Jump to content
MDDHosting Forums

Discussion related to Boreas DDoS Attack

Michael D.

By Michael D.
in Web Hosting

 Share

Recommended Posts

Robin Newbie

Robin

Posted
Posted
Discuss the issue reported in http://forums.mddhosting.com/index.php?showtopic=120 in this thread.

 

I've moved this thread outside of the Client Only area so that those of you who have not previously registered on the forum as clients can discuss this.

 

You got pissed off competition or something, Mike? ;)

 

I hope you're able to press charges or something. In any case I havn't noticed much of a slowdown. But thanks for the timely heads up!

 

Robin

Link to comment
Share on other sites
sremick Member

sremick

Posted
Posted

Boy, nice timing. The day after I switch over! Haha.

 

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

 

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.

Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
There was approximately 10 minutes of downtime/sluggishness while we worked to isolate and block the attack. I can at this point confirm that this attacker is the same one that brought A Small Orange down but I can't really give any more detail beyond that at this point in time. If you have any questions feel free to ask them here or to open a ticket in our support desk.
Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
Did you sleep at all last night? Geez, man...

 

Sorry I kept you up late.

You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients ;)

 

At any rate, let's try to keep this on-topic concerning the attack.

Link to comment
Share on other sites
Blind Bandit Member

Blind Bandit

Posted
Posted
You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients ;)

 

At any rate, let's try to keep this on-topic concerning the attack.

 

Just wanted to give a good luck and best wishes.

 

Its freaking pathetic that people feel the need to do this.

 

Its good to hear soft layer is helping you out.

Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
Just wanted to give a good luck and best wishes.
So far so good.

 

Its freaking pathetic that people feel the need to do this.
I agree - the individual tried to extort around $7,000 from A Small Orange. I have contacted several other providers and they have received threats from the individual behind this attack just as ASO did and we have as well. We're working with the FBI to add what we can to the case file that ASO started with them.

 

Its good to hear soft layer is helping you out.
SoftLayer is amazing and this is just one of the many reasons that we are very proud to say that we have SoftLayer powering our hardware and network.
Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
Hey Mike!

 

If the feds catch this guy you're going to let us know as soon as you know right? After that let the Wrath of the Webhosters rain down on his ****** and post the pictures here ;).

I can't really post any details but the chances of the FBI ever getting their hands on this individual I would say is slim. I guess we can all just hope that they make a trip to the United States and forget that they're flagged by the FBI for cyber-crime.

Link to comment
Share on other sites
Sharon Newbie

Sharon

Posted
Posted
Boy, nice timing. The day after I switch over! Haha.

 

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

 

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.

 

Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either. And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!

 

Big Thank You to Mike and Christine for a relatively smooth changeover.

Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either.
We are very good at transferring accounts - even those that do not come from other cPanel servers. It did take a bit more time and effort to move your account than I had originally anticipated but we have yet in the last year and a half to have a transfer request we were not able to complete!

 

And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!
The ability to mitigate a DDoS really has a lot to do with the infrastructure of the data center that a host is located in. This attack was quickly detected and mitigated by the TippingPoint and Cisco Guard hardware in the SoftLayer datacenter that our servers call home. While I cannot guarantee that in every case of an attack that we will be able to mitigate it this quickly and effectively I can guarantee that we will always do our absolute best to keep our servers and services online.

 

Big Thank You to Mike and Christine for a relatively smooth changeover.
No problem at all, it was a pleasure to work with you during the transfer ;)
Link to comment
Share on other sites
sremick Member

sremick

Posted
Posted

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

 

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.

 

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are. ;)

Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted
Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.
One can only hope that he makes a visit to the United States - having a case file with the FBI will get you flagged in a hurry.

 

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.
It's not something that really should be discussed in a public forum.

 

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are. ;)
Yeah, there was roughly 5~10 minutes of downtime while Cisco Guard was learning the attack and working towards blocking it but after 10 minutes service was fully restored and within 20 you couldn't tell anything was happening at all. It's all very fast and very seamless.
Link to comment
Share on other sites
kocchi Newbie

kocchi

Posted
Posted
Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

 

Although the culprit behind a DDoS attack could be in another country (and most probably are..), the main reason they are difficult to catch is because the DDoS requests generally are coming from innocent user's computers which have been hacked/manipulated by worms/trojan/virus and are slamming the servers with requests without their knowledge of it. The culprit can be sitting behind several layers of proxies to hide themselves, and to issue a command to their "botnet" and no one will be able to find them. It's insane. It could be my next door neighbor and no one would know it.

 

Although catching the criminal behind it is difficult, it's great that MDDHosting was able to defend themselves so quickly. ;)

Link to comment
Share on other sites
Michael D. Elite Member

Michael D.

Posted
  • Author
Posted

Our goal in contacting the FBI isn't so much to catch them (although it would be nice) but is instead to build a record of this cyber-criminal. They have attacked ASO, us, and now VectorLevel. It seems out of the three that we were the only ones that were really able to defend ourselves to the point of next to no downtime whatsoever.

 

I am sure there are other hosts out there that have been or are going to be targeted by this criminal and I know that ASO, VL, and ourselves have all contacted our local FBI offices concerning this criminal.

 

What would be good at the least is if the FBI were to get the contact information for the compromised computers from our logs of the attack and then to contact those individuals and inform them that their systems were compromised and needed scanned/fixed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...