Announcement

Collapse
No announcement yet.

FBI/DDoS Attacks are NOW ON MY NERVES

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Originally posted by Scott MacVicar
    if anyone is still blocked can you send your IP to [email protected]

    I think a portion of Comcast is being blocked off which is on the 24.1.0.0-24.15.0.0 range. Thats due to excesive DOS attacks from 24.16.0.0-24.255.0.0
    are any 81. IPs blocked? on the 81.101.67.0 range currently (VirginNet in the UK, which seem to use NTL), and can't access the site (can at the moment since I'm VPN'd into work so the site works there).
    Problem for me is I'm on a dynamic IP, so I doubt Jelsoft will remove a block on a Class B IP range just for one user.

    Hmm, was on an 81.101. range when typing this, but just got the 2 hour disconnect, and now I'm on a 81.103 range and still can't access vbulletin.com without using the VPN.
    FFAddicts: [site|forums]

    Comment


    • #62
      Check your messages here.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #63
        Just a question; isnt it possible to just block all traffic comming in from saudi arabia. im sure the attacker would stop one day if he wasnt able to see what damage he does?
        Originally Posted by Zachery
        John originally presented vBulletin to Infopop, they didn't take it, so he took it and sold it

        Originally Posted by Martin
        We had to do a lot of arm twisting to get him to do it, though. I would imagine he still hates us.

        Comment


        • #64
          I think they have a few legitimate customers there. And it isn't that hard for a hacker (or anyone) to use a proxy to browse this site.
          Raz - KMC Forums

          Comment


          • #65
            Originally posted by ffaBen
            are any 81. IPs blocked? on the 81.101.67.0 range currently (VirginNet in the UK, which seem to use NTL), and can't access the site (can at the moment since I'm VPN'd into work so the site works there).
            Problem for me is I'm on a dynamic IP, so I doubt Jelsoft will remove a block on a Class B IP range just for one user.

            Hmm, was on an 81.101. range when typing this, but just got the 2 hour disconnect, and now I'm on a 81.103 range and still can't access vbulletin.com without using the VPN.
            Where exactly are you using a 81.x.x.x IP ??
            MCSE, MVP, CCIE
            Microsoft Beta Team

            Comment


            • #66
              Originally posted by _| () R | Z
              Just a question; isnt it possible to just block all traffic comming in from saudi arabia. im sure the attacker would stop one day if he wasnt able to see what damage he does?
              Good point, BUT, the problem is it doesn't work always; besides, as in most countries in the world, I'm sure that vB has good customer base in Saudi and I don't think it's good to block those good folks.

              Anyhow, let me tell you why it might not work (as someone who already suffered A LOT from DoS attacks I would like to offer my 2 cents ):

              Bad people can use two methods to bypass IP blocking by , 1- Using a proxy, 2- Using IP spoofing.

              That's why blocking a range of IPs doesn't work always. And that's why I'm using big machine (dual xeons 1GRAM etc) just to give those people the impression that my site is IMPOSSIBLE to bring down. After more than a year of DoS attacks and 400+GB/monthly transfer (and 50+ of CPU utilization) now they finally gave up and I'm back to the normal 15-20GB of monthly transfer!

              Best regards.
              R.L.

              Comment


              • #67
                IIRC, you can't make an Apache request by spoofing an IP address. Only a SYN flood attack.
                Raz - KMC Forums

                Comment


                • #68
                  Originally posted by Raz Meister
                  IIRC, you can't make an Apache request by spoofing an IP address. Only a SYN flood attack.
                  Hmm, not sure about this. I guess once you can spoof the IP header, you can make any request. The case with http request spoofing is that the reply will not go back to the originator (since his/her IP is not there), but it will go so someone else. At the end the damage to your/my server has been done.

                  I can assure you of this because my server is behind a Cisco PIX firewall and ALL ports all blocked (SYN/Ping included) but the 80 (http) and 22 (ssh). The flooding I suffered from for a year was http not SYN.

                  Take care.
                  R.L.

                  Comment


                  • #69
                    You might want to re-educate yourself on how the TCP/IP protocol works. SYN is not a port but part of the method to establish a TCP/IP link.

                    To send a request via HTTP, low-level wise, the two computers need to handshake. If the IP is spoofed, the handshake cannot take place.
                    Raz - KMC Forums

                    Comment


                    • #70
                      Thanks Raz for the explanation. If you do a netstat or have tcpview, you'll notice that the browser will do a SYN once it requests a page. What follows is something that I never researched .

                      Comment


                      • #71
                        Have you tried contacting ISPs? They should do something. After all, they are partially responsible for what is going in and out of their networks.

                        Comment


                        • #72
                          That would be a monumental waste of time. There are hundreds, if not thousands of ISPs. Many are in China and Korea and could care less.
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment


                          • #73
                            Have you tried the CIA? They handle international issues:

                            http://www.cia.gov/cia/contact.htm

                            Give them a call, tell them what is going on, you are sustaining over $5000 worth in damage and that the guy is in Saudi Arabia.

                            Comment


                            • #74
                              Originally posted by Steve Machol
                              That would be a monumental waste of time. There are hundreds, if not thousands of ISPs. Many are in China and Korea and could care less.
                              I agree. This is a huge problem. The ISP's are not doing what they could do to clean up their network nodes. ISP's tend to look the other way well knowing how many sick machines are on their nodes. I took a sniffer and captured a few days worth of garbage on the lines and sent it to my ISP one time. They could care less. It's just about like a data center harbouring spam house clients.

                              It appears to me that cleaning up the network nodes would show immediate benifits to the companies. But then again, how would you feel if your ISP sent you a letter letting you know that your winbox was infected with a trojan and is being monitored by them? Privacy issues are always a concern with ISP's and the liability may not be worth it.

                              Comment


                              • #75
                                Originally posted by Asendin
                                Where exactly are you using a 81.x.x.x IP ??
                                Sorry for the late response... I'm in the south of England.
                                FFAddicts: [site|forums]

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X