Bitcoin Forum
December 25, 2024, 06:00:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: DDoS  (Read 2904 times)
tss
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 03, 2015, 02:49:50 AM
 #21

Thanks for the update. Is it possible that DD4BTC is behind this attack ? Have you received any extortion message ? Lately this entity is extorting from various bitcoin sites and there is a bounty on this DDOS attacker.

Details: https://bitcointalk.org/index.php?topic=845595.0

I suspect this service is also run by DD4BTC: https://bitcointalk.org/index.php?topic=1000458.0

Should that be deleted? DDos is illegal and someone who is offering services to ddos others should be banned, in the rules it says that if something is forbidden in your country it is not allowed on the forum

no.. this forum does not moderate if something is legal or even legitimate.  the only moderation here is whether or not your post was substantial if you had a signature ad in your profile.
Bardman
Hero Member
*****
Offline Offline

Activity: 952
Merit: 516



View Profile
April 03, 2015, 06:23:11 AM
 #22

Thanks for the update. Is it possible that DD4BTC is behind this attack ? Have you received any extortion message ? Lately this entity is extorting from various bitcoin sites and there is a bounty on this DDOS attacker.

Details: https://bitcointalk.org/index.php?topic=845595.0

I suspect this service is also run by DD4BTC: https://bitcointalk.org/index.php?topic=1000458.0

Should that be deleted? DDos is illegal and someone who is offering services to ddos others should be banned, in the rules it says that if something is forbidden in your country it is not allowed on the forum

no.. this forum does not moderate if something is legal or even legitimate.  the only moderation here is whether or not your post was substantial if you had a signature ad in your profile.

Well thats just plain stupid, they say they dont have time to moderate scams but they do have time to ban for sig spam or ref link spam but when someone posts something illegal they dont care?? I really dont get it

  █
 ▐ █  
  █
 ▐ █  


▄████████████████████▄
██████▀░░░░░░░░███████
████▀░░░▄████▄░░░░████
███░░▄█▀▀░░░░▀▀██░░███
██░░░█▌░██████░░██░░██
██░░█▌░████████░▐█░░██
██░░█▌░████████░▐█░░██
██░░█▌░███████████░░██
██░░░█▌░░█████▌░▐█░▐██
███░░▀█▌░░█▀░░▄██▀░▐██
████▄░░▀██████████████
██████▄░░░░███████████
▀████████████████████


▄████████████████████▄
██████████████████████
██████████░░██████████
█████████░░░░█████████
████████░░░░░░████████
███████░░░▐▌░░░███████
██████░░░░██░░░░██████
█████░░░░████░░░░█████
████░░░░██████░░░░████
███░░░░░░░░░░░░░░░░███
██░░░░░░░░░░░░░░░░░░██
██████████████████████
▀████████████████████

.a.


░░██████████████████████████████████████░░
██████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
████████████░░░░░░░░░░░░░░░░░░░░██████████
██████████░█████████████████████░█████████
█████████░████░░░░░░░░░░░░░░░░███░████████
████████░███░█████████████████░████░██████
██████░███░░███░░░░░░░░░░░░░████░███░░████
█████░███░████░█████████████░████░████░███
███░░███░████░░██████████████░████░████░██
████░░███░░████░███████████░░████░████░███
██████░░███░░███░░████████░████░████░█████
████████░████░░███░░████░████░████░███████
█████████░░████░████░███████░████░████████
███████████░░███░░███░░████████░██████████
█████████████░████░████░█████░████████████
███████████████░████░░███░░███████████████
█████████████████░████░███████████████████
██████████████████░░███░░█████████████████
████████████████████░░████████████████████
█████████████████████░████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
░░██████████████████████████████████████


▄████████████████████▄
█████████████████▀░░██
██████████▀░███▀░░░░██
█████████▀░░██░░░░░░██
███████▀░░░░█░░░░░░░██
██████▀░░░░░▒░░░░░░░██
█████▀░░░░░░▒░░░░░░░██
████▀░░░░░░░▒░░░░░░░██
████░░░░░░░░▒░░░░░░░██
███▀░░░░░░░░▒░░░░░░░██
██▀░░░░░░░░░▒░░░░░░░██
██░░░░░░░░░░▒░░░░░░░██
▀████████████████████


▄████████████▀███████▄
████▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀█
████░░██░░░░█░░░████░█
███░░█░░░░██░░░░░░░░░█
██░░░░░░░░░░███░░░░░██
█████████░░░██░░░█████
████████░░░█░░░░██████
███████░░░░░░░░░██████
██████░░░░░░█░░███████
█████░░░░░███░░███████
████░░░░░███░░░███████
██████░░░░░░░░░███████
▀████████████████████
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1030



View Profile
April 03, 2015, 06:42:49 AM
 #23

Well thats just plain stupid, they say they dont have time to moderate scams

Would you be so kind as to find a quote about this?
dznuts85
Full Member
***
Offline Offline

Activity: 140
Merit: 100

★777Coin.com★ Fun BTC Casino!


View Profile
April 03, 2015, 06:48:54 AM
 #24

so there is a kiddie i guess trying to waste his time attacking this forum :/

i think there will be a log in which IP the attacker used in attacking, maybe blocking his IP can fix this?

Bardman
Hero Member
*****
Offline Offline

Activity: 952
Merit: 516



View Profile
April 03, 2015, 06:51:43 AM
 #25

Well thats just plain stupid, they say they dont have time to moderate scams

Would you be so kind as to find a quote about this?

Then would you mind telling me why the ddos thread is not deleted and the user banned since offering ddos services is obviously illegal

  █
 ▐ █  
  █
 ▐ █  


▄████████████████████▄
██████▀░░░░░░░░███████
████▀░░░▄████▄░░░░████
███░░▄█▀▀░░░░▀▀██░░███
██░░░█▌░██████░░██░░██
██░░█▌░████████░▐█░░██
██░░█▌░████████░▐█░░██
██░░█▌░███████████░░██
██░░░█▌░░█████▌░▐█░▐██
███░░▀█▌░░█▀░░▄██▀░▐██
████▄░░▀██████████████
██████▄░░░░███████████
▀████████████████████


▄████████████████████▄
██████████████████████
██████████░░██████████
█████████░░░░█████████
████████░░░░░░████████
███████░░░▐▌░░░███████
██████░░░░██░░░░██████
█████░░░░████░░░░█████
████░░░░██████░░░░████
███░░░░░░░░░░░░░░░░███
██░░░░░░░░░░░░░░░░░░██
██████████████████████
▀████████████████████

.a.


░░██████████████████████████████████████░░
██████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
████████████░░░░░░░░░░░░░░░░░░░░██████████
██████████░█████████████████████░█████████
█████████░████░░░░░░░░░░░░░░░░███░████████
████████░███░█████████████████░████░██████
██████░███░░███░░░░░░░░░░░░░████░███░░████
█████░███░████░█████████████░████░████░███
███░░███░████░░██████████████░████░████░██
████░░███░░████░███████████░░████░████░███
██████░░███░░███░░████████░████░████░█████
████████░████░░███░░████░████░████░███████
█████████░░████░████░███████░████░████████
███████████░░███░░███░░████████░██████████
█████████████░████░████░█████░████████████
███████████████░████░░███░░███████████████
█████████████████░████░███████████████████
██████████████████░░███░░█████████████████
████████████████████░░████████████████████
█████████████████████░████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
░░██████████████████████████████████████


▄████████████████████▄
█████████████████▀░░██
██████████▀░███▀░░░░██
█████████▀░░██░░░░░░██
███████▀░░░░█░░░░░░░██
██████▀░░░░░▒░░░░░░░██
█████▀░░░░░░▒░░░░░░░██
████▀░░░░░░░▒░░░░░░░██
████░░░░░░░░▒░░░░░░░██
███▀░░░░░░░░▒░░░░░░░██
██▀░░░░░░░░░▒░░░░░░░██
██░░░░░░░░░░▒░░░░░░░██
▀████████████████████


▄████████████▀███████▄
████▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀█
████░░██░░░░█░░░████░█
███░░█░░░░██░░░░░░░░░█
██░░░░░░░░░░███░░░░░██
█████████░░░██░░░█████
████████░░░█░░░░██████
███████░░░░░░░░░██████
██████░░░░░░█░░███████
█████░░░░░███░░███████
████░░░░░███░░░███████
██████░░░░░░░░░███████
▀████████████████████
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
April 03, 2015, 07:12:27 AM
 #26

so there is a kiddie i guess trying to waste his time attacking this forum :/

i think there will be a log in which IP the attacker used in attacking, maybe blocking his IP can fix this?

It is a DDOS attack, do you know how it works? Multiply request to the site at the site time (you cannot stop the attack with a simple block to one or two ip).
Amph
Legendary
*
Offline Offline

Activity: 3248
Merit: 1070



View Profile
April 03, 2015, 07:15:00 AM
 #27

at first i though that it was another hdd failure, i guess it's better that instead it is just a ddos attack

it possible to know if it's done by the same attacker?
dogie
Legendary
*
Offline Offline

Activity: 1666
Merit: 1185


dogiecoin.com


View Profile WWW
April 03, 2015, 10:10:03 AM
 #28

so there is a kiddie i guess trying to waste his time attacking this forum :/

i think there will be a log in which IP the attacker used in attacking, maybe blocking his IP can fix this?

It is a DDOS attack, do you know how it works? Multiply request to the site at the site time (you cannot stop the attack with a simple block to one or two ip).

Especially when the attack is via a redirection vector.

erikalui
Legendary
*
Offline Offline

Activity: 2632
Merit: 1094



View Profile WWW
April 03, 2015, 10:30:53 AM
 #29

no.. this forum does not moderate if something is legal or even legitimate.  the only moderation here is whether or not your post was substantial if you had a signature ad in your profile.

One cannot sell illegal things on this forum. A person few days back tried to sell PayPal guides to chargeback and I reported the same along with few other members and now the thread is deleted. You just need to report the thread and MODs will take action. If they don't means the trade isn't illegal.

That thread is discussing about DDos cases I guess with some log files mentioned. The person whose username was "DD4BC" was banned.

Pushtheghost
Full Member
***
Offline Offline

Activity: 169
Merit: 100


View Profile
April 03, 2015, 11:18:55 AM
 #30

It is a DDOS attack, do you know how it works? Multiply request to the site at the site time (you cannot stop the attack with a simple block to one or two ip).

It'd be possible to block certain IP ranges known to be used frequently in DDoS attacks, such as most of China for example. However, this would also affect some users who use anonymity services to access Bitcointalk and I'm guessing this is why theymos hasn't taken this kind of action already as he doesn't want to limit access and limit anonymity online, which is a good thing for sure but does come at this kind of price.
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
April 03, 2015, 12:57:18 PM
 #31

It is a DDOS attack, do you know how it works? Multiply request to the site at the site time (you cannot stop the attack with a simple block to one or two ip).

It'd be possible to block certain IP ranges known to be used frequently in DDoS attacks, such as most of China for example. However, this would also affect some users who use anonymity services to access Bitcointalk and I'm guessing this is why theymos hasn't taken this kind of action already as he doesn't want to limit access and limit anonymity online, which is a good thing for sure but does come at this kind of price.

I have read this article (http://www.techrepublic.com/blog/it-security/ddos-attack-methods-and-how-to-prevent-or-mitigate-them/):

The easiest, although a costly way to defend yourself, is to buy more bandwidth. A denial of service is a game of capacity. If you have 10,000 systems sending 1 Mbps your way that means you're getting 10 Gb of data hitting your server every second. That's a lot of traffic. In this case, the same rules apply as for normal redundancy. You want more servers, spread around various datacenters, and you want to use good load balancing. Having that traffic spread out to multiple servers will help the load, and hopefully your pipes will be large enough to handle all that traffic. But modern DDoS attacks are getting insanely large, and quite often can be much bigger than what your finances will allow in terms of bandwidth. Plus, sometimes it's not your website that will be targeted, a fact that many administrators tend to forget.


so it is not so easy to prevent or stop a ddos attack, and theymos took the right choice and changed the IP.
monbux
Legendary
*
Offline Offline

Activity: 1736
Merit: 1029



View Profile WWW
April 03, 2015, 01:14:22 PM
 #32

Weird.  I was trying to access bitcointalk all evening yesterday without success, then right when I got off of the computer, it worked on my phone... Was it just timing?
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5418
Merit: 13508


View Profile
April 22, 2015, 04:39:07 AM
 #33

Since I mentioned Cloudflare in the OP, I thought I'd note this here: I just learned that Cloudflare's "keyless SSL" feature still allows them to undetectably MITM all traffic. How it apparently works is that you keep the HTTPS key, but session keys are generated in a special way that allows both you and Cloudflare to decrypt the HTTPS traffic. Pretty sneaky, and not at all widely known. My suspicions that Cloudflare exists to spy on encrypted Internet traffic continue to rise.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1006



View Profile
April 22, 2015, 09:44:58 AM
 #34

Since I mentioned Cloudflare in the OP, I thought I'd note this here: I just learned that Cloudflare's "keyless SSL" feature still allows them to undetectably MITM all traffic. How it apparently works is that you keep the HTTPS key, but session keys are generated in a special way that allows both you and Cloudflare to decrypt the HTTPS traffic. Pretty sneaky, and not at all widely known. My suspicions that Cloudflare exists to spy on encrypted Internet traffic continue to rise.

Yes it is just security theatre to make people feel safer. Cloudflare can read all of your traffic in the clear no matter which of their products you use, some of their anti-DoS protection needs to be able to view all of the traffic in the clear in order to work, its the only way they can properly protect against layer 7 attacks for example.... or at least thats their story and their sticking to it.

dogie
Legendary
*
Offline Offline

Activity: 1666
Merit: 1185


dogiecoin.com


View Profile WWW
April 22, 2015, 01:16:49 PM
 #35

Since I mentioned Cloudflare in the OP, I thought I'd note this here: I just learned that Cloudflare's "keyless SSL" feature still allows them to undetectably MITM all traffic. How it apparently works is that you keep the HTTPS key, but session keys are generated in a special way that allows both you and Cloudflare to decrypt the HTTPS traffic. Pretty sneaky, and not at all widely known. My suspicions that Cloudflare exists to spy on encrypted Internet traffic continue to rise.

Yes it is just security theatre to make people feel safer. Cloudflare can read all of your traffic in the clear no matter which of their products you use, some of their anti-DoS protection needs to be able to view all of the traffic in the clear in order to work, its the only way they can properly protect against layer 7 attacks for example.... or at least thats their story and their sticking to it.

Still, for those not requiring https or just generally distributing content, it's a godsend. Anti ddos and geocaching for free. Made my shitty site moderately less shifty .

Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1006



View Profile
April 22, 2015, 02:08:19 PM
 #36

Still, for those not requiring https or just generally distributing content, it's a godsend. Anti ddos and geocaching for free. Made my shitty site moderately less shifty .

No doubt it is a useful service, even I use it for some sites. The thing I hate about it most is that they force all Tor users to enter an impossible to read captcha, making it impossible to access any websites that use it over Tor. Most of the time when I encounter a cloudflare-protected website over Tor I have to give up trying to access the website. The difficulty of the captcha seems to get harder as there are more attempts, so due to people using captcha bots over Tor the captcha's are literally not even characters from any language, there is no way you could enter it using a keyboard and if you ask for another captcha it just gets harder.

I also think that most webmasters that use cloudflare are unaware of the powers they are handing over to cloudflare and the enormous amount of trust they are putting in the service. Doesn't help that it's a freemium service either. If your website has any kind of user authentication then you should probably stay away from cloudflare and such services if you can.

coinpr0n
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
April 22, 2015, 02:30:43 PM
 #37

Got me all paranoid about CloudFlare now ... xD Afaik (at least with free versions) they can protect DNS but if the attacker knows your IP good luck CloudFlare trying to block that.

Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1006



View Profile
April 22, 2015, 03:15:56 PM
 #38

Got me all paranoid about CloudFlare now ... xD Afaik (at least with free versions) they can protect DNS but if the attacker knows your IP good luck CloudFlare trying to block that.

You can find out the real IP of many websites using cloudflare really easily. For example, here is how you find out the real IP of the website, ponziup.com, on linux:

Code:
$ host ponziup.com

Many times email will be delivered directly to the server or there will be a subdomain that allows for direct connection In this case, the command returns this:

Quote
ponziup.com has address 104.18.46.93
ponziup.com has address 104.18.47.93
ponziup.com has IPv6 address 2400:cb00:2048:1::6812:2f5d
ponziup.com has IPv6 address 2400:cb00:2048:1::6812:2e5d
ponziup.com mail is handled by 10 dc-0551f9e6-ipfailover.ponziup.com.

The first four IP's are cloudflare, the last one is a DNS record that points directly to the servers real IP to allow for email to be delivered. Simply ping dc-0551f9e6-ipfailover.ponziup.com and you get the real IP of ponziup.com which is 5.135.65.26, in this case the webserver is configured really badly, so you can even directly connect by going to http://5.135.65.26

This doesn't always work, it depends on how you have set everything up but there are many other methods out there to discover the real IP and it's difficult to protect against all of them.

recon_eric
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
April 22, 2015, 03:30:25 PM
 #39

Since I mentioned Cloudflare in the OP, I thought I'd note this here: I just learned that Cloudflare's "keyless SSL" feature still allows them to undetectably MITM all traffic. How it apparently works is that you keep the HTTPS key, but session keys are generated in a special way that allows both you and Cloudflare to decrypt the HTTPS traffic. Pretty sneaky, and not at all widely known. My suspicions that Cloudflare exists to spy on encrypted Internet traffic continue to rise.

+1 I noticed that last year... I never bothered with it since that feature was clearly targeted towards "easy mode" types, or those who don't understand how to pass the certificate data into CF.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!