Calguns.net

Calguns.net (https://www.calguns.net/calgunforum/index.php)
-   California 2nd Amend. Political Discussion & Activism (https://www.calguns.net/calgunforum/forumdisplay.php?f=71)
-   -   WARNING CGN: 2nd Amendment Denal of Service Attack at MDShooters (https://www.calguns.net/calgunforum/showthread.php?t=694279)

Southwest Chuck 02-01-2013 8:09 PM

WARNING CGN: 2nd Amendment Denal of Service Attack at MDShooters
 
First, let me say that I have been afraid of such an attack happening here at CGN. Please move this thread if necessary, but It is 2A related in that a 2A sister organization has come under attack just as they are leading up to a ralley on Feb. 6th at the MD Capital and testifying against new restrictive gun laws.
For the past 9 or 10 hours, the MDShooters website / 2A forum has been under a DDOS Attack, and is still ongoing. Here is a post by their Admin:

Quote:

Originally Posted by DD214 (Post 2110954)
Alrighty then. Sever load averages dropping and everything seems to be returning to normal. It only took me and the host 9 hours to get it stabilized. :sad20:

This one was intense. Up until a few minutes ago some of the bots were even getting past the DDOS filter. I'm not sure how, but there were a handful of pesky bastards that had to be put down another way. CloudFlare is reporting that during a very short period we had 116,586+ threat hits from 208 different IPs from around the world. All were directed at the mdshooters.com URL rather than IP, so we were the target for sure. Someone doesn't want us talking.

Thanks for the patience and I apologize for the downtime. As mentioned before, you can keep up with the current status of the forum on Facebook at http://www.facebook.com/mdshooters or on Twitter at http://twitter.com/MDShooters

I hope that Paul / Kestryl has adequate safeguards in place if/when CGN comes under attack when we get hot and heavy, fighting our own insane bills being proposed in the legislature

I would post a link to his post, but it's in the "Water Cooler" (like our Off Topic) but you have to be registered and have at least 50 posts before you have access to that forum. The main website is HERE

Our enemies know no bounds.

Tincon 02-01-2013 8:16 PM

DDOS attacks are annoying, and can take down servers if you don't have the bandwidth/hardware (which is obviously expensive) to cope, but they are also temporary. It would be very unusual to see one lasting longer than 24 hours, outside of state-sponsored activity.

There are other ways to mitigate, but they require more technical skill and equipment than the average gun forum is going to have available. Best bet is to just wait it out, and report it to the FBI.

Bangzoom 02-01-2013 8:19 PM

Fuuny thing is when these wussy Denial of service attakers go to prison they are wimpy and cant deny service to Bubba

MattyB 02-01-2013 9:06 PM

Better question is who is behind it?

Moonshine 02-01-2013 9:12 PM

We're Californians and if its one thing we do well its IT. We have some of the best IT porfessionals in the country in this state and no doubt some are on this board.

FoxTrot87 02-01-2013 9:24 PM

Where are the US Cyber Command facilities located?

Tincon 02-01-2013 9:27 PM

Quote:

Originally Posted by FoxTrot87 (Post 10398066)
Where are the US Cyber Command facilities located?

Fort Meade, not that I can imagine how it would have any relevance.

SuperSet 02-01-2013 9:28 PM

I doubt that this is specifically targeted at 2A websites. The Washington Post and NYTimes have been under sustained attack for the last few weeks.

Kurus214 02-01-2013 9:44 PM

Not sure why you think it's not targeted since they chose the domain to attack, and it was a relativly small attack - it clearly had an intent to cause harm.

FoxTrot87 02-01-2013 9:49 PM

Quote:

Originally Posted by Tincon (Post 10398100)
Fort Meade, not that I can imagine how it would have any relevance.

I like stoking the fire after reading pg. 32 of TRODAC 525-3-1
;)

Tincon 02-01-2013 9:50 PM

This level of DDOS is not used randomly, the ability to conduct such activity is a "valuable" resource. Some hacker group is either pissed off or was paid off.

TallNorton 02-02-2013 1:44 AM

The attack was aimed at the URL and not the IP. It was a targeted attack and obviously meant to disrupt communications lading up to gun bill day.

LBDamned 02-02-2013 2:03 AM

Quote:

Originally Posted by MattyB (Post 10397889)
Better question is who is behind it?

Quote:

Originally Posted by Tincon (Post 10398294)
This level of DDOS is not used randomly, the ability to conduct such activity is a "valuable" resource. Some hacker group is either pissed off or was paid off.

Feinstein's great grandson/daughter (she sure looks that old).

rootuser 02-02-2013 2:17 AM

It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.

Tincon 02-02-2013 2:20 AM

Quote:

Originally Posted by rootuser (Post 10399993)
It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.

I didn't interpret the quote that way, but you may be right. Normally serious DDOS attacks are measured in GB/s of bandwidth. I'm curious to know what was recorded during this one. IF it was really just 208 IPs during the entire attack, that could have been blocked pretty easily, probably with just IP tables.

rootuser 02-02-2013 2:28 AM

Quote:

Originally Posted by Tincon (Post 10399999)
I didn't interpret the quote that way, but you may be right. Normally serious DDOS attacks are measured in GB/s of bandwidth. I'm curious to know what was recorded during this one. IF it was really just 208 IPs during the entire attack, that could have been blocked pretty easily, probably with just IP tables.

Good points. Who knows? Either way, it's not a coordinated attack by any serious hacker group. I'm sticking with script kiddie until I see evidence otherwise.

Baja Daze 02-02-2013 2:34 AM

I wonder if one of those IP's was located at 1600 Pennsylvania Ave? :hide:

rootuser 02-02-2013 2:45 AM

Quote:

Originally Posted by Baja Daze (Post 10400028)
I wonder if one of those IP's was located at 1600 Pennsylvania Ave? :hide:

:rofl2:

loose_electron 02-02-2013 5:13 AM

Quote:

Originally Posted by rootuser (Post 10399993)
It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.

Yeah, too few machines for it to have been an organized effort. Smells like a one man show.

littlejake 02-02-2013 9:10 AM

The security weakness in the internet lies in the DNS servers.

DD214 02-02-2013 3:32 PM

We got hit again today. We maxed out at 830 simultaneously attacking IPs. It lasted for a couple of hours and used 6.1GB of bandwidth, most of which was used in a very short period when it peaked. Luckily the DDoS proxy kept the actual site running smoothly. I expect the attacks to keep up until Maryland's big gun legislation day on Feb 6. These may not be huge attacks, but it's a small website and it was enough to bring it to it's knees. Lesson learned and I'm doing everything I can to mitigate the risk going forward.

- MDShooter.com Admin

mud99 02-02-2013 4:19 PM

116K hits over a 9 hour period...yawn.

mud99 02-02-2013 4:23 PM

Quote:

Originally Posted by DD214 (Post 10405450)
We got hit again today. We maxed out at 830 simultaneously attacking IPs. It lasted for a couple of hours and used 6.1GB of bandwidth, most of which was used in a very short period when it peaked. Luckily the DDoS proxy kept the actual site running smoothly. I expect the attacks to keep up until Maryland's big gun legislation day on Feb 6. These may not be huge attacks, but it's a small website and it was enough to bring it to it's knees. Lesson learned and I'm doing everything I can to mitigate the risk going forward.

- MDShooter.com Admin

How exactly are they DDOSing the site? Accessing a slow script, or doing something more sophisticated?

DD214 02-02-2013 5:18 PM

Quote:

Originally Posted by mud99 (Post 10405927)
116K hits over a 9 hour period...yawn.

You are correct, that would be nothing. I used the wrong term. It was 116k page views (attempted anyway) in less than an hour. My server is not configured for that kind of traffic. That is what I was getting from the proxy. 9 hours is how long I spent getting the attack under control and making the site accessible again (configuring the proxy, etc), not how long the attack lasted.

DD214 02-02-2013 5:19 PM

Quote:

Originally Posted by mud99 (Post 10405984)
How exactly are they DDOSing the site? Accessing a slow script, or doing something more sophisticated?

Post flood and just accessing the homepage which is the most resource intensive.

Southwest Chuck 02-02-2013 5:55 PM

Glad you've got a handle on it. Good luck on the 6th!

DD214 02-02-2013 6:07 PM

Quote:

Originally Posted by Southwest Chuck (Post 10406972)
Glad you've got a handle on it. Good luck on the 6th!

Thanks. We're going to need it.

Fjold 02-02-2013 6:15 PM

The scariest thing is, Calguns is hoted by GeoVario


All times are GMT -8. The time now is 9:03 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.