• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Neowin DDoS again

Recommended Posts

Steven P.    16,408

Hi Guys, well members aware of previous attacks on Neowin will know why we were down for approx 18 hours. We have just come back and because of the style of the attacks against us there is no guarantee we will stay up for any pro-longed period. Our host, IPS can do little against these attacks that work like this:

tcp-routing.gif

It would seem he has 1000's of zombies (or infected PC's) that send genuine requests to common ports (21 and 80) making an investigation very difficult and blocking even more difficult. Well these requests flood the server and the network we are on forcing rackshack.net to pull our box from the network and effectively closing down any routing to us.

I can't begin to tell you how this is working on our staff and members and of course our host and sponsor who have the burden of sorting out this mess. I would just ask that members do not put Neowin in a position that gets us into any more trouble such as retaliation attacks. Just ignore it because the attackers already get way more attention than they deserve. Thanks for sticking by us, without our members it wouldn't be worth it :)

Share this post


Link to post
Share on other sites
Batfink    37

Good to see Neowin back. Thanks for keeping us informed Neobond

Share this post


Link to post
Share on other sites
CherTon    0

I thought i had click the wrong link yesterday.

It good to see neowin when I click the link again.

Share this post


Link to post
Share on other sites
-=SD=-    0

Well that sucks neowin keeps getting hit, hopefully a new pokemon game will come out and that kid will forgot about attacking for awhile.

thx for the info on what went down.

Share this post


Link to post
Share on other sites
fdiaz2day    0

I am not really sure but, a buddy of mine had this to say after i showed him that graphic above...

fdiaz2day@*******.net | Running DSL says:

i will tell you in a bit...but, now look at this...

fdiaz2day@*******.net | Running DSL says:

http://grc.com/dos/tcp-routing.gif

fdiaz2day@*******.net | Running DSL says:

neowin was under that type of attack

James says:

ahh-- if they had Data center cluster type b enabled it would have went down but-- the site would have stayed up

James says:

or if they also had a virtual server as a backup

James says:

it would have helped

domain *'d to protect myself from spam...

Note: This is NOT James from ieXbeta :p

Share this post


Link to post
Share on other sites
kairon    0

What a brat this kid is. Whatever you do neobond, do not give up on the site, you'd just be letting a little 12 year old enjoy his power-trip further. Just be glad your site is so successful that your making lots of people jealous ;)

Share this post


Link to post
Share on other sites
flakingbiscuit    0

thanks for the update neobond, hopefully the little kid will realize what's good for him and stop doin it. keep up the good work you admins :) :)

Share this post


Link to post
Share on other sites
mallow    0

Thanks for all the hard work for the members! Think of the members!, lol ;)

Share this post


Link to post
Share on other sites
Jason the Eighty Eighth    0
keep up the good work you admins :) :)

:yes:

Share this post


Link to post
Share on other sites
Steven    80

Neobond, what version of apache is the site currently running?

/me is just curious :)

Share this post


Link to post
Share on other sites
Steven P.    16,408
Neobond, what version of apache is the site currently running?

/me is just curious :)

Apache/1.3.27 Server at www.neowin.net Port 80

Share this post


Link to post
Share on other sites
Steven    80
Neobond, what version  of apache is the site currently running?

/me is just curious :)

Apache/1.3.27 Server at www.neowin.net Port 80

I was just wondering if you were using one of the new 2.0.4x series, they've been riddled with DoS Holes in the last 2 months as you've probably noticed from all the news postings :D.

Share this post


Link to post
Share on other sites
aem4162    0

Thanks Neobond!!! You guys are completely swell. (Y)

How do any of us know if we have the zombies? I've done virus scans and nothing comes up.

Share this post


Link to post
Share on other sites
ramesees    348

Glad to see Neowin is back, I can't believe it was 18 hours!!

I hope that the admins and the staff at IPS and those at rackshack find a solution to this horrible problem soon, and that kid gets what he deserves (like a swift kick up the ass for a start!!)

Share this post


Link to post
Share on other sites
CaKeY    0
Thanks Neobond!!! You guys are completely swell. (Y)

How do any of us know if we have the zombies? I've done virus scans and nothing comes up.

Could I be a zombie? Is there anything we users can do to help?

Share this post


Link to post
Share on other sites
Tim Dorr    0

I think we need mod_dos installed on apache (though, it wouldn't stop the router saturation).

There really isn't much we can do on the technical side. Just have to wait for the FBI/lawyers to work it all out...

Share this post


Link to post
Share on other sites
vip    17

Glad to see everything is up and running again, thanks NeoBond ... for keeping everyone caughtup on what's going on..

Share this post


Link to post
Share on other sites
Steven P.    16,408
Thanks Neobond!!!? You guys are completely swell.(Y))

How do any of us know if we have the zombies?? I've done virus scans and nothing comes up.

Could I be a zombie? Is theranythingb> we users can do to help?

An up to date Anti-Virus scanner and Firewall will be enough in most cases. For example, I run Norton AntiVirus 2003 and check updates at least once a week, and the firewall I use is called Outpost and its a free one too, it simply is the best. you can get the free version here. There are also free virus scanners but go for the main stream ones like Norton and McAfee. Sophos is also good, well there are many members here who can advise on tha:):)

To learn about how your PC could be violated and to use the online tests look here: http://grc.com/dos/grcdos.htm (thanks Lindy;);)

Share this post


Link to post
Share on other sites
fdiaz2day    0
To learn about how your PC could be violated and to use the online tests look here: http://grc.com/dos/grcdos.htm (thanks Lindy) ;)

Lots of useful info there...thanks. :)

Share this post


Link to post
Share on other sites
bayrider    1

www.pcpitstop.com

they got a free virus scanner i think its by mcaffee or whatever, anyways, lots of good info on that site to protect yourself amongst other things

Share this post


Link to post
Share on other sites
ahfunaki    0

Just glad to see the site back up...

Share this post


Link to post
Share on other sites
yzero    0

you have to remember banning someone for something like spam or racism.. might just be the wrong guy to ban and he'll attack back.. buncha losers with no lives

Share this post


Link to post
Share on other sites
Premgenius    28

Thankz...for that i dont know what i'd do with out Neowin... and dam you attackers

Share this post


Link to post
Share on other sites
DrunkenMaster    0
Just have to wait for the FBI/lawyers to work it all out...

That's more like it...

Even if its a 12 yr old, if fines are in place, the parents will prob have to pay. I'd like to see people doing this fined and if old enough to go to jail. They're slowing down other Internet traffic at the same time and we will all have to pay higher access fees in the end because of this.

Share this post


Link to post
Share on other sites
lawtai    3

Thanks for working on the problems, and getting this site back up!

Share this post


Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.