We have a new host now

Cheat · August 02, 2014, 06:32:39 PM

In case you didn't know, yesterday night the forum was hit by a major DDoS attack that crashed the server and took the host's website offline for an hour. They've basically told me they cannot tell who was behind the attack because it involved many different IP addresses and the combined requests were several gigabytes worth. They kicked the site off of their server and we now have a new one.

But since we have a new server, some stuff might still fuck up. Namely, remember that error that would pop up in the beginning (max_questions)? That is now once again possible, so I'm trying to work with this host in order to fix it before it happens.

We can also get hit by this attack again, if the jerk is so inclined. I will be looking into things I can do to guard against it, but it's very difficult to stop an attack of the magnitude we experienced.

More on this stuff as I know more.

EDIT: your avatar is now broken if you uploaded one. You need to re-upload it.

What we know:

Quote

Your site is under a major DDoS attack. We have null routed the domain to stop the traffic effecting our servers. We will have to ask you to find alternate hosting for your domain as our platform can no longer support you.

Quote

The traffic was coming from a multitude of sources, it's most likely that some form of botnet was responsible. At it's peak we were receiving ~10gb of inbound traffic to the domain. Unfortunately in extreme cases like this we do have to advise that a site cannot be hosted on our shared platform in order to ensure services remain reliable for other users.

UPDATE: Some strange shit is afoot. As most of you probably know, Crouton and I have been working on figuring out who was able to DDoS the site and knock us right out of our host. Well... It gets kind of sketchy.

I requested the UDP Traffic logs from Fatcow to see what the fuck was going on, and was transferred to several people before they basically said they didn't keep track of them. Read below (unedited):

Quote

Hello,

Thank you for contacting support.

I have escalated your issue to our Technical Specialist to provide UDP traffic logs for your host . You should be hearing from them within 12-24 hours.

If you have any questions in the meantime, please let us know and be sure to refer to the link http://www.fatcow.com/member/sconsole for the quickest service.

Sincerely,

Shravya U
Customer Support

Quote

Hello,

I will be handing this ticket over to one of our System Administrators to check if we can provide UDP traffic logs . We cannot assure that we can provide the logs. We will update the ticket regarding this soon. You should be hearing from them within 12-24 hours. If you have any questions in the meantime, please let us know and be sure to refer to the link http://www.fatcow.com/member/sconsole for the quickest service.

Sincerely,

Prithviraj K
Technical Specialist

Quote

Hello,

Im sorry to inform you that, unfortunately we are not logging UDP traffic for customer site.

For any further assistance in need, please update Support Console.

Sincerely,

Kalandar M
Technical Specialist

If that's not strange enough, I did a little searching for reviews on the hosting service and came across this:

Quote

We are a Internet Radio station that was running on a dedicated server at another hosting company. We moved to FATCOW to save money thinking we would get the same or better service. After only 2 days on their servers, they shut off our account and website without ANY warning. They claimed we caused a DDOS attack and thus they suspended our account. They would not allow us to talk with Tier 3 support or explain what happened.

They simply told us to go away. We moved our site to a better know hosting/registrar.

I am a Cisco Engineer with over 25 years in this business. I have never been treated in this manner.

STAY AWAY FROM FATCOW!!!

It's pretty much word for word what happened to us, save for the dedicated server. So... I'm not so sure what happened anymore. It's true that when we switched hosts, someone was trying to bring the site down (and mostly failing, since it only slowed everything down), but it definitely wasn't of the same caliber as the first attack.

Very fucking strange.

BaconShelf · August 02, 2014, 06:49:26 PM

They just kicked you off? Seriously?

Sprungli · August 02, 2014, 06:49:41 PM

I seriously wonder whose attention we grabbed to warrant something so major

And can you tell me if my avatar is working?

Sprungli · August 02, 2014, 06:50:19 PM

Quote from: BaconShelf on August 02, 2014, 06:49:26 PM

They just kicked you off? Seriously?

DDoS attacks hurt the host, I suppose they kicked us to protect themselves

Auspicious Rose · August 02, 2014, 06:52:24 PM

They kicked up because we were hit by a DDoS attack that wasn't even our fault?

Hawk · August 02, 2014, 06:57:05 PM

Quote from: Spr?ngli on August 02, 2014, 06:49:41 PM

I seriously wonder whose attention we grabbed to warrant something so major

And can you tell me if my avatar is working?

Yours is working.

..Is mine working?

Cheat · August 02, 2014, 06:57:19 PM

Quote from: Sentra on August 02, 2014, 06:52:24 PM

They kicked up because we were hit by a DDoS attack that wasn't even our fault?

I know. The host's name was Fatcow if you want to show them your appreciation.

Juuzou · August 02, 2014, 06:58:11 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

TB · August 02, 2014, 07:01:50 PM

YouTube

Magos Domina · August 02, 2014, 07:03:05 PM

Quote from: Lady Noelle on August 02, 2014, 06:58:11 PM

Who the fuck would waste their time with a DDoS attack on a small forum like this? What the actual fuck?

Either someone who has nothing better to do with their time or someone who has a stick up their ass.

TB · August 02, 2014, 07:03:31 PM

Quote from: Kiyo on August 02, 2014, 07:03:05 PM

Quote from: Lady Noelle on August 02, 2014, 06:58:11 PM
Who the fuck would waste their time with a DDoS attack on a small forum like this? What the actual fuck?
Either someone who has nothing better to do with their time or someone who has a stick up their ass.

Probably a little bit of both.

Sprungli · August 02, 2014, 07:04:22 PM

Quote from: Hawk on August 02, 2014, 06:57:05 PM

Quote from: Spr?ngli on August 02, 2014, 06:49:41 PM
I seriously wonder whose attention we grabbed to warrant something so major

And can you tell me if my avatar is working?

Yours is working.

..Is mine working?

Yep, blue hair

cxfhvxgkcf-56:7 · August 02, 2014, 07:04:51 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Sprungli · August 02, 2014, 07:07:31 PM

If anyone wants to share their opinions on the host 's decision, here is their e-mail;
oath@fatcow.com

Juuzou · August 02, 2014, 07:08:37 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Sprungli · August 02, 2014, 07:08:40 PM

Quote from: SoporificSlash on August 02, 2014, 07:04:51 PM

The worst part is how easy it is to do a DDoS attack these days. You literally don't need to know anything, any old sap can just go download a program made by someone who knew what they were doing and initiate a DDoS attack.

It's looking more likely that someone small-time, sad and butthurt (ie. Comms Officer) did it

Sprungli · August 02, 2014, 07:09:48 PM

Quote from: Lady Noelle on August 02, 2014, 07:08:37 PM

Quote from: SoporificSlash on August 02, 2014, 07:04:51 PM
The worst part is how easy it is to do a DDoS attack these days. You literally don't need to know anything, any old sap can just go download a program made by someone who knew what they were doing and initiate a DDoS attack.
I highly doubt that just anyone can do it. I cannot even figure out how to fix my router to make Steam work. I am pretty incompetent when it comes to computer stuff, so I think people who can do stuff like this are magical, even if they are retarded.

It's actually very easy, as a man I find that shouting and hitting technology works most of the time, only reason I can still use my 369

cxfhvxgkcf-56:7 · August 02, 2014, 07:12:56 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Septy · August 02, 2014, 07:14:11 PM

Isn't DDOSing illegal? Why didn't they give you the IPs so we can report them?

Juuzou · August 02, 2014, 07:16:05 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Cheat · August 02, 2014, 07:22:03 PM

I'll request a list from the old host. Maybe they'll give it to me.

cxfhvxgkcf-56:7 · August 02, 2014, 07:24:23 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Kinder Graham · August 02, 2014, 07:34:53 PM

My guess is that it was CommsOfficer. He managed to get around the IP bans on the other offsite and the amount of time he put into photoshopping comments and impersonating me suggests it was him

If you ever find out it was him, please, please, PLEASE contact the police or at least scare him shitless by saying that you will and will pursue charges against him

Sprungli · August 02, 2014, 07:37:17 PM

Quote from: SoporificSlash on August 02, 2014, 07:24:23 PM

To clarify yes DDoS attacks are illegal. They are also extremely hard to track.
A DDoS attack is flooding a website with hundreds or thousands of bots creating useless traffic to effectively shut down the server. That means you have hundreds or thousands of IP addresses all at once. So knowing which IP is the source IP is nearly impossible.

Quote

nearly

So there is a way, we find the IP, there are enough of us that are skilled in the area, and we report them for sweet revenge

General Trollius · August 02, 2014, 07:39:32 PM

Quote from: IchEsseKinder on August 02, 2014, 07:34:53 PM

My guess is that it was CommsOfficer. He managed to get around the IP bans on the other offsite and the amount of time he put into photoshopping comments and impersonating me suggests it was him

If you ever find out it was him, please, please, PLEASE contact the police or at least scare him shitless by saying that you will and will pursue charges against him

Police won't bother with DDoS, FBI is the one to handle these cases but they also won't care.

Who would care?

A lawyer

cxfhvxgkcf-56:7 · August 02, 2014, 07:42:06 PM

This user has been blacklisted from posting on the forums. Until the blacklist is lifted, all posts made by this user have been hidden and require a Sep7agon^® SecondClass Premium Membership to view.

Kinder Graham · August 02, 2014, 07:52:22 PM

Quote from: Lady Noelle on August 02, 2014, 07:16:05 PM

Does their ISP not have records of the traffic coming from that individual? Even if they do not have programs in place to stop it and nobody is at work at the time, surely they would have records of it once they got back to work the next day or something. I thought that shit was illegal as well.

It's far more complicated than that. People download programs, like Tor, and utilize other functions such as multiple proxies and IP addresses. It's why finding people who commit DoS attacks makes it nearly impossible. It's kinda like a criminal moving around constantly to different safehouses and using lots of false identities to hide

Sprungli · August 02, 2014, 07:56:40 PM

Quote from: IchEsseKinder on August 02, 2014, 07:52:22 PM

Quote from: Lady Noelle on August 02, 2014, 07:16:05 PM
Does their ISP not have records of the traffic coming from that individual? Even if they do not have programs in place to stop it and nobody is at work at the time, surely they would have records of it once they got back to work the next day or something. I thought that shit was illegal as well.
It's far more complicated than that. People download programs, like Tor, and utilize other functions such as multiple proxies and IP addresses. It's why finding people who commit DoS attacks makes it nearly impossible. It's kinda like a criminal moving around constantly to different safehouses and using lots of false identities to hide

Comms had a Tor IP

Sprungli · August 02, 2014, 07:57:33 PM

Quote from: IchEsseKinder on August 02, 2014, 07:52:22 PM

Quote from: Lady Noelle on August 02, 2014, 07:16:05 PM
Does their ISP not have records of the traffic coming from that individual? Even if they do not have programs in place to stop it and nobody is at work at the time, surely they would have records of it once they got back to work the next day or something. I thought that shit was illegal as well.
It's far more complicated than that. People download programs, like Tor, and utilize other functions such as multiple proxies and IP addresses. It's why finding people who commit DoS attacks makes it nearly impossible. It's kinda like a criminal moving around constantly to different safehouses and using lots of false identities to hide

Okay, but as Comms is our No1 suspect right now, if Cheat gets the list can't we just see if his IP matches any of them?

Cheat · August 02, 2014, 08:01:01 PM

Quote from: Spr?ngli on August 02, 2014, 07:57:33 PM

Quote from: IchEsseKinder on August 02, 2014, 07:52:22 PM
Quote from: Lady Noelle on August 02, 2014, 07:16:05 PM
Does their ISP not have records of the traffic coming from that individual? Even if they do not have programs in place to stop it and nobody is at work at the time, surely they would have records of it once they got back to work the next day or something. I thought that shit was illegal as well.
It's far more complicated than that. People download programs, like Tor, and utilize other functions such as multiple proxies and IP addresses. It's why finding people who commit DoS attacks makes it nearly impossible. It's kinda like a criminal moving around constantly to different safehouses and using lots of false identities to hide

Okay, but as Comms is our No1 suspect right now, if Cheat gets the list can't we just see if his IP matches any of them?

I can compare the list of IPs (assuming I get them) to any that have logged in here, but that's all I can really do to see if it was him.