Back online! - Techwatch Support Forums: Digital & Satellite TV, FTA, Cable, Computers, Mobile Phones, Apple and General Tech Forums

brian · 27-01-09, 11:44 PM

Terribly sorry for the downtime - the server had to be rebooted earlier after it came under an excessive load, but it turned out that the site was actually being hit with a DDoS attack.

Basically, it involves someone directly trying to attack the server by flooding it with useless requests until the server conks out. Usually takes a bot network to do this, but attacks can seem random sometimes.

To try and cope with this the techs had to shut down the Techwatch IP while the traffic was filtered out until we only had normal traffic - unfortunately, took longer than expected.

Am going to speak to the people at the datacenter and see if there's a way to set up a firewall solution to minimise the chances of this happening again.

In the meantime, am keeping an eye on the server to see if anything unexpected comes up and can be dealt with as happens.

ronster · 28-01-09, 12:01 AM

Quote:

Originally Posted by brian

but it turned out that the site was actually being hit with a DDoS attack.

Thats exactley what i thought it was!

Keep up the good work Brian

Danielle · 28-01-09, 10:19 AM

Script kiddies off eh? I know that hopeless feeling when your being ddos'ed how much traffic was you getting Brian?

brian · 28-01-09, 10:19 AM

Terribly sorry about the downtime again - Techwatch was still being hit heavily by a DDoS attack but I'm hoping to keep the site up today.

Sincere apologies all - not happy either.

Yorks · 28-01-09, 10:21 AM

I'll get the tin helmet on.

nanochickin · 28-01-09, 10:24 AM

I thought VM had changed the encryption and we were flooded with cable bods again

lee-ds · 28-01-09, 10:39 AM

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the IAB's Internet Proper Use Policy. They also commonly constitute violations of the laws of individual nations.

Taken from Wikipedia for those interested what a DDoS is.

pete1873 · 28-01-09, 05:55 PM

Depending on what way they have the firewall set up and what make they should be able to do several things to stop this, these include:-

Setting the amount of concurrent from specific IP addresses, works if single or several addresses are being used but not a network of compromised machines. Also may affect legitimate traffic if lots comes from behind proxy servers.

If they are opening sessions but not completing the 3 way handshake then once again the firewall admins can reduce the time delay before clearing both half open or closed connections.

If its a good datacentre then they may have devices in front of the firewall's which respond on the http server requests to verify they are legitimate before passing the request on the actual server.

Few other things can be done but would need to know more about the attack itself.

DAVEYEFF · 28-01-09, 10:54 PM

why attack the server, what do they gain? or is it just some spotty anorak in a shed getting his kicks

Analoguesat · 28-01-09, 11:01 PM

Quote:

Originally Posted by DAVEYEFF

why attack the server, what do they gain? or is it just some spotty anorak in a shed getting his kicks

VM????

27-01-09, 11:44 PM	#1 (permalink)
brian Administrator Join Date: Apr 2006 Location: Inverness, Scotland Posts: 3,726 Thanks: 286 Thanked 1,682 Times in 584 Posts	Back online! Terribly sorry for the downtime - the server had to be rebooted earlier after it came under an excessive load, but it turned out that the site was actually being hit with a DDoS attack. Basically, it involves someone directly trying to attack the server by flooding it with useless requests until the server conks out. Usually takes a bot network to do this, but attacks can seem random sometimes. To try and cope with this the techs had to shut down the Techwatch IP while the traffic was filtered out until we only had normal traffic - unfortunately, took longer than expected. Am going to speak to the people at the datacenter and see if there's a way to set up a firewall solution to minimise the chances of this happening again. In the meantime, am keeping an eye on the server to see if anything unexpected comes up and can be dealt with as happens.

28-01-09, 10:19 AM	#3 (permalink)
Danielle Senior Member Join Date: Nov 2008 Posts: 2,016 Thanks: 137 Thanked 466 Times in 379 Posts	Re: Back online! Script kiddies off eh? I know that hopeless feeling when your being ddos'ed how much traffic was you getting Brian?

28-01-09, 10:19 AM	#4 (permalink)
brian Administrator Join Date: Apr 2006 Location: Inverness, Scotland Posts: 3,726 Thanks: 286 Thanked 1,682 Times in 584 Posts	Re: Back online! Terribly sorry about the downtime again - Techwatch was still being hit heavily by a DDoS attack but I'm hoping to keep the site up today. Sincere apologies all - not happy either.

28-01-09, 10:21 AM	#5 (permalink)
Yorks Nook in footer Join Date: May 2006 Location: S. Yorks Posts: 1,760 Thanks: 12 Thanked 129 Times in 108 Posts	Re: Back online! I'll get the tin helmet on. __________________ They're coming to take me away haha TM1500CI, 53E to 61W

28-01-09, 10:24 AM	#6 (permalink)
nanochickin Retired Mod & Sat Guru Join Date: Aug 2006 Location: Wolverhampton Posts: 3,825 Thanks: 46 Thanked 338 Times in 270 Posts	Re: Back online! I thought VM had changed the encryption and we were flooded with cable bods again __________________ Sanity is nothing more than an excuse to be boring

28-01-09, 10:39 AM	#7 (permalink)
lee-ds Cable Animal Join Date: Dec 2008 Location: The Capital Of Yorkshire Posts: 1,673 Thanks: 163 Thanked 451 Times in 350 Posts	Re: Back online! A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Denial-of-service attacks are considered violations of the IAB's Internet Proper Use Policy. They also commonly constitute violations of the laws of individual nations. Taken from Wikipedia for those interested what a DDoS is. __________________ If at first you don't succeed.......flash and flash again!

28-01-09, 05:55 PM	#8 (permalink)
pete1873 Senior Member Join Date: Jun 2008 Location: Norn Iron Posts: 200 Thanks: 4 Thanked 23 Times in 22 Posts	Re: Back online! Depending on what way they have the firewall set up and what make they should be able to do several things to stop this, these include:- Setting the amount of concurrent from specific IP addresses, works if single or several addresses are being used but not a network of compromised machines. Also may affect legitimate traffic if lots comes from behind proxy servers. If they are opening sessions but not completing the 3 way handshake then once again the firewall admins can reduce the time delay before clearing both half open or closed connections. If its a good datacentre then they may have devices in front of the firewall's which respond on the http server requests to verify they are legitimate before passing the request on the actual server. Few other things can be done but would need to know more about the attack itself.

28-01-09, 10:54 PM	#9 (permalink)
DAVEYEFF Senior Member Join Date: Oct 2007 Posts: 475 Thanks: 53 Thanked 108 Times in 74 Posts	Re: Back online! why attack the server, what do they gain? or is it just some spotty anorak in a shed getting his kicks __________________ daveyeff

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Online retailers failing to deliver	Internet News	Internet	0	24-09-08 12:40 PM
Three days left for online Xmas shopping	BGonaSTICK	The Lounge	3	22-11-06 01:11 AM
BBC to rake in funds through online ads?	BGonaSTICK	PC Hardware	0	02-11-06 03:21 PM
Cable/Satellite TV Pirated via Online Streaming	Analoguesat	Satellite News	0	31-10-06 04:37 PM
Channel 4 offers Lost and Desperate Housewives online	BGonaSTICK	Satellite News	0	08-05-06 03:49 AM