WHAT THE!!!!!

Have your say on issues related to using a DSLR camera.

Moderator: Moderators

Forum rules
Please ensure that you have a meaningful location included in your profile. Please refer to the FAQ for details of what "meaningful" is.

WHAT THE!!!!!

Postby Raskill on Mon Mar 06, 2006 1:59 pm

At 1:56 p.m. there are 76 guests on this site.....

Getting pretty popular in here..... :lol:
2x D700, 2x D2h, lenses, speedlights, studio, pelican cases, tripods, monopods, patridges, pear trees etc etc

http://www.awbphotos.com.au
User avatar
Raskill
Senior Member
 
Posts: 2161
Joined: Fri Jun 17, 2005 12:26 pm
Location: Rockley, near Bathurst, Home of Aussie Motorsport!

Postby Nnnnsic on Mon Mar 06, 2006 2:05 pm

A lot of guests browsing under the same browser or ip address and trying to make a post.

I wonder how long it takes them to realise they need to register.
Producer & Editor @ GadgetGuy.com.au
Contributor for fine magazines such as PC Authority and Popular Science.
User avatar
Nnnnsic
I'm a jazz singer... so I know what I'm doing
 
Posts: 7770
Joined: Sun Aug 08, 2004 12:29 am
Location: Cubicle No. 42... somewhere in Bondi, NSW

Postby birddog114 on Mon Mar 06, 2006 2:09 pm

Perhaps 50% of them from ASIO, 25% from FBI and the rest from AFP.
:lol: :lol: :lol: :lol:
Birddog114
VNAF, My Beloved Country and Airspace
User avatar
birddog114
Senior Member
 
Posts: 15881
Joined: Sat Aug 07, 2004 8:18 pm
Location: Belmore,Sydney

Postby birddog114 on Mon Mar 06, 2006 2:10 pm

It's gone down to 24 guests after my previously post :lol: :lol: :lol:
Birddog114
VNAF, My Beloved Country and Airspace
User avatar
birddog114
Senior Member
 
Posts: 15881
Joined: Sat Aug 07, 2004 8:18 pm
Location: Belmore,Sydney

Postby Nnnnsic on Mon Mar 06, 2006 2:12 pm

Yup. Dad and I are looking into it.

The spread of users attempting to "post a message" suggests either bots or a DDOS.
Producer & Editor @ GadgetGuy.com.au
Contributor for fine magazines such as PC Authority and Popular Science.
User avatar
Nnnnsic
I'm a jazz singer... so I know what I'm doing
 
Posts: 7770
Joined: Sun Aug 08, 2004 12:29 am
Location: Cubicle No. 42... somewhere in Bondi, NSW

Postby gstark on Mon Mar 06, 2006 2:44 pm

While a BOT would be the most likely, the spread of the IP addresses - of which I've just banned about 20 subnets - seems to suggest DDOS.

There were a couple of Comcast IPs from within the same subnet which is indicative of a bot - and one that's ignoring a robots.txt directive too (big surprise, eh?) but most were coming from Malaysia, Philipines, China, Brazil, Columbia and Indonesia. All great respecters of IP and the rights of others. :)
g.
Gary Stark
Nikon, Canon, Bronica .... stuff
The people who want English to be the official language of the United States are uncomfortable with their leaders being fluent in it - US Pres. Bartlet
User avatar
gstark
Site Admin
 
Posts: 22918
Joined: Thu Aug 05, 2004 11:41 pm
Location: Bondi, NSW

Postby gstark on Mon Mar 06, 2006 3:22 pm

Definitely a DDOS, and it's persisting.

I've stopped counting the IPs that are now banned, but it's a lot, and there's more coming.

There's a a very large subnet at 68.87 that's gone ...
g.
Gary Stark
Nikon, Canon, Bronica .... stuff
The people who want English to be the official language of the United States are uncomfortable with their leaders being fluent in it - US Pres. Bartlet
User avatar
gstark
Site Admin
 
Posts: 22918
Joined: Thu Aug 05, 2004 11:41 pm
Location: Bondi, NSW

Postby owen on Mon Mar 06, 2006 3:22 pm

I had the same thing on my site and a lot of times it's the googlebot... eg the same IP looking at different forums.
http://www.ausphotos.com - My Gallery

http://www.doesgodexist.com - a very interesting site.
User avatar
owen
Senior Member
 
Posts: 1699
Joined: Thu Jan 06, 2005 3:21 pm
Location: Nowra, NSW

Postby Glen on Mon Mar 06, 2006 3:32 pm

It worked in denying service, there was a stage mid afternoon when I couldn't log on
User avatar
Glen
Moderator
 
Posts: 11819
Joined: Sat Aug 07, 2004 3:14 pm
Location: Sydney - Neutral Bay - Nikon

Postby gstark on Mon Mar 06, 2006 3:43 pm

owen wrote:I had the same thing on my site and a lot of times it's the googlebot... eg the same IP looking at different forums.


No. We had that in November last year, and yes, they all use the same, common subnet. Which has been banned here.

This is a very wide variety of IP addresses, some of which come from a few common subnets, but most of which do not. More likely a couple of hundred - thus far - pcs infected with some sort of worm, and some lowlife getting underneath it all.
g.
Gary Stark
Nikon, Canon, Bronica .... stuff
The people who want English to be the official language of the United States are uncomfortable with their leaders being fluent in it - US Pres. Bartlet
User avatar
gstark
Site Admin
 
Posts: 22918
Joined: Thu Aug 05, 2004 11:41 pm
Location: Bondi, NSW

Postby Zeeke on Mon Mar 06, 2006 3:54 pm

another forum im a member of just got wacked with a massive DDOS attack which has essentially crashed and killed it temporarily... they now have 18000 members.. and probably 150 of them now going 'WHATS GOING ON!!'

Tim
D70 - D200/MBD200 Coming soon - Too Much Gear, Not Enough Talent

My Site: http://www.digitalstill.net
My Fishing Site: http://www.fishseq.com
User avatar
Zeeke
Senior Member
 
Posts: 1318
Joined: Wed Sep 07, 2005 8:38 pm
Location: Sunshine Coast, Qld, AU

Postby gstark on Mon Mar 06, 2006 4:20 pm

Tim,

Interesting. Would their admin care to share logs? I've just banned a couple of hundred subnets, and wile the situation appears to have quietened down for now, I'm keeping an eye on it.

I can have any new IPs banned within a couple of minutes of becoming aware of any attack, but I need to be aware in the first instance.

And a couple of hundred subnets is really just a drop in the ocean.
g.
Gary Stark
Nikon, Canon, Bronica .... stuff
The people who want English to be the official language of the United States are uncomfortable with their leaders being fluent in it - US Pres. Bartlet
User avatar
gstark
Site Admin
 
Posts: 22918
Joined: Thu Aug 05, 2004 11:41 pm
Location: Bondi, NSW

Postby Zeeke on Mon Mar 06, 2006 5:32 pm

I doubt u'd be able to get logs out of them, they really have no clue about running forums unfortunately.. the other forums im talking about is now set to maintenance mode, all the posts and members names got whiped from the forums and it refers to all posts by "Ex member" but if i can,ill contact the admin and get logs for you if i can

Tim
D70 - D200/MBD200 Coming soon - Too Much Gear, Not Enough Talent

My Site: http://www.digitalstill.net
My Fishing Site: http://www.fishseq.com
User avatar
Zeeke
Senior Member
 
Posts: 1318
Joined: Wed Sep 07, 2005 8:38 pm
Location: Sunshine Coast, Qld, AU

Postby leek on Mon Mar 06, 2006 5:48 pm

I might be wrong Gary, but does banning IPs actually help with a denial of service attack?? It'll stop them launching the phpBB application, but all the arriving packets will still be jamming up Dreamhost's infrastructure... Don't they need to be banned at the hardware level to stop the attack?
Cheers, John
Leek@Flickr | Leek@RedBubble | Leek@DeviantArt

D700; D200; Tokina 12-24; Nikkor 50mm f1.4,18-70mm,85mm f1.8, 105mm,80-400VR, SB-800s; G1227LVL; RRS BH-55; Feisol 1401
User avatar
leek
Senior Member
 
Posts: 3135
Joined: Thu Dec 23, 2004 4:46 pm
Location: Lane Cove, Sydney

Postby gstark on Mon Mar 06, 2006 6:27 pm

Tim,

Ok, thanx.

John,

The sort of ban I'm imposing should help, as I believe that it will reduce the bandwidth the're trying to occupy. They are not even getting to the point of requesting a page, as I'm banning them at the server level through .htaccess.

That also has the effect of killing any CPU resources that they may be otherwise trying to consume as well.

And I have already brought this to the attention of DH so that they can look more deeply at this as well.
g.
Gary Stark
Nikon, Canon, Bronica .... stuff
The people who want English to be the official language of the United States are uncomfortable with their leaders being fluent in it - US Pres. Bartlet
User avatar
gstark
Site Admin
 
Posts: 22918
Joined: Thu Aug 05, 2004 11:41 pm
Location: Bondi, NSW

Postby Matt. K on Mon Mar 06, 2006 7:20 pm

Cor! You guys are Geeks! Beware of Geeks bareing gifts!
(Sit Greg B! Intentional!) :shock: :shock: :shock: :shock:
Regards

Matt. K
User avatar
Matt. K
Former Outstanding Member Of The Year and KM
 
Posts: 9981
Joined: Mon Sep 06, 2004 7:12 pm
Location: North Nowra

Postby darb on Tue Mar 07, 2006 1:01 am

what would be really fun is identify a few of the offending machines, work out the vulnerability, break into one of them, suss out whos behind the wheel, and send some curry back.

ok... maybe in hollywood.
http://davidsonimagery.com/
Right place, right time, where the hecks my camera ...
User avatar
darb
Senior Member
 
Posts: 1020
Joined: Thu Sep 30, 2004 12:03 am
Location: allll ovvverr (live in perth)

Postby Nnnnsic on Tue Mar 07, 2006 1:38 am

I don't agree with using black hat hacking in really any form, honestly.
Producer & Editor @ GadgetGuy.com.au
Contributor for fine magazines such as PC Authority and Popular Science.
User avatar
Nnnnsic
I'm a jazz singer... so I know what I'm doing
 
Posts: 7770
Joined: Sun Aug 08, 2004 12:29 am
Location: Cubicle No. 42... somewhere in Bondi, NSW

Postby Mj on Tue Mar 07, 2006 8:32 am

Yep... just part of the joy that is global I.T.
Not much point in doing anything more than what Gary is already doing.
This wave will pass by, things will calm down... till the next wave.
Children should be encouraged to go play in the traffic instead of in front of the puter sending out DDOS or whatever.
User avatar
Mj
Senior Member
 
Posts: 1048
Joined: Fri Aug 20, 2004 3:37 pm
Location: Breakfast Point, Sydney {Australia}


Return to General Discussion