Anybody know who is attacking my network?
 

We have been down for 10 hours + now due to some fuck hacking our servers, anybody know who might be doing this or why??

I have been told it would be

1) Competitor
2) Affiliate trying to improve sales
3) Non Affiliate trying to fuck one of our affiliates sales up!

Any body know who to contact to get the fuck found?

1) or 3).

Do you have someone available who speaks Romanian?

you took a peek at the log right? whats the ip resolving to?

We have over 3000 IP's coming in so there using some major cloacking or bruat force

yes loads - how come?

Ya post some info here. Log files and stuff.

sorry I will stop hitting CTRL F5 on your sites.

post some more info ;))

The log files show nothing becuase the IP's are spoofed :(

IF you have experience with this, ICQ ANDY

sounds like a dos, time to call the system guy... oh and there is no log? even when its spoofed theres a log, you mean all 3000 resolve to nothing?

We have had 2 system admins from cavecreek on it all night... banning ip's but more just keep coming :( Could anyone do this or does it have the hallmarks of a known hacker?

anyone with a small linux server can do a DOS, so what do they do just 3000 ips asking for the index? a ded box gotta cope with that, must be something else, a large file theyre constantly dl?

yeah i noticed you were down a lot lately..
i hope you fix this quickly...

btw, are sales being tracked normally on all products during the downtime?

Maybe you sold some pills to a hacker and he got mad when they didnt work lol. Seriously that sucks though, lots of porn sites have been under attack lately :(

what kinda ddos is it? there are like 3 basic ones, if its the simple version then adjusting the firewall to not let broadcast out is it, im sure cavecreek knows this stuff.

Forget bout tracking them if its a ddos, the attacks arent long enough and theyll end in some US uni or so...

ayn flood atatck

we need Smokey in here... he's got mad skills!

Sorry to hear you're the target of some punk, maybe it's a jealous competitor.

I would bet money, it's none of the above except maybe #3, but more likely I would look for:

1) Ex-Affiliate that was canned for reasons that seem unjust to him.
2) Someone that got into a pissing match with on a board or where ever with anyone from your company.

syn flood?

If you're running Apache, you may want to check out mod_dosevasive.

http://www.nuclearelephant.com/projects/dosevasive/

He sure does.

:pimp

I think your more likley to be right :)

thats a syn as far as I know yes, cc should be able to prevent that, thing is most if these guys dont want to start adjusting and filtering stuff...

that wont do jack shit for a syn flood attack

try enabling TCP cookies, it will help a little bit

anyone else... know who this may be?

you can always buy this :thumbsup

yeah and tons of other programs or hardware but thats not very helpfull right now...

anyone every used these guys ? http://www.block-ddos.com/about.php

If you're willing to move, pick up a server @ theplanet. Their DDoS filtering is pretty good, they did a great job filtering the 800mbit attack i was hit with a while back.

Im surprised cavecreek isn't more prepared to handle this sort of thing.

My guess is Wizzo is right its someone you guys pissed off.

yeah wonders me too, they can handle this im sure

Tell me about it... im not happy

Maybe BradM finally got mad and attacked you ;)

hahah no BradM is far to stupid... maybe he paid someone...

I thought CaveCreek was top notch?

it's rare to see hosting companies that can actively mitigate attacks, because the cost of it isnt usually justified

I understand that, but cavecreek is no mom and pop shop over there. They have some HUGE clients.

agreed...

The guy who is doing it is probably reading this. So stop it please. Thnx.

I wish he would contact me... I would love to know why!!

hey thinkx, the hosting you suggested is great indeed, ive never seen faster support hehe

Andy: We have been botnetted before... it's NOT pretty. Normally the people who do it are antis (people who hate spammers) but you guys don't take mail traffic, so I am at a loss of who it may be.

Sorry but why the hell would he want to get in touch with you and talk about it? Get real man, he's just trying to fuck your business/site up. Be it a competitor (then you know why he's doing it) or somebody who's bored to death over in Russia.

Who knows, you might get a blackmail letter soon.

Maybe your right... maybe he wants to be paid off... but I suppose when your at the top people always want to take you down

Would these guys perhaps be able to help you?... http://www.pennywize.com/

for brute force yes for ddos no

thanks appreciate the kind words, m3 is cool :thumbsup

mensniche , it sucks what happens. I guess you already have plans how to stop it but in case you need any of my personal experience this is what it could be and that happened to us before:

1) a webmaster that for any reason you canceled / terminated lately and that does not agree with your decission. Ex: spammer, carder, etc . Try to contact those people and see where it goes

2) In my case ISPRIME saved every time our attacks, without big impact, maybe you should give them a call and have one of their techs help you out or move your servers to them, they are the best.

Good luck with it.

smokey the bear can probably track them down....

Its me , pay me 5 bottles of cock pills and ill stop

get him to ICQ me :)