|
DOS attack expert?
3000+ plus IP's coming my way, SteveA is the icq of the guy doing it (428-764-610) he also has icq 'davide' (168-203-434, or it is his partner)...He also installed some rootkit which has deleted everything on one of my drives. I talked to him briefly (steveA) on icq here is an exerpt:
Date : 2/24/2008 Time : 4:45 PM From : SteveA look igor..i dont want to steal your site or any harm to you ...we just want a fair cut from your biz...nothing personal ec and another exerpt where he threatens to attack another one of my sites which he eventually did...(read from bottom to top): Date : 2/24/2008 Time : 3:16 PM From : SteveA should i come to moviesguy to ? Date : 2/24/2008 Time : 3:16 PM To : Ig :) Date : 2/24/2008 Time : 3:16 PM To : Ig ? Date : 2/24/2008 Time : 3:16 PM To : Ig shall i come to hamburg Date : 2/24/2008 Time : 3:16 PM From : SteveA hi :) Date : 2/24/2008 Time : 3:16 PM To : Ig hi :) Date : 2/24/2008 Time : 3:16 PM From : SteveA oh really ? Date : 2/24/2008 Time : 3:15 PM To : Ig the guy you are stealing traffic from Date : 2/24/2008 Time : 3:15 PM From : SteveA who am i speaking to ? Date : 2/24/2008 Time : 3:15 PM To : Ig can you stop the attack on my site please Date : 2/24/2008 Time : 3:15 PM From : SteveA yes Date : 2/24/2008 Time : 3:14 PM To : Ig Matthais ? Date : 2/24/2008 Time : 3:14 PM To : Ig hi His infos are as follows: Checks payable to : Matthias Mönch Email : [email protected] ICQ : 428764610 Address : Zimmerstrasse 55a Country : Hamburg, Hamburg 22085 Germany Hit me up if you can help! 78861564 |
dayummm grouchyadmin, u awake?
|
lol
hit me up and I can help you out |
bump bump bump
|
bump for revenge
|
157717888
|
Jizzstars is hitting up SpermShack too, supposedly got some hacks on that site
|
bump for youu
|
This is why we need ABC trading for knee caps...
|
Quote:
I hope you get this asshole. :disgust |
tell him you want to pay in person
|
Quote:
|
Quote:
:thumbsup |
I am still being attacked by this idiot...he has attempted more extortions during the night, this time he has demanded traffic
|
where does he want it sent? maybe u can track him that way or find a way to DOS his sites
Quote:
|
Does anyone actually pay extortion like this?
If you don't have a $5 account, get on your host to sort that shit. If you run a larger operation then a tgp or something, hire someone to clean your server of the shit. |
Quote:
|
Quote:
|
Quote:
|
he attacking 3 servers
|
jizzonline.com moviesguy.com jizzhut.com
|
How much do these guys charge for an attack?
|
Ig (9:10 AM) :
so now, i start to call the police SteveA (9:10 AM) : go go Ig (9:10 AM) : ok :-( SteveA (9:11 AM) : but wont except to come online earlier then 2 weeks SteveA (9:11 AM) : expect... |
Man... Thats fucked.
|
Who hosting you? they can't help you?
|
I asume your host is on it too?
Fuck man, this is seriously fucked |
so far, they have now blocked 13,000 IPs
|
biggest attack alphared has ever seen
|
Damn that sucks. Sounds like a botnet attack. Did you get his ip off ICQ so you could send it to your host/proper authorities for investigation?
|
Quote:
How can i find his IP from icq? |
Normally you can find it just within the ICQ infos. If not there is software to check it out, or you could check with a netstat.
|
coming from the guy with the most honest history as a webmaster, sucks doesnt it?
|
It sounds like you sold the guy a PA and he didn't make his money back so now he's paying back
|
Here's what you should do.
Plan A: 1. Arrange to make payment 2. Shit in a box and mail it to him Plan B: 1. Arrange to make payment 2. Show up at his house with a few friends 3. Break his fingers |
that sucks
no fun to have people take your gold and treasure |
There is a very simple way to deal with this. Here is the breakdown.
If he is justing DoS'ing then it can be blocked. Your host probably won't do it for you as its too many IP's and their uplink provider will probably just shut you off. SO Goto prolexic.com and they can filter all of the traffic for you and only give you non DDoS traffic. This is pretty much the only way. Even if you have a firewall some providers uplinks will not let the traffic through making your firewall useless. If you tell them prolexic is filtering it for you then you shouldn't have a problem. They'll turn it back on. As for hacking your boxes I'm not sure what to say other than make sure you utilize hosts.allow / hosts.deny and only allow access from IP's that are yours. This will help a bit. If its the web software he's getting in through then you have another problem |
just talked to the fucker on the phone 01141762517903 zurich switzerland, i think?
|
most likely voip, he is probably in russia
Quote:
|
try netstat -a to show active connections
|
Quote:
|
Part of the issue is the network you're on; you can begin to throttle connections and block them from the system with IPF and iptables; but when there's a bot net turned towards you, it's easiest to just filter from a big fucking Cisco sitting in front of your machine.
|
I asked him on the phone, 'why are you such a scumbag?' his answer, 'ask my mother' .....
|
KGB accent reduction training. In what language were you talking to him?
Quote:
|
Quote:
|
http://www.ddosprotection.com/
they can filter your traffic remotely then forward only legit traffic, but you still stay hosted where you are at now |
Not that it matters in this case but wouldn't that kill SERPs?
Quote:
|
No idea, i would assume flat out being down would do more damage
|
What you're still using DOS? 3000 unique IP's is a lot though. I've been on the end of some brute force cracking attacks but never that many IP's.
|
this fucker is back at it again today, sites are down...going on day 3 of the attacks now
|
fuck, these guys need to be imprisoned mate, you deserved this bump!
Good luck getting your hands on this fucker! |
| All times are GMT -7. The time now is 09:32 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123