Bitcoin Forum

We (https://coinut.com) were just attacked by a team called DD4BC using DDoS.

DD4BC Team <dd4bc@safe-mail.net>:
Hello,

Your site is extremely vulnerable to DDoS attacks.

I want to offer you info how to properly setup your protection, so that you can't be ddosed.

If you want info on fixing it, pay me 1 BTC to 13adm65yzzre7fLKSFZayQ8dYyxgXaVyMU


Xinxi Wang:
Thanks. Yes, I know this. It's currently a little vulnerable to DDoS attacks. But we just cannot afford the money to fix it at this moment. I will definitely contact you when we are ready.

Then they just sent millions of requests. And it's difficult for me to open the site.


Xinxi Wang:
Man, you just selected the wrong target. Maybe you should try this after a few months.

DD4BC Team:
OK, contact me within a few months and I will stop the attack. Smiley

CloudFlare will not help.

And one more thing: Price is 1 BTC today. Tomorrow it will increase to 2 BTC and will keep increasing for every day of delay.


Xinxi Wang:
Man, I am a computer science PhD student, and I don't have so much money.


DD4BC Team:
Good for you. I'm not sure how is your formal education going to help in this situation, but...good luck.


Xinxi Wang:
I also think so.


Xinxi Wang:
I am wondering how much it costs for you to send so much traffic?

DD4BC Team:
I'm using botnet which I paid 0 USD, so my cost is 0 USD. :)

Xinxi Wang:
Pretty cool.


BTW, I simply blacklisted their IP addresses. The site is now working although they are still attacking. It's a bit slower though. Anyone has good methods for this kind of attacks?

Someone is spending money to make the attack. It can't last forever.

I seem to recall that a few weeks ago a bunch of these threats were sent out. The attackers were not able to follow through with their threats in those cases either.

I also guess so. But it's a lot of fun to chat with this guy.  ;D

eligius pool also run into these ppl once, i dont know how they managed to resolve the issue btw


https://bitcointalk.org/index.php?topic=441465.3560

Finally they went away without any satoshi.

one question regarding coinut, are you able to deposit btc into international debit cards?

edit: the site is pretty slow at the moment. Why dont people host with amazon aws to avoid ddos attacks?

We do not deposit BTC into debit cards at this moment. I don't know any other sites can do that.
The attack has stopped. The site is in AWS, but the bandwidth and CPU are limited so it can still be attacked.

you can try this talk from defcon22: https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/DEF%20CON%2022%20Hacking%20Conference%20Presentation%20By%20Blake%20Self%20&%20Shawn%20(cisc0ninja)%20Burrell%20-%20Don%27t%20DDoS%20Me%20Bro%20-%20Practical%20DDoS%20Defense%20-%20Video%20and%20Slides.m4v

my advice would be to use a ddos protection service like cloudflare. make sure to restart your aws instance after you make the switch so the attackers don't have your old IP.

Cloudflare is pretty good and should be able to fend off this attacker just fine. Used it a lot when I worked in the hosting industry and large businesses/forums needed good DDOS protection, always recommended Cloudflare's.

Asking for a measly 1btc? I think that shows that these guys are amateurs. Also, if you pay it it will likely lead to more attacks from them or others thinking they can easily get money out of you.

This. After you get the 'info' and 'fix' your defenses, they would probably strike down again with a different (possibly) name and ask for more.

When you can afford it use Cloudfare, good luck.

Yes, they are amateurs. Their technical skills are quite limited. Their requests pattern is quite obvious and can be filtered easily.

So Glad that your title computer science PhD student doesn't useless instead very usefull.

Singapore graduate is the best
http://cdn.kaskus.com/images/smilies/jempol1.gif

Haha, I don't know if we are the best, but definitely we are not wasting our time here.  ;D

did you release the movie  "The Interview"   ;) ?