Attempted DDoS!

[nsane]

Yeah, late last night I was working on one of our internal projects and noticed the server was running REALLY slow (on both speed and execution times). So I opened up our logs and saw we were clearing over 2,000 proxy requests a minute, all for the same file, and all coming from the same IPs which changed every 20 minutes or so. They've been at it for about 3-4 days now and ate through SEVERAL gigs of bandwidth.

So to prevent these cock smokers from completely crippling our server, and without having to bitch at Anakata to firewall them, I've implemented a session control system for proxy downloads. Basically, once you download a file the proxy creates a pseudo MySQL session and prevents you from downloading it again for another 45 minutes. Effectively limiting the zombies to 1 request per IP bounce and keeping our server running smoothly.

Now if your download fails the proxy deletes the session. Which means you're not going to get blocked if your connection times out or something. It's also setup on a file-by-file basis, so you can still download other stuff -- just not the same file. Basically, don't worry about that kinda crap, I know what I'm doing here...

Now happy downloading to everyone, and fuck you to the clowns that tried to attack us! :)

[dMog]

was it the same dumb bastages you had trouble with a while back :)

[nsane]

who knows, /me has lots of enemies under this name...

KLT idiots

eXlite thieves

LesRes and co. (also thieves and scammers)

and a TON of other people i know i've bitched out, but can't remember ;)

...could be anyone :)

[Warezist]

Glad you're able to sort it out. :)

...Over at FileMP3 there was trouble and they just banned all Israeli I.P.'s.

Edit:- Due to the I.P.'s being Israeli to begin with. ...Not because FileMP3 are anti-semitic.

[Guest Gir400]

What country were the attacks coming from?

BTW: The mIRC keygen still doesn't work.

[x0o]

Gj :) Can highly recommend mod_evasive for linux servers to filter out other kinds of ddos attacks.

[dMog]

good thing they are all computer guys and not gang bangers...tor then you would be in real trouble :)

[1+1=FG]

Now happy downloading to everyone, and fuck you to the clowns that tried to attack us! :)

[maniac2003]

I hope that your solution keeps those bastards away.

[erRor67]

who knows, /me has lots of enemies under this name...

KLT idiots

eXlite thieves

LesRes and co. (also thieves and scammers)

and a TON of other people i know i've bitched out, but can't remember :P

...could be anyone :)

Ah yeah, I remember LesRes.. ;)

What ever happened to that guy?

Probably out scammer others...

[Lee]

Good job nsane. Innovative defensives too. :)

[nsane]

What country were the attacks coming from?

france, japan, thailand, brazil...pretty much everywhere :\

Gj :P Can highly recommend mod_evasive for linux servers to filter out other kinds of ddos attacks.

thanks, just installed it and it's already catching quite a few things that went unnoticed :P

although, looking more closely at the logs, the zombies seem to be requesting the files about 30-45 seconds. doesn't sound bad i know, but multiply that out by hundreds of zombies and it's a LOT of fuckin requests. but, to the point, since the module checks for multiple requests PER SECOND it'd be pretty useless against the current attack :\

Ah yeah, I remember LesRes.. ;)

What ever happened to that guy?

Probably out scammer others...

honestly dunno, i just started ignoring him and he just kinda disappeared. some of his scam sites are still up tho, and he's a good DDoS candidate with all that server space to use :)

[Trev0r269]

Only jerks and the govt would want to attack t3h nsane.

props on the defensive techniques.

[bizzyb0t]

Out of curiosity... which file was the target?

I think the fact you're getting attacked is sort of a testament to your awesomeness. At least you're worthy of an attack :)

I'm glad you stopped it though. Anyone who needs

to download a file more than once every 45 mins, is being a bit excessive.

Again, thanks for such an great job with this site.

[nsane]

NOD32 FiX and AdAware Pro...

and i guess you're right, i probably should take it as a compliment :)

[hairbautt]

Basically, don't worry about that kinda crap, I know what I'm doing here...

:) Glad to see the site pulled thru, it is an awesome resource kinda like what bizzyb0t said. ;)

:P Whatta prick, too (the d/l leecher).

[kazaaman]

Yea, I'm glad that everything is fine and to those leechers/fags. pwned!

[bizzyb0t]

NOD32 FiX and AdAware Pro...

and i guess you're right, i probably should take it as a compliment :)

I think that's kinda the downfall of being good at what you do, it brings out the haters. :P

I can see why they'd attack the NOD32 FiX. It's excellent. As a matter of fact, I'm almost certain, there's not other program out there that can do what the FiX can. No other "fix" for NOD32 I've ever seen, and I do a lot of browsing/downloading, etc.

As for the Ad-Adaware Pro, I don't know why they'd attack that as that's more common. I'm wondering if it was an intentional attack, or just some biters trying to steal your bandwidth.

More people need to install AV and FW software so that DDoS attacks won't be an issue. I bet those Zombies were McAfee or Norton users ;)

[Lammster]

damn script kiddies

[Nemesis]

a small speed bump in the grande scheme of things.

we have fought through so much and i dont think these fuckers are gunna stop us.

[Bolt_Gundam510]

i was kind of wondering why the server was running slow there for a while. i thought Nsane and Lite was doing something and it took up alot of memory or something. but i see they was just zombies attacking us. reminds me of that one movie where zombies was attacking this castle to get a very powerful spell book i think it's called attack of the dawn or the undead not for sure been long time since i seen it though. ;)

[Lee]

a small speed bump in the grande scheme of things.

we have fought through so much and i dont think these fuckers are gunna stop us.

As long as nsane lives. ;)

[Q Can Fix IT]

good work nsane, I'd go insane if your site was ever down again

[WaveRider]

Damn, it's an opinon or a fact? Which for the past few months this attacks are up.