Anybody know who is attacking my network?
 

We have been down for 10 hours + now due to some fuck hacking our servers, anybody know who might be doing this or why??

I have been told it would be

1) Competitor
2) Affiliate trying to improve sales
3) Non Affiliate trying to fuck one of our affiliates sales up!

Any body know who to contact to get the fuck found?

1) or 3).

Do you have someone available who speaks Romanian?

you took a peek at the log right? whats the ip resolving to?

We have over 3000 IP's coming in so there using some major cloacking or bruat force

yes loads - how come?

Ya post some info here. Log files and stuff.

sorry I will stop hitting CTRL F5 on your sites.

post some more info ;))

The log files show nothing becuase the IP's are spoofed :(

IF you have experience with this, ICQ ANDY

sounds like a dos, time to call the system guy... oh and there is no log? even when its spoofed theres a log, you mean all 3000 resolve to nothing?

We have had 2 system admins from cavecreek on it all night... banning ip's but more just keep coming :( Could anyone do this or does it have the hallmarks of a known hacker?

anyone with a small linux server can do a DOS, so what do they do just 3000 ips asking for the index? a ded box gotta cope with that, must be something else, a large file theyre constantly dl?

yeah i noticed you were down a lot lately..
i hope you fix this quickly...

btw, are sales being tracked normally on all products during the downtime?

Maybe you sold some pills to a hacker and he got mad when they didnt work lol. Seriously that sucks though, lots of porn sites have been under attack lately :(

what kinda ddos is it? there are like 3 basic ones, if its the simple version then adjusting the firewall to not let broadcast out is it, im sure cavecreek knows this stuff.

Forget bout tracking them if its a ddos, the attacks arent long enough and theyll end in some US uni or so...

ayn flood atatck

we need Smokey in here... he's got mad skills!

Sorry to hear you're the target of some punk, maybe it's a jealous competitor.

I would bet money, it's none of the above except maybe #3, but more likely I would look for:

1) Ex-Affiliate that was canned for reasons that seem unjust to him.
2) Someone that got into a pissing match with on a board or where ever with anyone from your company.

syn flood?

If you're running Apache, you may want to check out mod_dosevasive.

http://www.nuclearelephant.com/projects/dosevasive/

He sure does.

:pimp

I think your more likley to be right :)

thats a syn as far as I know yes, cc should be able to prevent that, thing is most if these guys dont want to start adjusting and filtering stuff...

that wont do jack shit for a syn flood attack

try enabling TCP cookies, it will help a little bit

anyone else... know who this may be?

you can always buy this :thumbsup

yeah and tons of other programs or hardware but thats not very helpfull right now...

anyone every used these guys ? http://www.block-ddos.com/about.php

If you're willing to move, pick up a server @ theplanet. Their DDoS filtering is pretty good, they did a great job filtering the 800mbit attack i was hit with a while back.

Im surprised cavecreek isn't more prepared to handle this sort of thing.

My guess is Wizzo is right its someone you guys pissed off.

yeah wonders me too, they can handle this im sure

Tell me about it... im not happy

Maybe BradM finally got mad and attacked you ;)

hahah no BradM is far to stupid... maybe he paid someone...

I thought CaveCreek was top notch?

it's rare to see hosting companies that can actively mitigate attacks, because the cost of it isnt usually justified

I understand that, but cavecreek is no mom and pop shop over there. They have some HUGE clients.

agreed...

The guy who is doing it is probably reading this. So stop it please. Thnx.

I wish he would contact me... I would love to know why!!

hey thinkx, the hosting you suggested is great indeed, ive never seen faster support hehe