Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > POLITICS, LITIGATION AND ACTIVISM > California 2nd Amend. Political Discussion & Activism
Register FAQ Members List Calendar Mark Forums Read

California 2nd Amend. Political Discussion & Activism Discuss gun rights activism and 2A related political topics here. All advice given is NOT legal counsel.

Reply
 
Thread Tools Display Modes
  #1  
Old 02-01-2013, 8:09 PM
Southwest Chuck Southwest Chuck is offline
Senior Member
 
Join Date: Jul 2009
Location: San Bernardino County
Posts: 1,802
iTrader: 1 / 100%
Default WARNING CGN: 2nd Amendment Denal of Service Attack at MDShooters

First, let me say that I have been afraid of such an attack happening here at CGN. Please move this thread if necessary, but It is 2A related in that a 2A sister organization has come under attack just as they are leading up to a ralley on Feb. 6th at the MD Capital and testifying against new restrictive gun laws.
For the past 9 or 10 hours, the MDShooters website / 2A forum has been under a DDOS Attack, and is still ongoing. Here is a post by their Admin:

Quote:
Originally Posted by DD214 View Post
Alrighty then. Sever load averages dropping and everything seems to be returning to normal. It only took me and the host 9 hours to get it stabilized. :sad20:

This one was intense. Up until a few minutes ago some of the bots were even getting past the DDOS filter. I'm not sure how, but there were a handful of pesky bastards that had to be put down another way. CloudFlare is reporting that during a very short period we had 116,586+ threat hits from 208 different IPs from around the world. All were directed at the mdshooters.com URL rather than IP, so we were the target for sure. Someone doesn't want us talking.

Thanks for the patience and I apologize for the downtime. As mentioned before, you can keep up with the current status of the forum on Facebook at http://www.facebook.com/mdshooters or on Twitter at http://twitter.com/MDShooters
I hope that Paul / Kestryl has adequate safeguards in place if/when CGN comes under attack when we get hot and heavy, fighting our own insane bills being proposed in the legislature

I would post a link to his post, but it's in the "Water Cooler" (like our Off Topic) but you have to be registered and have at least 50 posts before you have access to that forum. The main website is HERE

Our enemies know no bounds.
__________________
Quote:
Originally Posted by Southwest Chuck View Post
I am humbled at the efforts of so many Patriots on this and other forums, CGN, CGF, SAF, NRA, CRPF, MDS etc. etc. I am lucky to be living in an era of a new awakening of the American Spirit; One that embraces it's Constitutional History, and it's Founding Fathers vision, especially in an age of such uncertainty that we are now in.
Quote:
Originally Posted by toby View Post
Go cheap you will always have cheap and if you sell, it will sell for even cheaper. Buy the best you can every time.
^^^ Wise Man. Take his advice
Reply With Quote
  #2  
Old 02-01-2013, 8:16 PM
Tincon's Avatar
Tincon Tincon is offline
Mortuus Ergo Invictus
CGN Contributor - Lifetime
 
Join Date: Nov 2012
Posts: 5,067
iTrader: 2 / 100%
Default

DDOS attacks are annoying, and can take down servers if you don't have the bandwidth/hardware (which is obviously expensive) to cope, but they are also temporary. It would be very unusual to see one lasting longer than 24 hours, outside of state-sponsored activity.

There are other ways to mitigate, but they require more technical skill and equipment than the average gun forum is going to have available. Best bet is to just wait it out, and report it to the FBI.
Reply With Quote
  #3  
Old 02-01-2013, 8:19 PM
Bangzoom's Avatar
Bangzoom Bangzoom is offline
Calguns Addict
 
Join Date: Jul 2012
Location: San Fernando Valley
Posts: 6,207
iTrader: 31 / 100%
Default

Fuuny thing is when these wussy Denial of service attakers go to prison they are wimpy and cant deny service to Bubba
__________________
Liberals will say "Don't listen to Republicans"
Republicans will say "Did you hear what the Liberals are saying now?"
----------------------------

Reply With Quote
  #4  
Old 02-01-2013, 9:06 PM
MattyB MattyB is offline
Banned
 
Join Date: Oct 2012
Location: Orangevale, CA
Posts: 350
iTrader: 2 / 100%
Default

Better question is who is behind it?
Reply With Quote
  #5  
Old 02-01-2013, 9:12 PM
Moonshine Moonshine is offline
Senior Member
 
Join Date: Jan 2012
Posts: 2,053
iTrader: 3 / 100%
Default

We're Californians and if its one thing we do well its IT. We have some of the best IT porfessionals in the country in this state and no doubt some are on this board.
Reply With Quote
  #6  
Old 02-01-2013, 9:24 PM
FoxTrot87 FoxTrot87 is offline
Member
 
Join Date: Apr 2012
Posts: 436
iTrader: 9 / 100%
Default

Where are the US Cyber Command facilities located?
__________________
"Among the many misdeeds of the British rule in India, history will look upon the act depriving a whole nation of arms as the blackest."
-Mohandas Gandhi
Reply With Quote
  #7  
Old 02-01-2013, 9:27 PM
Tincon's Avatar
Tincon Tincon is offline
Mortuus Ergo Invictus
CGN Contributor - Lifetime
 
Join Date: Nov 2012
Posts: 5,067
iTrader: 2 / 100%
Default

Quote:
Originally Posted by FoxTrot87 View Post
Where are the US Cyber Command facilities located?
Fort Meade, not that I can imagine how it would have any relevance.
Reply With Quote
  #8  
Old 02-01-2013, 9:28 PM
SuperSet's Avatar
SuperSet SuperSet is online now
Vendor/Retailer
 
Join Date: Feb 2007
Location: OC/DC
Posts: 8,948
iTrader: 41 / 100%
Default

I doubt that this is specifically targeted at 2A websites. The Washington Post and NYTimes have been under sustained attack for the last few weeks.
Reply With Quote
  #9  
Old 02-01-2013, 9:44 PM
Kurus214 Kurus214 is offline
CGN/CGSSA Contributor - Lifetime
CGN Contributor - Lifetime
 
Join Date: Mar 2012
Location: SoCal
Posts: 484
iTrader: 2 / 100%
Default

Not sure why you think it's not targeted since they chose the domain to attack, and it was a relativly small attack - it clearly had an intent to cause harm.
Reply With Quote
  #10  
Old 02-01-2013, 9:49 PM
FoxTrot87 FoxTrot87 is offline
Member
 
Join Date: Apr 2012
Posts: 436
iTrader: 9 / 100%
Default

Quote:
Originally Posted by Tincon View Post
Fort Meade, not that I can imagine how it would have any relevance.
I like stoking the fire after reading pg. 32 of TRODAC 525-3-1
__________________
"Among the many misdeeds of the British rule in India, history will look upon the act depriving a whole nation of arms as the blackest."
-Mohandas Gandhi
Reply With Quote
  #11  
Old 02-01-2013, 9:50 PM
Tincon's Avatar
Tincon Tincon is offline
Mortuus Ergo Invictus
CGN Contributor - Lifetime
 
Join Date: Nov 2012
Posts: 5,067
iTrader: 2 / 100%
Default

This level of DDOS is not used randomly, the ability to conduct such activity is a "valuable" resource. Some hacker group is either pissed off or was paid off.
Reply With Quote
  #12  
Old 02-02-2013, 1:44 AM
TallNorton TallNorton is offline
Junior Member
 
Join Date: Dec 2011
Posts: 1
iTrader: 0 / 0%
Default

The attack was aimed at the URL and not the IP. It was a targeted attack and obviously meant to disrupt communications lading up to gun bill day.
Reply With Quote
  #13  
Old 02-02-2013, 2:03 AM
LBDamned's Avatar
LBDamned LBDamned is offline
Made in the USA
CGN Contributor - Lifetime
 
Join Date: Feb 2011
Location: OC - So Cal
Posts: 9,550
iTrader: 48 / 100%
Default

Quote:
Originally Posted by MattyB View Post
Better question is who is behind it?
Quote:
Originally Posted by Tincon View Post
This level of DDOS is not used randomly, the ability to conduct such activity is a "valuable" resource. Some hacker group is either pissed off or was paid off.
Feinstein's great grandson/daughter (she sure looks that old).
__________________

Absolute power corrupts absolutely! Leadership is not about power... We have very few leaders in this country and virtually none in this state... but plenty of corruption in both.
-----------------------------------------------------------------------
I'm a porcupine - I don't carry for you. http://www.buckeyefirearms.org/newsf...dont-carry-you
Reply With Quote
  #14  
Old 02-02-2013, 2:17 AM
rootuser rootuser is offline
Senior Member
 
Join Date: Dec 2012
Posts: 2,480
iTrader: 1 / 100%
Default

It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.
Reply With Quote
  #15  
Old 02-02-2013, 2:20 AM
Tincon's Avatar
Tincon Tincon is offline
Mortuus Ergo Invictus
CGN Contributor - Lifetime
 
Join Date: Nov 2012
Posts: 5,067
iTrader: 2 / 100%
Default

Quote:
Originally Posted by rootuser View Post
It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.
I didn't interpret the quote that way, but you may be right. Normally serious DDOS attacks are measured in GB/s of bandwidth. I'm curious to know what was recorded during this one. IF it was really just 208 IPs during the entire attack, that could have been blocked pretty easily, probably with just IP tables.

Last edited by Tincon; 02-02-2013 at 2:22 AM..
Reply With Quote
  #16  
Old 02-02-2013, 2:28 AM
rootuser rootuser is offline
Senior Member
 
Join Date: Dec 2012
Posts: 2,480
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Tincon View Post
I didn't interpret the quote that way, but you may be right. Normally serious DDOS attacks are measured in GB/s of bandwidth. I'm curious to know what was recorded during this one. IF it was really just 208 IPs during the entire attack, that could have been blocked pretty easily, probably with just IP tables.
Good points. Who knows? Either way, it's not a coordinated attack by any serious hacker group. I'm sticking with script kiddie until I see evidence otherwise.
Reply With Quote
  #17  
Old 02-02-2013, 2:34 AM
Baja Daze Baja Daze is offline
Senior Member
 
Join Date: Jul 2011
Location: Peoples Democratic Republik of Kaliforniastan
Posts: 634
iTrader: 0 / 0%
Default

I wonder if one of those IP's was located at 1600 Pennsylvania Ave?
Reply With Quote
  #18  
Old 02-02-2013, 2:45 AM
rootuser rootuser is offline
Senior Member
 
Join Date: Dec 2012
Posts: 2,480
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Baja Daze View Post
I wonder if one of those IP's was located at 1600 Pennsylvania Ave?
Reply With Quote
  #19  
Old 02-02-2013, 5:13 AM
loose_electron's Avatar
loose_electron loose_electron is offline
Senior Member
 
Join Date: Oct 2010
Posts: 785
iTrader: 3 / 100%
Default

Quote:
Originally Posted by rootuser View Post
It was a very amatuer attempt if only 208 IPs behind it and those 208 IPs only got out 116K hits in 9 hours. That is actually piss poor. It's a script kiddie. There are much better and more effective ways to knock a site down, and knock it down hard, rather than just hitting a URL. Amateur indeed.

It was probably a member of those very forums who got angry for being flamed over something.
Yeah, too few machines for it to have been an organized effort. Smells like a one man show.
__________________
"Any fool can criticize, condemn and complain and most fools do." - Benjamin Franklin
"The answers to life's biggest questions are not found on Google." Author Unknown
San Diego CA - Sig Sauer P226 9mm & Mosquito, Bersa Thunder, Ruger LCR & LCP, S&W 22A, SA 1911 9mm, Beretta 92SF 9mm, Marlin 60
Reply With Quote
  #20  
Old 02-02-2013, 9:10 AM
littlejake littlejake is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Aug 2008
Location: Калифорния
Posts: 2,133
iTrader: 9 / 100%
Default

The security weakness in the internet lies in the DNS servers.
__________________
Life Member NRA and 2A Foundation. Member FPC.
My posts are my own opinions and do not reflect those of any organization I am a member of.
Nothing I post should be construed as legal advice; if you need legal advice, see a lawyer.

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt (1759-1806)
Reply With Quote
  #21  
Old 02-02-2013, 3:32 PM
DD214's Avatar
DD214 DD214 is offline
Junior Member
 
Join Date: Aug 2008
Location: Cuba on the Chesapeake (MD)
Posts: 5
iTrader: 0 / 0%
Default

We got hit again today. We maxed out at 830 simultaneously attacking IPs. It lasted for a couple of hours and used 6.1GB of bandwidth, most of which was used in a very short period when it peaked. Luckily the DDoS proxy kept the actual site running smoothly. I expect the attacks to keep up until Maryland's big gun legislation day on Feb 6. These may not be huge attacks, but it's a small website and it was enough to bring it to it's knees. Lesson learned and I'm doing everything I can to mitigate the risk going forward.

- MDShooter.com Admin
Reply With Quote
  #22  
Old 02-02-2013, 4:19 PM
mud99 mud99 is offline
Mall Ninja
CGN Contributor
 
Join Date: Oct 2011
Location: Bay Area
Posts: 1,075
iTrader: 11 / 100%
Default

116K hits over a 9 hour period...yawn.
Reply With Quote
  #23  
Old 02-02-2013, 4:23 PM
mud99 mud99 is offline
Mall Ninja
CGN Contributor
 
Join Date: Oct 2011
Location: Bay Area
Posts: 1,075
iTrader: 11 / 100%
Default

Quote:
Originally Posted by DD214 View Post
We got hit again today. We maxed out at 830 simultaneously attacking IPs. It lasted for a couple of hours and used 6.1GB of bandwidth, most of which was used in a very short period when it peaked. Luckily the DDoS proxy kept the actual site running smoothly. I expect the attacks to keep up until Maryland's big gun legislation day on Feb 6. These may not be huge attacks, but it's a small website and it was enough to bring it to it's knees. Lesson learned and I'm doing everything I can to mitigate the risk going forward.

- MDShooter.com Admin
How exactly are they DDOSing the site? Accessing a slow script, or doing something more sophisticated?
Reply With Quote
  #24  
Old 02-02-2013, 5:18 PM
DD214's Avatar
DD214 DD214 is offline
Junior Member
 
Join Date: Aug 2008
Location: Cuba on the Chesapeake (MD)
Posts: 5
iTrader: 0 / 0%
Default

Quote:
Originally Posted by mud99 View Post
116K hits over a 9 hour period...yawn.
You are correct, that would be nothing. I used the wrong term. It was 116k page views (attempted anyway) in less than an hour. My server is not configured for that kind of traffic. That is what I was getting from the proxy. 9 hours is how long I spent getting the attack under control and making the site accessible again (configuring the proxy, etc), not how long the attack lasted.
Reply With Quote
  #25  
Old 02-02-2013, 5:19 PM
DD214's Avatar
DD214 DD214 is offline
Junior Member
 
Join Date: Aug 2008
Location: Cuba on the Chesapeake (MD)
Posts: 5
iTrader: 0 / 0%
Default

Quote:
Originally Posted by mud99 View Post
How exactly are they DDOSing the site? Accessing a slow script, or doing something more sophisticated?
Post flood and just accessing the homepage which is the most resource intensive.
Reply With Quote
  #26  
Old 02-02-2013, 5:55 PM
Southwest Chuck Southwest Chuck is offline
Senior Member
 
Join Date: Jul 2009
Location: San Bernardino County
Posts: 1,802
iTrader: 1 / 100%
Default

Glad you've got a handle on it. Good luck on the 6th!
__________________
Quote:
Originally Posted by Southwest Chuck View Post
I am humbled at the efforts of so many Patriots on this and other forums, CGN, CGF, SAF, NRA, CRPF, MDS etc. etc. I am lucky to be living in an era of a new awakening of the American Spirit; One that embraces it's Constitutional History, and it's Founding Fathers vision, especially in an age of such uncertainty that we are now in.
Quote:
Originally Posted by toby View Post
Go cheap you will always have cheap and if you sell, it will sell for even cheaper. Buy the best you can every time.
^^^ Wise Man. Take his advice
Reply With Quote
  #27  
Old 02-02-2013, 6:07 PM
DD214's Avatar
DD214 DD214 is offline
Junior Member
 
Join Date: Aug 2008
Location: Cuba on the Chesapeake (MD)
Posts: 5
iTrader: 0 / 0%
Default

Quote:
Originally Posted by Southwest Chuck View Post
Glad you've got a handle on it. Good luck on the 6th!
Thanks. We're going to need it.
Reply With Quote
  #28  
Old 02-02-2013, 6:15 PM
Fjold's Avatar
Fjold Fjold is offline
I need a LIFE!!
 
Join Date: Oct 2005
Location: Near Bakersfield
Posts: 20,311
iTrader: 26 / 100%
Default

The scariest thing is, Calguns is hoted by GeoVario
__________________
Frank


One rifle, one planet - Holland's 375

http://img.photobucket.com/albums/v214/Fjold/member8325.png

Life Member NRA, CRPA and SAF
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 9:53 PM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2016, Calguns.net an Incorporated Company All Rights Reserved.