DSLRUsers.com

At 1:56 p.m. there are 76 guests on this site.....

Getting pretty popular in here.....

A lot of guests browsing under the same browser or ip address and trying to make a post.

I wonder how long it takes them to realise they need to register.

Perhaps 50% of them from ASIO, 25% from FBI and the rest from AFP.

It's gone down to 24 guests after my previously post

Yup. Dad and I are looking into it.

The spread of users attempting to "post a message" suggests either bots or a DDOS.

While a BOT would be the most likely, the spread of the IP addresses - of which I've just banned about 20 subnets - seems to suggest DDOS.

There were a couple of Comcast IPs from within the same subnet which is indicative of a bot - and one that's ignoring a robots.txt directive too (big surprise, eh?) but most were coming from Malaysia, Philipines, China, Brazil, Columbia and Indonesia. All great respecters of IP and the rights of others.

Definitely a DDOS, and it's persisting.

I've stopped counting the IPs that are now banned, but it's a lot, and there's more coming.

There's a a very large subnet at 68.87 that's gone ...

I had the same thing on my site and a lot of times it's the googlebot... eg the same IP looking at different forums.

It worked in denying service, there was a stage mid afternoon when I couldn't log on

owen wrote:I had the same thing on my site and a lot of times it's the googlebot... eg the same IP looking at different forums.

No. We had that in November last year, and yes, they all use the same, common subnet. Which has been banned here.

This is a very wide variety of IP addresses, some of which come from a few common subnets, but most of which do not. More likely a couple of hundred - thus far - pcs infected with some sort of worm, and some lowlife getting underneath it all.

another forum im a member of just got wacked with a massive DDOS attack which has essentially crashed and killed it temporarily... they now have 18000 members.. and probably 150 of them now going 'WHATS GOING ON!!'

Tim

Tim,

Interesting. Would their admin care to share logs? I've just banned a couple of hundred subnets, and wile the situation appears to have quietened down for now, I'm keeping an eye on it.

I can have any new IPs banned within a couple of minutes of becoming aware of any attack, but I need to be aware in the first instance.

And a couple of hundred subnets is really just a drop in the ocean.

I doubt u'd be able to get logs out of them, they really have no clue about running forums unfortunately.. the other forums im talking about is now set to maintenance mode, all the posts and members names got whiped from the forums and it refers to all posts by "Ex member" but if i can,ill contact the admin and get logs for you if i can

Tim

I might be wrong Gary, but does banning IPs actually help with a denial of service attack?? It'll stop them launching the phpBB application, but all the arriving packets will still be jamming up Dreamhost's infrastructure... Don't they need to be banned at the hardware level to stop the attack?

Tim,

Ok, thanx.

John,

The sort of ban I'm imposing should help, as I believe that it will reduce the bandwidth the're trying to occupy. They are not even getting to the point of requesting a page, as I'm banning them at the server level through .htaccess.

That also has the effect of killing any CPU resources that they may be otherwise trying to consume as well.

And I have already brought this to the attention of DH so that they can look more deeply at this as well.

Cor! You guys are Geeks! Beware of Geeks bareing gifts!
(Sit Greg B! Intentional!)

what would be really fun is identify a few of the offending machines, work out the vulnerability, break into one of them, suss out whos behind the wheel, and send some curry back.

ok... maybe in hollywood.

I don't agree with using black hat hacking in really any form, honestly.

Yep... just part of the joy that is global I.T.
Not much point in doing anything more than what Gary is already doing.
This wave will pass by, things will calm down... till the next wave.
Children should be encouraged to go play in the traffic instead of in front of the puter sending out DDOS or whatever.