Jump to content

  •  

  • iBotModz CBox


    Photo

    July 14, 2010 Update


    • This topic is locked This topic is locked
    7 replies to this topic

    #1 iBotPeaches

    iBotPeaches

      General Grade 6

    • Owner

    • 6,570 posts
    • Joined: 29-July 07
    • Gender:Male
    • Location:Kansas

    Posted 14 July 2010 - 09:14 PM

    As of now and over the past 2 days we've been under a DDoS attack. My bet is that it is the same person as last time. After I called no-ip (DNS service for botnets) I got his first account suspended, but its been about a month and he could re-spread in that time. It seems his army now is just re-loading the logo image trying to "bandwidth rape" us.


    I've been writing a great deal of htaccess rules in order to prevent this. So far my rules have not only affected the bots, but also the legitimate users. I will continue to master this script to block all loads with maybe a 404 error to prevent resource consumption.

    The attacks have had random IPs and 1 IP that visited the site far too much. I am hoping that IP was the attacker trying out his idea, before he plugged it into his booter.

    #2 Rogue Modder

    Rogue Modder

      Class of 2008

    • VIP

    • 1,328 posts
    • Joined: 02-January 09
    • Gender:Male
    • Location:London, UK

    Posted 14 July 2010 - 09:17 PM

    Some kids really are so sad.

    #3 iBotPeaches

    iBotPeaches

      General Grade 6

    • Owner

    • 6,570 posts
    • Joined: 29-July 07
    • Gender:Male
    • Location:Kansas

    Posted 14 July 2010 - 09:22 PM

    Update:

    Posted Image

    Fixed it. All of his bots now return a pathetic 380 byte 403 error page, instead of returning the large image per request. I took my bandwidth limit and converted it to bytes, and then divided by 380 bytes and got 254,307,274. So thats about 250 million requests he will have to do before we hit our limit. That attack idea was just squashed.

    #4 jmdalmighty

    jmdalmighty

      Admin

    • VIP

    • 1,242 posts
    • Joined: 15-May 08
    • Gender:Female
    • Location:UK/ UR MUMS HOUSE (BURN)

    Posted 14 July 2010 - 09:28 PM

    Wow that kid needs to get a life! I hope he gets caught and his parents take away all technology away from him

    #5 XSChris

    XSChris

      Apprentice Grade 1

    • Members+

    • 6 posts
    • Joined: 21-June 10
    • Gender:Male
    • Location:Silicon Valley, California

    Posted 14 July 2010 - 09:50 PM

    Yes Peaches, Those addresses do in fact look similar to the prior botnet attack. I'll try to find logs from the old system of addresses banned so we can push shaw on disabling his internet. He had his first strike now I believe they'll revoke his internet permanently.

    jmdalmighty- He has been caught, his ISP has served a formal abuse notice and only has 1 or 2 strikes left before he cannot buy internet again in Canada. This is why you don't run a botnet and let your residential ISP ip address be leaked out.

    Edit: Just pumping 100req/sec + :|

    Edited by XSChris, 15 July 2010 - 01:35 AM.


    #6 jmdalmighty

    jmdalmighty

      Admin

    • VIP

    • 1,242 posts
    • Joined: 15-May 08
    • Gender:Female
    • Location:UK/ UR MUMS HOUSE (BURN)

    Posted 14 July 2010 - 10:08 PM

    Lol someones in trouble

    edit
    btw peaches you might wanna remove that pic the ip's can be easly read

    Edited by jmdalmighty, 14 July 2010 - 10:10 PM.


    #7 gruntmods

    gruntmods

      Commander Grade 2

    • Donors+

    • 1,889 posts
    • Joined: 26-November 08
    • Gender:Male
    • Location:Unknown World

    Posted 15 July 2010 - 05:51 AM

    Lol someones in trouble

    edit
    btw peaches you might wanna remove that pic the ip's can be easly read

    its a botnet......

    #8 slasherking823

    slasherking823

      Corporal Grade 1

    • Members+

    • 152 posts
    • Joined: 27-May 09

    Posted 23 July 2010 - 01:13 PM

    yes