Jump to content


Photo

Discussion related to Boreas DDoS Attack


  • Please log in to reply
17 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 08:13 AM

Discuss the issue reported in http://forums.mddhos...p?showtopic=120 in this thread.

I've moved this thread outside of the Client Only area so that those of you who have not previously registered on the forum as clients can discuss this.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 Robin

Robin

    Newbie

  • Clients
  • Pip
  • 5 posts

Posted 15 July 2009 - 08:37 AM

Discuss the issue reported in http://forums.mddhos...p?showtopic=120 in this thread.

I've moved this thread outside of the Client Only area so that those of you who have not previously registered on the forum as clients can discuss this.


You got pissed off competition or something, Mike? ;)

I hope you're able to press charges or something. In any case I havn't noticed much of a slowdown. But thanks for the timely heads up!

Robin
  • 0

#3 sremick

sremick

    Member

  • Members
  • PipPip
  • 49 posts
  • Gender:Male
  • Location:USA
  • Interests:FreeBSD

Posted 15 July 2009 - 08:43 AM

Boy, nice timing. The day after I switch over! Haha.

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.
  • 0

#4 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 08:47 AM

There was approximately 10 minutes of downtime/sluggishness while we worked to isolate and block the attack. I can at this point confirm that this attacker is the same one that brought A Small Orange down but I can't really give any more detail beyond that at this point in time. If you have any questions feel free to ask them here or to open a ticket in our support desk.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#5 sremick

sremick

    Member

  • Members
  • PipPip
  • 49 posts
  • Gender:Male
  • Location:USA
  • Interests:FreeBSD

Posted 15 July 2009 - 08:57 AM

Did you sleep at all last night? Geez, man...

Sorry I kept you up late.
  • 0

#6 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 08:59 AM

Did you sleep at all last night? Geez, man...

Sorry I kept you up late.

You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients ;)

At any rate, let's try to keep this on-topic concerning the attack.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#7 RichardN

RichardN

    Newbie

  • Clients
  • Pip
  • 1 posts

Posted 15 July 2009 - 11:09 AM

well signed up yesterday and was uploading all night and noticed no real slow downs, although i did loose FTP for a few mins but TBH i think that was more down to me ;)

Awsome ship you run here mike, glad to be aboard :)
  • 0

#8 Blind Bandit

Blind Bandit

    Member

  • Members
  • PipPip
  • 99 posts
  • Gender:Male
  • Location:Washington State

Posted 15 July 2009 - 11:09 AM

You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients ;)

At any rate, let's try to keep this on-topic concerning the attack.


Just wanted to give a good luck and best wishes.

Its freaking pathetic that people feel the need to do this.

Its good to hear soft layer is helping you out.
  • 0

#9 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 11:21 AM

Just wanted to give a good luck and best wishes.

So far so good.

Its freaking pathetic that people feel the need to do this.

I agree - the individual tried to extort around $7,000 from A Small Orange. I have contacted several other providers and they have received threats from the individual behind this attack just as ASO did and we have as well. We're working with the FBI to add what we can to the case file that ASO started with them.

Its good to hear soft layer is helping you out.

SoftLayer is amazing and this is just one of the many reasons that we are very proud to say that we have SoftLayer powering our hardware and network.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#10 Robin

Robin

    Newbie

  • Clients
  • Pip
  • 5 posts

Posted 15 July 2009 - 11:29 AM

Hey Mike!

If the feds catch this guy you're going to let us know as soon as you know right? After that let the Wrath of the Webhosters rain down on his ****** and post the pictures here ;).
  • 0

#11 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 11:34 AM

Hey Mike!

If the feds catch this guy you're going to let us know as soon as you know right? After that let the Wrath of the Webhosters rain down on his ****** and post the pictures here ;).

I can't really post any details but the chances of the FBI ever getting their hands on this individual I would say is slim. I guess we can all just hope that they make a trip to the United States and forget that they're flagged by the FBI for cyber-crime.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#12 Sharon

Sharon

    Newbie

  • Clients
  • Pip
  • 9 posts

Posted 15 July 2009 - 11:39 AM

Boy, nice timing. The day after I switch over! Haha.

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.


Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either. And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!

Big Thank You to Mike and Christine for a relatively smooth changeover.
  • 0

#13 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 11:45 AM

Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either.

We are very good at transferring accounts - even those that do not come from other cPanel servers. It did take a bit more time and effort to move your account than I had originally anticipated but we have yet in the last year and a half to have a transfer request we were not able to complete!

And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!

The ability to mitigate a DDoS really has a lot to do with the infrastructure of the data center that a host is located in. This attack was quickly detected and mitigated by the TippingPoint and Cisco Guard hardware in the SoftLayer datacenter that our servers call home. While I cannot guarantee that in every case of an attack that we will be able to mitigate it this quickly and effectively I can guarantee that we will always do our absolute best to keep our servers and services online.

Big Thank You to Mike and Christine for a relatively smooth changeover.

No problem at all, it was a pleasure to work with you during the transfer ;)
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#14 sremick

sremick

    Member

  • Members
  • PipPip
  • 49 posts
  • Gender:Male
  • Location:USA
  • Interests:FreeBSD

Posted 15 July 2009 - 12:01 PM

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are. ;)
  • 0

#15 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 15 July 2009 - 12:23 PM

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

One can only hope that he makes a visit to the United States - having a case file with the FBI will get you flagged in a hurry.

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.

It's not something that really should be discussed in a public forum.

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are. ;)

Yeah, there was roughly 5~10 minutes of downtime while Cisco Guard was learning the attack and working towards blocking it but after 10 minutes service was fully restored and within 20 you couldn't tell anything was happening at all. It's all very fast and very seamless.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#16 Sharon

Sharon

    Newbie

  • Clients
  • Pip
  • 9 posts

Posted 15 July 2009 - 01:05 PM

Now, THAT's what I like to hear! ;)
  • 0

#17 kocchi

kocchi

    Newbie

  • Clients
  • Pip
  • 10 posts

Posted 16 July 2009 - 02:27 AM

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.


Although the culprit behind a DDoS attack could be in another country (and most probably are..), the main reason they are difficult to catch is because the DDoS requests generally are coming from innocent user's computers which have been hacked/manipulated by worms/trojan/virus and are slamming the servers with requests without their knowledge of it. The culprit can be sitting behind several layers of proxies to hide themselves, and to issue a command to their "botnet" and no one will be able to find them. It's insane. It could be my next door neighbor and no one would know it.

Although catching the criminal behind it is difficult, it's great that MDDHosting was able to defend themselves so quickly. ;)
  • 0

#18 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 16 July 2009 - 08:16 AM

Our goal in contacting the FBI isn't so much to catch them (although it would be nice) but is instead to build a record of this cyber-criminal. They have attacked ASO, us, and now VectorLevel. It seems out of the three that we were the only ones that were really able to defend ourselves to the point of next to no downtime whatsoever.

I am sure there are other hosts out there that have been or are going to be targeted by this criminal and I know that ASO, VL, and ourselves have all contacted our local FBI offices concerning this criminal.

What would be good at the least is if the FBI were to get the contact information for the compromised computers from our logs of the attack and then to contact those individuals and inform them that their systems were compromised and needed scanned/fixed.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users