were trying their best and this is all they can do for us right now. Most of the hosts who you guys are mentioned as bullet-proof has Prolexic as the final protection solution. Maybe if they work directly together with hosts they can provide a better uptime than what we just experienced. Maybe their reaction time in filtering is also faster if a host is sitting on their back and not only an adult company.

The server moves what we mentioned are done in-house at CWIE due to the reason that our investment into new hardware needed us to be physically transfered to a different location as we grew out the rack spaces at our current location. Not to mention this moving process is not helping on our situation and postponing our protection implementation. But we are proceeding, even right now.

And now the interesting part, the attackers!

We got confident that the attacks are coming from a competitor in one specific niche. As many of you might know well, we are getting the product from content providers, and this is what we put online and manage. We are not responsible for direct content production on our side.

Our owner got contacted the affiliate program who we guess that might be behind the attacks. So we will see what is their answer. Based on the information we gained the past few weeks we have a belief that those competitor guys might be pissed off on the content provider who shoot for the "problematic" website and the attacks might be the "revenge" against the named content provider. We don't know whether it's true or not that they had conflicts in the past, but at this point we are really interested. So we contacted also our content provider to clarify the issue if they had something in the past what we should know about. So we are looking for both feedbacks.

Our company was never aggressive against anybody and we were always in order to do fair business in all our relationships. We don't like shady things, we like to keep things clear and we respect other's business. Also we believe in open communication.

So based on the follow up what we are awaiting from the content provider and the competitive affiliate program owner we will shut down one of our sites which causes majority of our problems and will break all kind of relationship with the named content provider. The site will be stopped in updates, we will cut all payouts towards the content provider and as the site will be merged into our network until it fades away. Obviously we have innocent members and affiliate to take care of who signed up or promoted that site, so the affiliate links will remain active and the payouts are going to be continued. By time the site will die on it's own without being updated and at least we can avoid on the charge-back problems what would arise if we black out the site from the Internet.

We believe that as we have the intention to cut all relationship towards the "problematic" content provider, the attackers will see our good will to cooperate and not to go against one's business if there are certain issues in the background what we find unacceptable. So this will solve the constant attack problems for good. I am positive that they have also employees with families and affiliates - I am sure many common affiliates - who they don't want to punish innocently anymore.

As unfortunately we have to keep our skepticism remaining alive about potential future attacks we will keep issuing all the in-house protection what we feel necessary to avoid such DDoS issues to happen anymore in the future.

If anybody has any questions, feel free to hit me up via ICQ.

03-27-2008, 04:49 PM
gero Registered User Join Date: May 2004 Location: Budapest Posts: 64	I got many follow ups via ICQ from you guys trying to help us out what we really appreciate. This post will hopefully clarify few things regarding our attacker, our host CWIE and Prolexic to let the industry see clear. CWIE was giving us all the help what they were capable of on their side as a host. They were giving us advises and guidances how they see the problem and what we should try. They were trying to fix network problems - I assume the best they could - with Prolexic together if it was arising. At this point that's all they could do as they have no in-house DDoS mitigation solution what many of you are "asking for" from the host side. Big props for Tom on CWIE side for his help, I feel he was the one who helped us the most and who was the most responsive and cooperative on solving arising problems. I would feel totally lost without him for sure. On Prolexic; they are responsible for the DDoS mitigation at this point on our side 100%. They try to keep the track with the attacks and adjust their filtering as it changes. If we notice and notify them if something is not working, then they try to follow up with the problem and adjust what they can. I guess they were trying their best and this is all they can do for us right now. Most of the hosts who you guys are mentioned as bullet-proof has Prolexic as the final protection solution. Maybe if they work directly together with hosts they can provide a better uptime than what we just experienced. Maybe their reaction time in filtering is also faster if a host is sitting on their back and not only an adult company. The server moves what we mentioned are done in-house at CWIE due to the reason that our investment into new hardware needed us to be physically transfered to a different location as we grew out the rack spaces at our current location. Not to mention this moving process is not helping on our situation and postponing our protection implementation. But we are proceeding, even right now. And now the interesting part, the attackers! We got confident that the attacks are coming from a competitor in one specific niche. As many of you might know well, we are getting the product from content providers, and this is what we put online and manage. We are not responsible for direct content production on our side. Our owner got contacted the affiliate program who we guess that might be behind the attacks. So we will see what is their answer. Based on the information we gained the past few weeks we have a belief that those competitor guys might be pissed off on the content provider who shoot for the "problematic" website and the attacks might be the "revenge" against the named content provider. We don't know whether it's true or not that they had conflicts in the past, but at this point we are really interested. So we contacted also our content provider to clarify the issue if they had something in the past what we should know about. So we are looking for both feedbacks. Our company was never aggressive against anybody and we were always in order to do fair business in all our relationships. We don't like shady things, we like to keep things clear and we respect other's business. Also we believe in open communication. So based on the follow up what we are awaiting from the content provider and the competitive affiliate program owner we will shut down one of our sites which causes majority of our problems and will break all kind of relationship with the named content provider. The site will be stopped in updates, we will cut all payouts towards the content provider and as the site will be merged into our network until it fades away. Obviously we have innocent members and affiliate to take care of who signed up or promoted that site, so the affiliate links will remain active and the payouts are going to be continued. By time the site will die on it's own without being updated and at least we can avoid on the charge-back problems what would arise if we black out the site from the Internet. We believe that as we have the intention to cut all relationship towards the "problematic" content provider, the attackers will see our good will to cooperate and not to go against one's business if there are certain issues in the background what we find unacceptable. So this will solve the constant attack problems for good. I am positive that they have also employees with families and affiliates - I am sure many common affiliates - who they don't want to punish innocently anymore. As unfortunately we have to keep our skepticism remaining alive about potential future attacks we will keep issuing all the in-house protection what we feel necessary to avoid such DDoS issues to happen anymore in the future. If anybody has any questions, feel free to hit me up via ICQ.