17 replies to this topic

[MikeDVB]

Discuss the issue reported in http://forums.mddhos...p?showtopic=120 in this thread.

I've moved this thread outside of the Client Only area so that those of you who have not previously registered on the forum as clients can discuss this.

[Robin]

Discuss the issue reported in http://forums.mddhos...p?showtopic=120 in this thread.

I've moved this thread outside of the Client Only area so that those of you who have not previously registered on the forum as clients can discuss this.

You got pissed off competition or something, Mike?

I hope you're able to press charges or something. In any case I havn't noticed much of a slowdown. But thanks for the timely heads up!

Robin

[sremick]

Boy, nice timing. The day after I switch over! Haha.

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.

[MikeDVB]

There was approximately 10 minutes of downtime/sluggishness while we worked to isolate and block the attack. I can at this point confirm that this attacker is the same one that brought A Small Orange down but I can't really give any more detail beyond that at this point in time. If you have any questions feel free to ask them here or to open a ticket in our support desk.

[sremick]

Did you sleep at all last night? Geez, man...

Sorry I kept you up late.

[MikeDVB]

Did you sleep at all last night? Geez, man...

Sorry I kept you up late.

You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients

At any rate, let's try to keep this on-topic concerning the attack.

[RichardN]

well signed up yesterday and was uploading all night and noticed no real slow downs, although i did loose FTP for a few mins but TBH i think that was more down to me

Awsome ship you run here mike, glad to be aboard

[Blind Bandit]

You didn't - I have a reputation of "never sleeping" because I'm generally available almost all hours of the day and night. I do sleep and others handle tickets but while I am awake I always try to do as many tickets as I can as I absolutely love what I do and I love the interaction with our clients

At any rate, let's try to keep this on-topic concerning the attack.

Just wanted to give a good luck and best wishes.

Its freaking pathetic that people feel the need to do this.

Its good to hear soft layer is helping you out.

[MikeDVB]

Just wanted to give a good luck and best wishes.

So far so good.

Its freaking pathetic that people feel the need to do this.

I agree - the individual tried to extort around $7,000 from A Small Orange. I have contacted several other providers and they have received threats from the individual behind this attack just as ASO did and we have as well. We're working with the FBI to add what we can to the case file that ASO started with them.

Its good to hear soft layer is helping you out.

SoftLayer is amazing and this is just one of the many reasons that we are very proud to say that we have SoftLayer powering our hardware and network.

[Robin]

Hey Mike!

If the feds catch this guy you're going to let us know as soon as you know right? After that let the Wrath of the Webhosters rain down on his ****** and post the pictures here .

[MikeDVB]

Hey Mike!

If the feds catch this guy you're going to let us know as soon as you know right? After that let the Wrath of the Webhosters rain down on his ****** and post the pictures here .

I can't really post any details but the chances of the FBI ever getting their hands on this individual I would say is slim. I guess we can all just hope that they make a trip to the United States and forget that they're flagged by the FBI for cyber-crime.

[Sharon]

Boy, nice timing. The day after I switch over! Haha.

I'm on Boreas and I've noticed no issue. In fact, it's still faster than the host I moved from, which is pretty sad.

The most amazing part is Mike still is addressing little issues of mine with lightning speed. I feel bad.

Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either. And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!

Big Thank You to Mike and Christine for a relatively smooth changeover.

[MikeDVB]

Ah, I have to totally second that. I switched over late last night. My DNS propagated about 3 this morning (Arizona time). And, my switchover was anything but easy for MDD. So far, I'm totally impressed. I had no slowup either.

We are very good at transferring accounts - even those that do not come from other cPanel servers. It did take a bit more time and effort to move your account than I had originally anticipated but we have yet in the last year and a half to have a transfer request we were not able to complete!

And, I came from a place that was down and up for days because of a DDOS attack. If this is what happens here at MDD, during an attack, I think I have found a home!!

The ability to mitigate a DDoS really has a lot to do with the infrastructure of the data center that a host is located in. This attack was quickly detected and mitigated by the TippingPoint and Cisco Guard hardware in the SoftLayer datacenter that our servers call home. While I cannot guarantee that in every case of an attack that we will be able to mitigate it this quickly and effectively I can guarantee that we will always do our absolute best to keep our servers and services online.

Big Thank You to Mike and Christine for a relatively smooth changeover.

No problem at all, it was a pleasure to work with you during the transfer

[sremick]

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are.

[MikeDVB]

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

One can only hope that he makes a visit to the United States - having a case file with the FBI will get you flagged in a hurry.

I'm wondering if this guy tried to extort money from MDDHosting...? Maybe Mike isn't allowed to say though.

It's not something that really should be discussed in a public forum.

The good news is how shielded and oblivious my forums users were. This guy is trying to DDOS my new webhost while at the same time my users are praising how much faster things are.

Yeah, there was roughly 5~10 minutes of downtime while Cisco Guard was learning the attack and working towards blocking it but after 10 minutes service was fully restored and within 20 you couldn't tell anything was happening at all. It's all very fast and very seamless.

[Sharon]

Now, THAT's what I like to hear!

[kocchi]

Yeah the FBI doesn't have jurisdiction outside of the USA I don't think. I could be wrong. But I think that's one of the reasons most of such crime is committed in these other "safe haven" countries.

Although the culprit behind a DDoS attack could be in another country (and most probably are..), the main reason they are difficult to catch is because the DDoS requests generally are coming from innocent user's computers which have been hacked/manipulated by worms/trojan/virus and are slamming the servers with requests without their knowledge of it. The culprit can be sitting behind several layers of proxies to hide themselves, and to issue a command to their "botnet" and no one will be able to find them. It's insane. It could be my next door neighbor and no one would know it.

Although catching the criminal behind it is difficult, it's great that MDDHosting was able to defend themselves so quickly.

[MikeDVB]

Our goal in contacting the FBI isn't so much to catch them (although it would be nice) but is instead to build a record of this cyber-criminal. They have attacked ASO, us, and now VectorLevel. It seems out of the three that we were the only ones that were really able to defend ourselves to the point of next to no downtime whatsoever.

I am sure there are other hosts out there that have been or are going to be targeted by this criminal and I know that ASO, VL, and ourselves have all contacted our local FBI offices concerning this criminal.

What would be good at the least is if the FBI were to get the contact information for the compromised computers from our logs of the attack and then to contact those individuals and inform them that their systems were compromised and needed scanned/fixed.