PEcash fight DDoS attack

[DBX]

PEcash fight DDoS attack

The entire network of PEcash online stores has been under an intense DDoS (Distributed Denial of Service) attack that began on Friday, September 10th and has continued to ramp up through today.
By Saturday morning September 11th, all attempts to increase server performance and increase bandwidth had failed. By Saturday afternoon we had an agreement with THE best DDoS protection service available.
It has taken another 24-48 hours to implement this service, tweak the service and propagate the DNS that brings all our relocated stores back online.

As of this morning, Monday September 13th we are 100% fully restored.
We are continuing to monitor the situation.

The good news is that our agreement with the DDoS protection service keeps us protected from DDoS attacks in the future. In fact, we are so impressed with the service and their technicians that we would not consider doing business without them from this point forward.

I would like to thank all our affiliates who know us and trust us and realize that an outage like this is very uncharacteristic of our service, history and company philosophies.

At the same time, I would like to apologize to all our affiliates for not notifying you sooner. The recovery from this attack has been all consuming and without going into great detail, there were security reasons we could not announce this sooner. Most companies would not even admit to having
experienced a DDoS attack, even after it has been brought under control, but we know we owe you an explanation.

To those who think they can find better service elsewhere, all I can say is when a DDoS attack hits, no one is safe.

To our competitors, all I can say is, when it happens to you, give me a call and I'll tell you what your options are to minimize the impact.

Due to security precautions, I cannot reveal any more information about who the DDoS service protection company is, or any numbers regarding the volume of the attack, so please don't ask.

What a fucking weekend?

Senior Account Admin
DonB

[bluff]

thanks for the release

good luck with it

[traffic addict]

DDos is a fucking issue all over
What protection service are you using?

[johndoebob]

Quote:

Due to security precautions, I cannot reveal any more information about who the DDoS service protection company is

Let me guess, the guys who DDoSed you offered "protection" ?

[FilthyRob]

I hope they fry

[DBX]

johndoebob,
That would be funny if it wasn't costing us thousands of dollars, I mean 6 digits...
We did get an extortion letter just prior to the attack. They were only asking for 2 grand. The fix was much more expensive.

[MickeyG]

protection company? Like as in the Russian Mafia?

[junction]

Thanks for the update Don.

[seeric]

WOW!

no matter what, it was a good idea to notify your affiliates. thats stand up.

[DBX]

A1R3K,
It was a real internal stuggle not to get the word out earlier.
Basically all I could say on Sat or Sun was "we are on it". The DDoS gurus are very convincing that no one should talk about the issue until it has been brought under control and even then, keep your mouth shut about specifics - the logic is to NOT antagonize or provoke the attackers.

[johndoebob]

Quote:

Originally posted by DBX
We did get an extortion letter just prior to the attack. They were only asking for 2 grand.

I wonder why you didn't get a good protection directly after the extortion letter.

It doesn't cost the DDoS gangs anything to DDoS you so they do it just to show it wasn't a joke and they're none to fuck with.

[DBX]

The extortion letter came at the start of the attack.
The first thing we did was try to fight it ourselves - I don't recommend that. The next thing you do is spend a couple of hours with the FBI...
Do you have any idea how much the hardware costs that filters out a TCP SYN flood attack?
It took us 24 hours from start of attack to find a working solution.

[Quickdraw]

REALLY glad to see it's under control I can already see a difference

[Old Dude]

store.sex-superstore.com still not loading for me, other stores are though like store.hetero.sex-superstore.com. Is there still a problem somewhere.

OldDude

[johndoebob]

Quote:

Originally posted by DBX
The extortion letter came at the start of the attack.
The first thing we did was try to fight it ourselves - I don't recommend that. The next thing you do is spend a couple of hours with the FBI...
Do you have any idea how much the hardware costs that filters out a TCP SYN flood attack?
It took us 24 hours from start of attack to find a working solution.

I just filter the packets and trust in EV1s anti DDoS solution.You don't need your own hardware for that your hoster should be able to help you or at least provide his own effective services for a reasonable low fee.

The guys from the FBI are clueless idiots and can't do anything anyway.

[DBX]

Hi OldDude,
This is more than likely a DNS propagation problem, because we had to move all the stores to new IP's and route the entire network of stores through a protection service.
I'm getting the superstore here in Cleveland and elsewhere, yet I've had reports that some users in Chicago are still not getting in.
If your ISP is slow to do DNS updates, it will keep you from resolving the domain name to it's new location.

Other than that, you could try clearing cache and refreshing, even rebooting if you keep your machine on without a restart for a long time.

The stores are hosted in California in a huge datacenter out there.

DBX

[DBX]

Quote:

Originally posted by johndoebob
The guys from the FBI are clueless idiots and can't do anything anyway.

So far, that is mostly true. I'm pretty sure I just end up being a statistic. We were surprised how technically literate the feds were in the San Diego area. They asked some very technically specific questions, here in Cleveland, they used www.checkdomain.com to look up an IP address!

I seriously doubt any host is prepared to filter the quantity this attack is delivering... but, I can't say more.

[johndoebob]

Just had a small DDoS attack a year ago and I got out pretty well without any damages are big costs, but in the 1 billion+ packet area it should be hard of course.

You can see some interesting screenshots of ddos botnet channels here:

http://swatit.org/bots/gallery.html

[MarcyM25]

Glad everything is back up!

[Old Dude]

this is the latest error I get when I try to load your site from my link to http://store.sex-superstore.com/

Microsoft OLE DB Provider for SQL Server error '80004005'

[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

/dbconnect.inc, line 10

OldDude

[DIH]

Quote:

Originally posted by Old Dude
this is the latest error I get when I try to load your site from my link to http://store.sex-superstore.com/

Microsoft OLE DB Provider for SQL Server error '80004005'

[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

/dbconnect.inc, line 10

OldDude

if im not mistaken your typin in te wrong domain... it should be
http://shop.sex-superstore.com/

to access the main store I believe

[DBX]

Old Dude,
Call me at 800-321-9858 or write to [email protected].
Your error message is a legitimate message for a MS SQL server, but we don't run a MS SQL server, so you should not be getting this message from our server.
Anyway, I have some questions about your link and I want to look at your site, your browser and such.
DonB

[macho]

Nice to hear!

[RikRok]

I've seen attacks Prolexic/Digidefense can't handle. Fortunately, there are companies that can handle attacks bigger than those...

Rik

[AndrewKanuck]

Quote:

Originally posted by johndoebob
Let me guess, the guys who DDoSed you offered "protection" ?

Sounds like a business model I know a few people are using

[Wiggles]

man that sucks, good luck with getting back up and running.

[Manowar]

sucks that you have to deal with that shit man, why cant people just leave others alone