Punishment DDOS attacks on online server

Member for

10 months 3 weeks
Submitted by AlReaud on Sat, 12/24/2011 - 08:16

NOTE: Updated 11/15/2016

Attacks have ceased pretty much on the testing server, but I must have pissed somebody off last night. WOOT!

DDOS attacks started in the late evening, starting probably around 21:00 through at least probably midnight. Can't actually tell because I can't access the httpd logs. The positive note is this lead to me asking GoDaddy where the httpd logs are, something I wasn't aware of (in FTP Manager). Bluehost allow access to the server logs, but Yahoo did not when I used them. It's a virtual machine so the logs don't compromise any hosting provider confidential data...

The offending IP addresses were:

  • 91.121.170.124 - FR, I know the bot-net there, and they have been getting inverse “Pavlovian Dog” training. I am almost willing to bet the control node resides in this general IP area, for at least one worldwide bot-net. Some of the addresses they control are:
  • 77.68.38.175 - UK
  • 121.254.168.13 -  KR
  • 202.43.99.159 - JP

The attack vector is overloading the CMS requesting non-existent tiny_mce. Script-kiddie shit, LOL.

I'm beginning to think I need my own bot-net, based on the idea of the Seawolf class submarines…wink

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol type start> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <u> <s> <sup> <sub> <hr>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Image CAPTCHA
Enter the characters shown in the image.