|
Silvercash updates
Any news?
|
No.
|
Getting pretty sad. 3+ days of constant downtimes.
|
Could be really hard to fight of a big DDOS attack.
|
Who are they being attacked by and why?
|
I have switched all my traffic to another sponsor, no time for this.
When they are back up for a while i will consider them again. |
Fuck they are down again. Seems like they can't fight the DOS attacks.
I redirected my traffic to another sponsor. |
I'd like to stick it out with them. It would be a major pain in the ass to switch but some info would be nice.
|
LA Mike posted on the Silver board earlier today, they were attacked from hundreds of servers to their secure joinforms. They have bought and installed new firewalls yesterday.
It was up and running 7-8 hours ago, but it seems like they are attacked again today....... |
I can tell you from my experience in the hosting business that these attacks are very difficult to defend. I wish them the best of luck.
|
what the heck is going on all these attacks, GFY, AWI, SpamCop, SilverCash, and some in Europe. AWI is still down
|
Quote:
:1orglaugh |
SpamCop's down.
Hmmmmm. where did I put that 8 million emails cd I bought for $19.99.:1orglaugh |
Quote:
|
Quote:
http://www.silvercash.com/affiliate/members/home/ The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. |
Quote:
|
works now
edit: very slow though :]. |
still down for me :(
|
We are continually working on it guys. I dont know what else to say but sorry. We havent slept in days and we have put up some of the best firewalls and routers and continue to battle.
I will keep you updated. |
Perhaps this is the beginning of the DOS Hacker Olympics they keep talking about?
Good luck with this Mike...have you guys thought about dumping some of the domains onto a CDN for a bit? Might be able to deflect some of the load for a while and/or tell you more about the origin of the attack...sorry if that's repetitive info... hope you guys are up soon...:( |
Quote:
|
Best of luck Mike. Back in the day, we had constant attacks from the password community, taking shit down left and right. There is no easy answer. Our silvercash links are still up as always, this is just a slight bump in the road.
|
Quote:
|
Quote:
That's been my experience in the past at least. :) |
We are staying with you Mike.
Silvercash has been an honest and lucrative partner of ours for years, and it would take more than a little down time to get us to move anything anywhere else. Johnny V. |
hey Mike is your upstream provider helping at all?
|
Mike, are all of your paysites going down along with silvercash.com? I have PPC traffic I'm sending, and I'ma have to stop the campaigns if so.
|
Nevermind, I answered my own question. I just checked and of the paysites are down as well....not good bro.
|
Here is another thread about this issue, for those that haven't read it:
http://www.gofuckyourself.com/showth...hreadid=149406 Also, we plan to stick with Silvercash through the problems. Good luck guys. |
Things should be normal soon... Keeping my fingers crosses. Some stuff going on that I think is going to end this thing soon.
Stay tuned |
Quote:
WG |
I know this may be inappropaite to ask, but can some of the guys here with experience protecting their programs outline some BASIC "must have" protection against these kind of attacks together with a price tag?
This sounds very scary and I hope Silvercash can resolve this issue as soon as possible. |
Quote:
|
It has been running nicely for a couple of hours from europe.
The servers are very fast right now :-) |
only couple of hours. Down again.
XM |
do you know from what servers the attacks come from? why not take them down? should not be a problem. i normally fight back with 1000hits/sec but sometimes i have to turn up to 10k. if you are afraid of legal actions against you just publish a list of host where the attacks are coming from - i am sure many pissed affiliates will fight back.
|
yeah, taking down thousands of computers, that makes sense
|
Quote:
It's very hard to stop them. A firewall doesn't help too much. You need to block them before they come that far. What I've heard is that a good traffic filter is the best solution. There are some companies that are specialized in making systems to detect and stop heavy ddos attacks. They cost alot but will be worth it for things like this. Your host should know about this or call a security expert. |
What SC is facing is known as a DDoS which means a Distributed
Denial of Service Attack. Anyone who thinks this is simple script kiddies work is wrong. I will try to outline in a simple way how a DDoS works and why it is so hard to stop it. First of all the attacker needs to hack 100's or 1000's of servers in many different networks. Usually he picks servers that are connected to large amounts of bandwidth. On each of the machines he installs a server kind of program that listens to commands from 1 central place and can launch any type of attack on command. This can be simple webhits, or large packet streams using multiple protocols, like ICMP, UDP or TCP/IP. For best effect the attacker uses huge amounts of tiny packets as this causes the maximum load possible on routers and servers. Especially Cisco routers are known to have difficulties with HUGE amounts of small non TCP packets. TCP/IP requires a handshake protocol for communication whereas ICMP and UDP don't. So most likely UDP or ICMP packet protocols are being used. Once the attacker has a huge amount of these server type scripts installed he can trigger all the nodes with 1 central script which will launch his attack simultaniously over all nodes. Since there are so many nodes it's next to impossible to start blocking traffic with a firewall. The nodes are all in different networks and use 10.000's of different IP's so it's virtually impossible to start blocking IP's simply because there are too many. By blocking full C-classes you will end up blocking half the internet so that's no option either. Using access-list filters on core routers is a bad idea because it would create such a load that the routers will run out of memory within seconds. Core routers switch gigabytes of traffic per second so filtering it there is very bad idea. The router should read each packet and compare it to a ruleset to see if it can be forwarded or dropped. The attack can be simple webpage hits, so it's very hard to determine which packets are fraudulant and which not. With a huge number of servers you can flood almost any server quite easily. The best way to handle DDoS attacks is with your upstream provider. Look at the traffic and write down from which core networks the attacks are coming. Call those carriers and give them the IP nets from which the attacks are coming. They can either stop advertising those IP networks or contact RIPE/ARIN/SARIN to take action. The solution in stopping the attack is not so much technical. Understanding what's going on and determing where it comes from and then getting up to the carrier that controls those IP nets is where you can do something. Mike I have a lot of experience with this stuff. I'm sure you have really good people around you. In case you can use extra help feel free to hit me up. As I tried to explain determing source nets is the key to your problem. DynaMite UIN# 370820 |
The attacks can vary, you can't have complete protection against this type of attack.
Distributed denial of service attacks, are very powerful, and much more widespread these days, because windows computers can now participate in them, which wasn't always the case. Windows now has 'raw sockets' support which makes IP spoofing possible, so if a 2,000 windows botnet is all pumping garbage packets to a single server with fake source IPs, you pretty much are out of options for tracing, the only way of tracing is by tracking a single stream of data to the router they are coming from, 1 hop at a time, which is virtually impossible to get that kind of cooperation with every hop unless your the FBI. The attack a while back that went against ebay and yahoo was the same type of attack, using a unix variant, called trinoo, which is the same type of attack, except required rooted unix boxes to orcestrate since unix has had raw socket support forever, though required less servers because unix servers tend to be well connected. The tools available to create these types of attacks now days are much easier to get into windows boxes then unix boxes. http://grc.com/dos/grcdos.htm is a very good resource for info. I have been receiving distributed denial of service attacks for about 9 months to a small site of my own off and on. After getting the server to be able to detect and cope with the volume of traffic to survive the hit, I still had a extreme volume of traffic coming into the server, which costs in bandwidth, so what I have done is setup round-robin DNS for my site, and when a attack comes in, block my own IP that is getting hit at the ISP, and legitimate traffic will flow to the other IPs. With a low DNS TTL this has been very effective. I also remove the attacked IP out of round-robin DNS when an attack is detected to minimize round-robin connect failures until the TTL's expire. Routers at ISPs have a setting they can set that would prohibit a spoofed packet to leave the ISP, packets could only be spoofed within the subnets they are routing for, many many many ISPs don't have this 'egress filtering' turned on. If a attack could be traced back to a real IP, the victim can get ahold of a botnet client on a infected computer, disassemble it to find out what central resource it's connecting to, then go to the provider of that central resource and get it shut down. Many botnets are coded with hostnames hosted off free web based DNS services so the botnets can be administrated easier, giving the attacker the ability to move the bots to different IRC servers. Getting that central hostname out of a single attack bot will disable a botnet assuming they don't have a alternative way into the drone computers. Josh |
Quote:
|
Quote:
packets are really spoofed. If the attacker is in control of many different servers then it gets harder as the packets are real packets and are not being forged. There are so many bad secured servers on the internet that it's quite easy to root boxes and gain control while being completely stealth. LRK, Adore Kernel Plugin, Known exploits make it easy to install stuff on servers and be completely hidden. Many times the administrators never notice that their box has been compromised. They upload new versions of popular system programs like: ls, netstat, ps, pstree, slocate, traceroute, w, who, cp, mv, kill, killall, ping, etc, etc which won't list any connections/scripts that are being used by the hacker. These modified system programs have the exact same filesize and timestamp as the original ones that were installed on the server so they are quite hard to find. DynaMite |
Mike, I know you guys will spare no expense in getting this taken care of - might I suggest that you contact Steve Gibson and bring him on board as a consultant during this attack?
He commonly deals with DDOS attacks and pulls them apart and finds a way to stop or deflect them. The closest associated emails I can find [email protected] and [email protected] and a phone number of 714-362-8800. Also definitely take a look at the IPs that the attacks are coming from (you should be able to take apart the attacks and determine if they're spoofed and what the true addy is) and start contacting the owners of those IPs. IE, if any of these attacks are coming from servers on the Rackshack network, send a captured sample of the attack to [email protected] and these emails: Patrick [email protected] Sen. Sys. Admin Mario [email protected] Customer Service Manager Greg [email protected] Support Team Manager Robert [email protected] Rackshack CEO and give them a call. Rackshack will be happy to investigate it on their end and start unplugging boxen (although I must say, if they notice any of their servers sending out abnormal amounts of packets like this, they'll unplug them on their own). I'd like to add to the discussion that it doesn't take a genius or a serious cracker to do this. One patient person with the right script and a list of IPs from a cable provider (like RoadRunner or Cox) can rack up insecure windows boxes left and right. Then the boxes open a connection to an irc chat room where they wait for their marching orders. Once the orders come in, the boxes all start sending traffic to the victim... and the owners of these computers on cable connections aren't even aware of it. Full-time "always on" connections with nice fat pipes and thousands of insecure boxen blindly following orders - ugh. The guys can also employ true servers in the attack, and it's the same for that, just running a script that searches for insecure boxen and then goes in and buries itself to await orders. I assume that this attack is from that Deepsy guy? :( |
| All times are GMT -7. The time now is 06:03 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123