iBotPeaches Posted July 15, 2010 Report Posted July 15, 2010 As of now and over the past 2 days we've been under a DDoS attack. My bet is that it is the same person as last time. After I called no-ip (DNS service for botnets) I got his first account suspended, but its been about a month and he could re-spread in that time. It seems his army now is just re-loading the logo image trying to "bandwidth rape" us. I've been writing a great deal of htaccess rules in order to prevent this. So far my rules have not only affected the bots, but also the legitimate users. I will continue to master this script to block all loads with maybe a 404 error to prevent resource consumption. The attacks have had random IPs and 1 IP that visited the site far too much. I am hoping that IP was the attacker trying out his idea, before he plugged it into his booter.
iBotPeaches Posted July 15, 2010 Author Report Posted July 15, 2010 Update: http://i31.tinypic.com/2q2myox.png Fixed it. All of his bots now return a pathetic 380 byte 403 error page, instead of returning the large image per request. I took my bandwidth limit and converted it to bytes, and then divided by 380 bytes and got 254,307,274. So thats about 250 million requests he will have to do before we hit our limit. That attack idea was just squashed.
jmdalmighty Posted July 15, 2010 Report Posted July 15, 2010 Wow that kid needs to get a life! I hope he gets caught and his parents take away all technology away from him
XSChris Posted July 15, 2010 Report Posted July 15, 2010 (edited) Yes Peaches, Those addresses do in fact look similar to the prior botnet attack. I'll try to find logs from the old system of addresses banned so we can push shaw on disabling his internet. He had his first strike now I believe they'll revoke his internet permanently. jmdalmighty- He has been caught, his ISP has served a formal abuse notice and only has 1 or 2 strikes left before he cannot buy internet again in Canada. This is why you don't run a botnet and let your residential ISP ip address be leaked out. Edit: Just pumping 100req/sec + :| Edited July 15, 2010 by XSChris
jmdalmighty Posted July 15, 2010 Report Posted July 15, 2010 (edited) Lol someones in trouble edit btw peaches you might wanna remove that pic the ip's can be easly read Edited July 15, 2010 by jmdalmighty
gruntmods Posted July 15, 2010 Report Posted July 15, 2010 Lol someones in trouble edit btw peaches you might wanna remove that pic the ip's can be easly readits a botnet......
Recommended Posts