« Article in Wall Street Journal
The move is almost complete »

DDOS attack

My blog is under a DDOS attack at the moment. It’s back up right now, but the attack goes on.

Read more about the outfit that’s behind the DDOS attack at Zdnet’s spyware blog.

I’m looking at more DDOS proof hosting…

Update: This particular trojan is designed in such a way that it’ll most likely keep the denial of service attack up as long as there are still infected machines out there. The only way it’ll stop is if the trojan is removed or updated.

I’ve made some changes to the site that are inconveniences, both to me and visitors. But with these changes, the DDoS attack won’t make my webhost knock me offline.

This entry was posted on Tuesday, July 4th, 2006 at 3:40 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

15 Responses to “DDOS attack”

  1. gpshewan Says:
    July 4th, 2006 at 5:33 am

    Thought that was the problem when it was inaccessible yesterday

  2. Lemat Says:
    July 4th, 2006 at 8:51 am

    Ann, I’d like to help. Maybe I can figure out how to decrease your traffic.

  3. Administrator Says:
    July 4th, 2006 at 10:34 am

    Thanks for the offer of help, Lemat.
    I have a lot of information about the attack, I just don’t have the controls I need at this webhost. I’m working on some things.

  4. Lemat Says:
    July 4th, 2006 at 11:26 am

    Could you share this info? The above @ is valid.

    If I were you I would make a kind of trick:

  5. Lemat Says:
    July 4th, 2006 at 11:28 am

    if (!empty($HTTP_REFERRER) && not_in_exceptions($HTTP_REFERRER)) { header(’Location: ddos.spamhuntress.com’); die(); }

    not_in_exceptions() checks for valid referres like other blogs, search engines etc.
    ddos.spamhuntress.com points to another server/s just to lower the traffic on the main server.
    Ann, you’re doing great job here, let me help you a little, I can offer a hosting (shared) for a mirror and all my knowledge. If you need any of those - mail me.

  6. Administrator Says:
    July 4th, 2006 at 12:28 pm

    Thanks Lemat, I’ll keep this for later. Right now the situation is under control.

  7. Old useless friend Says:
    July 4th, 2006 at 3:59 pm

    Very off topic here, but my domains have been getting about 300- 1000 spam mails an hour the the last few months. Idea: Forward your honeypot (catch all) account to your gmail, yahoo and hotmail/msn account. Its about time they implement spf. And hopefully some of the “big guys” in the market will get pissed at the spammers? Anyone?

  8. Administrator Says:
    July 5th, 2006 at 4:01 am

    To Old useless friend:
    The big webmail providers are so big they won’t notice your little avalanche of mail - correct me if I’m wrong!

    What you need to do, is to turn off catch all, and reject mail to non-existent users. Not bounce, just reject.

    E-mail me if you need help. I’m available for consulting. I can even build a server for you, if you like? You know, we’re even in the same country!

  9. Old useless friend Says:
    July 5th, 2006 at 11:25 am

    @ann

    I’m mostly collecting stats, for fun, just like you. (But since the fall of BlueFrog the spammers really have taken things to another/next level.)

    And I can’t wait for the 70 million unsupported Windows 98/Me machines to become zombies in a bot network.

    And you are probably right about the big mail providers too.

    The blackhole is a good idea for people not collecting stats.

    Cant help but to wonder if email will be rendered useless in the near future.

    Interseting project: http://www.knujon.com/mission.html

    B.T.W: I’m this http://spamhuntress.com/2005/10/01/forged-from-address/ useless old friend.

    Enjoy the summer, and take a week of from spam!!! (thats an order soldier)

    Regards…
    Simon

  10. Administrator Says:
    July 5th, 2006 at 12:16 pm

    Umm, Simon,

    Blackholing breaks e-mail….

    If you’ve got a webhost with cpanel, using REJECT will do what I’m talking about. It doesn’t generate bounces when spammers mail you and are turned away. It also doesn’t generate double bounces.

    But there are lots of mailservers that lack this functionality, or it isn’t default.

    Sadly

  11. Old useless friend Says:
    July 5th, 2006 at 4:28 pm

    Oops, my bad!

    Guess I’m messing up some terminology again.
    You live as long as you learn.

    I use Psoft’s H-sphere admin panel on my web host, and the option there would be to “Discard all incoming mail” on your “catch all” account.

    Enjoy the summer.

  12. Administrator Says:
    July 6th, 2006 at 3:31 am

    OK, another option for you would be to mess with the DNS records and send the mail to another server that has the required options.

  13. Tim Says:
    July 11th, 2006 at 11:48 am

    Has anyone looked at mailwasher? I use it to bounce spam and I’m curious if it’s really effective.

  14. reg Says:
    July 13th, 2006 at 8:20 am

    To Tim:
    Don’t bounce spam, please! Look at this for why:
    http://wiki.castlecops.com/What_is_Wrong_With_Bouncing_Spam

    Spamhuntress

  15. Tim Says:
    July 13th, 2006 at 6:58 pm

    Thanks for the info. I appreciate it.

Leave a Reply