Jump to content
Oh Shoot

DOS Attack

Recommended Posts

Interesting TGO finally got hit. Several of the major gun forums that I know have had DOS attacks in the last year. Maybe all of them do from time to time.

I suppose it explains most of the poor performance issues with the site since first of the year ... if you're sure that the DOS is real, and not just an excuse from webhost.

- OS

Share this post


Link to post
Share on other sites

If this is true, it is sad, i get withdrawel symptons when the site goes down. David says it started in the last few weeks, but OhShoot is talking like we have been having problems for the entire yr.

I just wonder, as to why all of a sudden there is talk of a Master-Hacker, when in many previous post's, David was always complaining about the bad service due to the new webhost.

I wonder as to what type of proof, if any there is, besides excuses maybe from the webhost?:up:

As previously stated there are a few websites that continuously seem to go down, but many wonder if it is not simply due to the owner?admin. just not knowing, "What in the hell, they are doing"!

If the was a hacker, the webhost should be smart enough and take evasive action!

Might be time to hire a Master Tech. Consultant, $500. should get that alledged problem easily solved!:D

Share this post


Link to post
Share on other sites

If in fact it is someone malicious.. which it may be.. it can be stopped. I don't know any of the details so i can't even begin to speculate. I'm trying to find out tho..

Share this post


Link to post
Share on other sites

Something's going on this morning. It's taking pages forever to load. Doesn't seem to be bandwidth related either. oh well. I guess you'll figure it out.

Edited by lowbud

Share this post


Link to post
Share on other sites
:popcorn:Sound's like you are trying to catch the alledged "Master Hacker"!:up:

You do realize that a DOS attack requires zero hacking, right?

Share this post


Link to post
Share on other sites
You do realize that a DOS attack requires zero hacking, right?

Dude, I heard the DOS attacker hacked a Gibson!

Share this post


Link to post
Share on other sites

I for one am glad I have no idea what you guys are talking about. Only thinking I know about hacking is that Angelina Jolie was in it!:up:

Share this post


Link to post
Share on other sites

i read this thread title and thought something was up with the Department of Safety. Guess I am not a big enough computer dork to catch what DOS really meant, LOL

Share this post


Link to post
Share on other sites

i used google and the last reported DDOS attacks on gun forums was in May of 2008. in the last 3 weeks, i would be looking at who has been banned and who they were friends with that got banend in the past. maybe someone finally got pissed off enough to do something like that. it (DDOS attacks) would explain the pain in the ass i have connecting at times when i can go anywhere else on the internets without fail. when did i mention the start of that problem? seems to be about 3 weeks ago if i remember correctly.

edit: i posted about my problem 2 weeks ago today. it had been going on for about a week, so that is 3.

Share this post


Link to post
Share on other sites

Guys, I've got very good records of when it started happening. We didn't just discover this last night; we've known about it for some time now. I finally decided to take the "social" route and offer a reward yesterday, that's why I made it public.

When an investigation is ongoing, the first thing you do is not run around telling everyone that something is up. :up:

Thanks for your concern though. I'm doing my best to resolve the issue behind the scenes and we may be moving to a new web host that provides better DDoS security and is willing to cooperate in hunting down those responsible. Our current host doesn't deal very often with this type of situation and hasn't been super helpful to that end.

Share this post


Link to post
Share on other sites

We log all of our traffic and when an event like this occurs, there are commands that I can use at the server's shell interface to see which IPs are involved. However, most DDoS attacks involve compromised hosts that are not owned by the person doing the attacking. Which makes it a little more difficult to track back to them.

Share this post


Link to post
Share on other sites

Tracking a DDoS through ip logging is like trying to recover your own piss after pissing in the ocean.

Share this post


Link to post
Share on other sites

If they are flooding apache you can tune things to better handle the load. If it's general crap traffic use iptables to drop it.

Share this post


Link to post
Share on other sites
Dude, I heard the DOS attacker hacked a Gibson!
I for one am glad I have no idea what you guys are talking about. Only thinking I know about hacking is that Angelina Jolie was in it!:tough:

995HAC_Renoly_Santiago_007.jpg

It's in that place where I put that thing that time.

Share this post


Link to post
Share on other sites
Tracking a DDoS through ip logging is like trying to recover your own piss after pissing in the ocean.

Yep. Logging is a waste of time and resources. Resources are better off spent on mitigation.

Share this post


Link to post
Share on other sites
If they are flooding apache you can tune things to better handle the load.

I've made adjustments to Apache but if you know some things that we ought to be doing in http.conf fire them to me via PM. I'm not going to post things publicly about the server.

Thanks.

Share this post


Link to post
Share on other sites
It is real and it's not an excuse made up by the web host. What other forums have been hit lately?

Not "lately", but defensivecarry.com had a bout with attacks just before first of the year. Pretty sure I've seen a couple of other admins discuss it but can't remember which ones...

- OS

Share this post


Link to post
Share on other sites
Tracking a DDoS through ip logging is like trying to recover your own piss after pissing in the ocean.

Do I have to pay any type of licensing fees to use that one at a later time? Hilarious.

Share this post


Link to post
Share on other sites
Yep. Logging is a waste of time and resources. Resources are better off spent on mitigation.

I don't know think thats true. You can examine tcp logs with a little script and gen a little firewall rule or simply drop an ip or ipblock in a hosts.deny file or something. I think some level of logging is a good idea...if for no other reason than a record of what took place.

I do think a centralized logserver makes alot of sense.

Bottom line, shut it off at the router or get another provider. Its probably not worth your time trying to track it down, imo. Unless its a principle thing...but you'll lose money doing it.

Edited by Mugster

Share this post


Link to post
Share on other sites
I don't know think thats true. You can examine tcp logs with a little script and gen a little firewall rule or simply drop an ip or ipblock in a hosts.deny file or something. I think some level of logging is a good idea...if for no other reason than a record of what took place.

I do think a centralized logserver makes alot of sense.

Bottom line, shut it off at the router or get another provider. Its probably not worth your time trying to track it down, imo. Unless its a principle thing...but you'll lose money doing it.

Loggin to block traffic is one thing but to track it is another. odds are people on this vary forum participate in dos attacks. Personally I wouldn't have a server on the public wire. However, sometimes funding is an issue and thus security suffers.

Typically providers will not install filters in their equipment. Most cases they will instruct you to install your own device. The problem is if the service you have is rated on bandwidth. In that case you end up paying more in usage charges (which is what they want) then it would cost to co-locate a firewall.

It really sucks. I ran IRC servers on both IRCNET and Undernet for years. You haven't seen DOS attacks untill you have dealt with that. We had a smurf attack so bad one time it took down our backbone's core router in Chicago. We had to have then NULL route our netblock for a few hours becasue the flood saturated our DS3.

Oh and by the way.. a DS3 back in early 90's was a HUGE pipe. Unlike the multi-gigabit connections of today.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


The Fine Print

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions. TGO makes no claims, guarantees or assurances regarding any such transactions.

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines