DOS attack expert?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • strongdong
    Confirmed User
    • Sep 2003
    • 191

    #1

    DOS attack expert?

    3000+ plus IP's coming my way, SteveA is the icq of the guy doing it (428-764-610) he also has icq 'davide' (168-203-434, or it is his partner)...He also installed some rootkit which has deleted everything on one of my drives. I talked to him briefly (steveA) on icq here is an exerpt:

    Date : 2/24/2008 Time : 4:45 PM
    From : SteveA
    look igor..i dont want to steal your site or any harm to you ...we just want a
    fair cut from your biz...nothing personal ec



    and another exerpt where he threatens to attack another one of my sites which he eventually did...(read from bottom to top):


    Date : 2/24/2008 Time : 3:16 PM
    From : SteveA
    should i come to moviesguy to ?

    Date : 2/24/2008 Time : 3:16 PM
    To : Ig


    Date : 2/24/2008 Time : 3:16 PM
    To : Ig
    ?

    Date : 2/24/2008 Time : 3:16 PM
    To : Ig
    shall i come to hamburg

    Date : 2/24/2008 Time : 3:16 PM
    From : SteveA
    hi

    Date : 2/24/2008 Time : 3:16 PM
    To : Ig
    hi

    Date : 2/24/2008 Time : 3:16 PM
    From : SteveA
    oh really ?

    Date : 2/24/2008 Time : 3:15 PM
    To : Ig
    the guy you are stealing traffic from

    Date : 2/24/2008 Time : 3:15 PM
    From : SteveA
    who am i speaking to ?

    Date : 2/24/2008 Time : 3:15 PM
    To : Ig
    can you stop the attack on my site please

    Date : 2/24/2008 Time : 3:15 PM
    From : SteveA
    yes

    Date : 2/24/2008 Time : 3:14 PM
    To : Ig
    Matthais ?

    Date : 2/24/2008 Time : 3:14 PM
    To : Ig
    hi

    His infos are as follows:

    Checks payable to : Matthias Mönch
    Email : [email protected]
    ICQ : 428764610
    Address : Zimmerstrasse 55a
    Country : Hamburg, Hamburg 22085 Germany



    Hit me up if you can help! 78861564
    Last edited by strongdong; 02-24-2008, 09:27 PM.
  • kmanrox
    aka K-Man
    • Oct 2001
    • 29295

    #2
    dayummm grouchyadmin, u awake?
    Crypto HODLr
    Crypto mining
    Angel investor

    Comment

    • Brent 3dSexCash
      Octopus Anime
      • Sep 2007
      • 1064

      #3
      lol

      hit me up and I can help you out

      Comment

      • jpoker
        Confirmed User
        • Feb 2003
        • 362

        #4
        bump bump bump
        http://www.bigboobdreams.com
        Big Juicy Healthy Boobs

        Comment

        • kmanrox
          aka K-Man
          • Oct 2001
          • 29295

          #5
          bump for revenge
          Crypto HODLr
          Crypto mining
          Angel investor

          Comment

          • darksoul
            Confirmed User
            • Apr 2002
            • 4997

            #6
            157717888
            1337 5y54|)m1n: 157717888
            BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
            Cambooth

            Comment

            • jscott
              jscizzle
              • Feb 2001
              • 25412

              #7
              Jizzstars is hitting up SpermShack too, supposedly got some hacks on that site
              “If you think tough men are dangerous, wait until you see what weak men are capable of.”
              —Jordan B. Peterson

              Listen to Pomp tell why is Bitcoin important

              Comment

              • mrkrabs
                Confirmed User
                • Mar 2007
                • 567

                #8
                bump for youu

                Comment

                • V_RocKs
                  Damn Right I Kiss Ass!
                  • Nov 2003
                  • 32449

                  #9
                  This is why we need ABC trading for knee caps...

                  Comment

                  • Davy
                    Confirmed User
                    • Apr 2006
                    • 4323

                    #10
                    Originally posted by strongdong
                    From : SteveA
                    look igor..i dont want to steal your site or any harm to you ...we just want a
                    fair cut from your biz...nothing personal ec
                    What the fuck???
                    I hope you get this asshole.
                    ---
                    ICQ 14-76-98 <-- I don't use this at all

                    Comment

                    • The Judge
                      Confirmed User
                      • Jan 2006
                      • 1647

                      #11
                      tell him you want to pay in person

                      Comment

                      • qw12er
                        Confirmed User
                        • Apr 2004
                        • 799

                        #12
                        Originally posted by The Judge
                        tell him you want to pay in person
                        and bring a gun ! lol
                        I have nothing to advertise ... yet.

                        Comment

                        • testpie
                          Mostly retired
                          • Apr 2006
                          • 3231

                          #13
                          Originally posted by strongdong
                          3000+ plus IP's coming my way, SteveA is the icq of the guy doing it (428-764-610) he also has icq 'davide' (168-203-434, or it is his partner)...He also installed some rootkit which has deleted everything on one of my drives. I talked to him briefly (steveA) on icq here is an exerpt:

                          Date : 2/24/2008 Time : 4:45 PM
                          From : SteveA
                          look igor..i dont want to steal your site or any harm to you ...we just want a
                          fair cut from your biz...nothing personal ec



                          and another exerpt where he threatens to attack another one of my sites which he eventually did...(read from bottom to top):


                          Date : 2/24/2008 Time : 3:16 PM
                          From : SteveA
                          should i come to moviesguy to ?

                          Date : 2/24/2008 Time : 3:16 PM
                          To : Ig


                          Date : 2/24/2008 Time : 3:16 PM
                          To : Ig
                          ?

                          Date : 2/24/2008 Time : 3:16 PM
                          To : Ig
                          shall i come to hamburg

                          Date : 2/24/2008 Time : 3:16 PM
                          From : SteveA
                          hi

                          Date : 2/24/2008 Time : 3:16 PM
                          To : Ig
                          hi

                          Date : 2/24/2008 Time : 3:16 PM
                          From : SteveA
                          oh really ?

                          Date : 2/24/2008 Time : 3:15 PM
                          To : Ig
                          the guy you are stealing traffic from

                          Date : 2/24/2008 Time : 3:15 PM
                          From : SteveA
                          who am i speaking to ?

                          Date : 2/24/2008 Time : 3:15 PM
                          To : Ig
                          can you stop the attack on my site please

                          Date : 2/24/2008 Time : 3:15 PM
                          From : SteveA
                          yes

                          Date : 2/24/2008 Time : 3:14 PM
                          To : Ig
                          Matthais ?

                          Date : 2/24/2008 Time : 3:14 PM
                          To : Ig
                          hi

                          His infos are as follows:

                          Checks payable to : Matthias Mönch
                          Email : [email protected]
                          ICQ : 428764610
                          Address : Zimmerstrasse 55a
                          Country : Hamburg, Hamburg 22085 Germany



                          Hit me up if you can help! 78861564
                          Go hire some freelance hacker to hack into his botnet control machine and mass DDoS the law enforcement organisation of your choice and sit back and wait.


                          Affiliates: DogFart ~ Domain parking: NameDrive ~ Traffic broker: Traffic Holder

                          Comment

                          • strongdong
                            Confirmed User
                            • Sep 2003
                            • 191

                            #14
                            I am still being attacked by this idiot...he has attempted more extortions during the night, this time he has demanded traffic

                            Comment

                            • The Judge
                              Confirmed User
                              • Jan 2006
                              • 1647

                              #15
                              where does he want it sent? maybe u can track him that way or find a way to DOS his sites

                              Originally posted by strongdong
                              I am still being attacked by this idiot...he has attempted more extortions during the night, this time he has demanded traffic

                              Comment

                              • ladida
                                Confirmed User
                                • Nov 2005
                                • 2179

                                #16
                                Does anyone actually pay extortion like this?

                                If you don't have a $5 account, get on your host to sort that shit. If you run a larger operation then a tgp or something, hire someone to clean your server of the shit.
                                agentGFY *at* gmail.com

                                Comment

                                • Jens Van Assterdam
                                  The Dupre Pimp
                                  • Feb 2008
                                  • 6677

                                  #17
                                  Originally posted by strongdong

                                  Checks payable to : Matthias Mönch
                                  Email : [email protected]
                                  ICQ : 428764610
                                  Address : Zimmerstrasse 55a
                                  Country : Hamburg, Hamburg 22085 Germany



                                  Hit me up if you can help! 78861564
                                  I doubt its his real info. This name is a way to famous in europe for scams/ddos/thiefs..
                                  Read TOS for signature rules

                                  Comment

                                  • strongdong
                                    Confirmed User
                                    • Sep 2003
                                    • 191

                                    #18
                                    Originally posted by Machete Rodriguez
                                    I doubt its his real info. This name is a way to famous in europe for scams/ddos/thiefs..
                                    He was going to have payments sent to that name.

                                    Comment

                                    • Roald
                                      SecretFriends.com
                                      • May 2001
                                      • 27910

                                      #19
                                      Originally posted by strongdong
                                      He was going to have payments sent to that name.
                                      he is attacking 2 sites?


                                      WE ARE BUYING PAY SITES! CONTACT ME



                                      ClubSweethearts | ManUpFilms | SinfulXXX | HOT * AdultPrime * HOT


                                      Paying webmasters since 1996! Contact: r.riepen @ sansylgroup.com | telegram: roaldr

                                      Comment

                                      • strongdong
                                        Confirmed User
                                        • Sep 2003
                                        • 191

                                        #20
                                        he attacking 3 servers

                                        Comment

                                        • strongdong
                                          Confirmed User
                                          • Sep 2003
                                          • 191

                                          #21
                                          jizzonline.com moviesguy.com jizzhut.com

                                          Comment

                                          • d-null
                                            . . .
                                            • Apr 2007
                                            • 13724

                                            #22
                                            How much do these guys charge for an attack?

                                            __________________

                                            Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad!
                                            Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs
                                            Check out the #1 WordPress SEO Plugin: CyberSEO Suite

                                            Comment

                                            • strongdong
                                              Confirmed User
                                              • Sep 2003
                                              • 191

                                              #23
                                              Ig (9:10 AM) :
                                              so now, i start to call the police
                                              SteveA (9:10 AM) :
                                              go go
                                              Ig (9:10 AM) :
                                              ok :-(
                                              SteveA (9:11 AM) :
                                              but wont except to come online earlier then 2 weeks
                                              SteveA (9:11 AM) :
                                              expect...

                                              Comment

                                              • CyberHustler
                                                Masterbaiter
                                                • Feb 2006
                                                • 28739

                                                #24
                                                Man... Thats fucked.
                                                “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                Comment

                                                • rockbear
                                                  Confirmed User
                                                  • Jul 2003
                                                  • 806

                                                  #25
                                                  Who hosting you? they can't help you?

                                                  Comment

                                                  • Roald
                                                    SecretFriends.com
                                                    • May 2001
                                                    • 27910

                                                    #26
                                                    I asume your host is on it too?

                                                    Fuck man, this is seriously fucked


                                                    WE ARE BUYING PAY SITES! CONTACT ME



                                                    ClubSweethearts | ManUpFilms | SinfulXXX | HOT * AdultPrime * HOT


                                                    Paying webmasters since 1996! Contact: r.riepen @ sansylgroup.com | telegram: roaldr

                                                    Comment

                                                    • strongdong
                                                      Confirmed User
                                                      • Sep 2003
                                                      • 191

                                                      #27
                                                      so far, they have now blocked 13,000 IPs

                                                      Comment

                                                      • strongdong
                                                        Confirmed User
                                                        • Sep 2003
                                                        • 191

                                                        #28
                                                        biggest attack alphared has ever seen

                                                        Comment

                                                        • Evil E
                                                          Confirmed User
                                                          • Apr 2005
                                                          • 3201

                                                          #29
                                                          Damn that sucks. Sounds like a botnet attack. Did you get his ip off ICQ so you could send it to your host/proper authorities for investigation?


                                                          A girl once told me "Give me 8 inches and make it HURT".

                                                          So, I fucked her twice and hit her with a brick.

                                                          Comment

                                                          • strongdong
                                                            Confirmed User
                                                            • Sep 2003
                                                            • 191

                                                            #30
                                                            Originally posted by Evil E
                                                            Damn that sucks. Sounds like a botnet attack. Did you get his ip off ICQ so you could send it to your host/proper authorities for investigation?

                                                            How can i find his IP from icq?

                                                            Comment

                                                            • Evil E
                                                              Confirmed User
                                                              • Apr 2005
                                                              • 3201

                                                              #31
                                                              Normally you can find it just within the ICQ infos. If not there is software to check it out, or you could check with a netstat.


                                                              A girl once told me "Give me 8 inches and make it HURT".

                                                              So, I fucked her twice and hit her with a brick.

                                                              Comment

                                                              • Fucksakes
                                                                Shit... Fuck! What the Hell?
                                                                • Dec 2003
                                                                • 7567

                                                                #32
                                                                coming from the guy with the most honest history as a webmaster, sucks doesnt it?

                                                                Comment

                                                                • The Judge
                                                                  Confirmed User
                                                                  • Jan 2006
                                                                  • 1647

                                                                  #33
                                                                  It sounds like you sold the guy a PA and he didn't make his money back so now he's paying back

                                                                  Comment

                                                                  • dav3
                                                                    Confirmed User
                                                                    • May 2007
                                                                    • 7348

                                                                    #34
                                                                    Here's what you should do.

                                                                    Plan A:
                                                                    1. Arrange to make payment
                                                                    2. Shit in a box and mail it to him

                                                                    Plan B:
                                                                    1. Arrange to make payment
                                                                    2. Show up at his house with a few friends
                                                                    3. Break his fingers
                                                                    Webmasters :: Juicy Ads :: ACWM :: Crak Revenue :: Money Tree

                                                                    Comment

                                                                    • Pirates>ninja
                                                                      Registered User
                                                                      • Oct 2007
                                                                      • 60

                                                                      #35
                                                                      that sucks

                                                                      no fun to have people take your gold and treasure

                                                                      Comment

                                                                      • fryer
                                                                        Confirmed User
                                                                        • Oct 2005
                                                                        • 395

                                                                        #36
                                                                        There is a very simple way to deal with this. Here is the breakdown.

                                                                        If he is justing DoS'ing then it can be blocked. Your host probably won't do it for you as its too many IP's and their uplink provider will probably just shut you off.

                                                                        SO

                                                                        Goto prolexic.com and they can filter all of the traffic for you and only give you non DDoS traffic. This is pretty much the only way. Even if you have a firewall some providers uplinks will not let the traffic through making your firewall useless. If you tell them prolexic is filtering it for you then you shouldn't have a problem. They'll turn it back on.

                                                                        As for hacking your boxes I'm not sure what to say other than make sure you utilize hosts.allow / hosts.deny and only allow access from IP's that are yours. This will help a bit. If its the web software he's getting in through then you have another problem
                                                                        fryer
                                                                        WebCamClub/TextNDate Product Manager
                                                                        icq: 576955851

                                                                        Comment

                                                                        • strongdong
                                                                          Confirmed User
                                                                          • Sep 2003
                                                                          • 191

                                                                          #37
                                                                          just talked to the fucker on the phone 01141762517903 zurich switzerland, i think?

                                                                          Comment

                                                                          • The Judge
                                                                            Confirmed User
                                                                            • Jan 2006
                                                                            • 1647

                                                                            #38
                                                                            most likely voip, he is probably in russia

                                                                            Originally posted by strongdong
                                                                            just talked to the fucker on the phone 01141762517903 zurich switzerland, i think?

                                                                            Comment

                                                                            • bashbug
                                                                              Confirmed User
                                                                              • Oct 2005
                                                                              • 929

                                                                              #39
                                                                              try netstat -a to show active connections

                                                                              Comment

                                                                              • strongdong
                                                                                Confirmed User
                                                                                • Sep 2003
                                                                                • 191

                                                                                #40
                                                                                Originally posted by The Judge
                                                                                most likely voip, he is probably in russia
                                                                                why russia? His accent was not russian (I can spot a russian accent).

                                                                                Comment

                                                                                • GrouchyAdmin
                                                                                  Now choke yourself!
                                                                                  • Apr 2006
                                                                                  • 12085

                                                                                  #41
                                                                                  Part of the issue is the network you're on; you can begin to throttle connections and block them from the system with IPF and iptables; but when there's a bot net turned towards you, it's easiest to just filter from a big fucking Cisco sitting in front of your machine.

                                                                                  Comment

                                                                                  • strongdong
                                                                                    Confirmed User
                                                                                    • Sep 2003
                                                                                    • 191

                                                                                    #42
                                                                                    I asked him on the phone, 'why are you such a scumbag?' his answer, 'ask my mother' .....

                                                                                    Comment

                                                                                    • The Judge
                                                                                      Confirmed User
                                                                                      • Jan 2006
                                                                                      • 1647

                                                                                      #43
                                                                                      KGB accent reduction training. In what language were you talking to him?

                                                                                      Originally posted by strongdong
                                                                                      why russia? His accent was not russian (I can spot a russian accent).

                                                                                      Comment

                                                                                      • strongdong
                                                                                        Confirmed User
                                                                                        • Sep 2003
                                                                                        • 191

                                                                                        #44
                                                                                        Originally posted by The Judge
                                                                                        KGB accent reduction training. In what language were you talking to him?
                                                                                        Talked to him in English

                                                                                        Comment

                                                                                        • TidalWave
                                                                                          Confirmed User
                                                                                          • Sep 2007
                                                                                          • 2706

                                                                                          #45
                                                                                          http://www.ddosprotection.com/

                                                                                          they can filter your traffic remotely then forward only legit traffic, but you still stay hosted where you are at now
                                                                                          www.SwiftNode.com

                                                                                          Comment

                                                                                          • The Judge
                                                                                            Confirmed User
                                                                                            • Jan 2006
                                                                                            • 1647

                                                                                            #46
                                                                                            Not that it matters in this case but wouldn't that kill SERPs?

                                                                                            Originally posted by TidalWave
                                                                                            http://www.ddosprotection.com/

                                                                                            they can filter your traffic remotely then forward only legit traffic, but you still stay hosted where you are at now

                                                                                            Comment

                                                                                            • TidalWave
                                                                                              Confirmed User
                                                                                              • Sep 2007
                                                                                              • 2706

                                                                                              #47
                                                                                              No idea, i would assume flat out being down would do more damage
                                                                                              www.SwiftNode.com

                                                                                              Comment

                                                                                              • brandonstills
                                                                                                Confirmed User
                                                                                                • Dec 2007
                                                                                                • 1964

                                                                                                #48
                                                                                                What you're still using DOS? 3000 unique IP's is a lot though. I've been on the end of some brute force cracking attacks but never that many IP's.

                                                                                                Brandon Stills
                                                                                                Industry and programming veteran
                                                                                                [email protected] | skype: brandonstills | ICQ #495-171-318

                                                                                                Comment

                                                                                                • strongdong
                                                                                                  Confirmed User
                                                                                                  • Sep 2003
                                                                                                  • 191

                                                                                                  #49
                                                                                                  this fucker is back at it again today, sites are down...going on day 3 of the attacks now

                                                                                                  Comment

                                                                                                  • chelo - adultcopywriters
                                                                                                    Confirmed User
                                                                                                    • Feb 2008
                                                                                                    • 775

                                                                                                    #50
                                                                                                    fuck, these guys need to be imprisoned mate, you deserved this bump!
                                                                                                    Good luck getting your hands on this fucker!

                                                                                                    Comment

                                                                                                    Working...