DDOS for ransom

[adamstgBit]

No one should ever pay a DDOS ransom. Eventually you can quell the attack with multiple solutions. DDOS is unsustainable and is a US Felony.

mining pools were DDOS for ransom back in the day. they just moved to a host that provided DDOS protection.

[1714009093]

1714009093

[Kris]

I just think it's such a shame, that you have to hide behind all sorts of protection, even when you run a descend business in which people depend on to put food on their table.

On another site i have read that they use cloudflare resolver to figure the real ip. I could gather such a tool if youre interested, however, could be a fake soft tough.

Thank you for bringing this to my attention. It seems I made the correct choice of building my own solution based on amazon ec2 implementation and applying custom firewall rules to prevent this DDoS.

My only regret is that I did not foresee the size of this attack as it caught me totally off guard.

[ErnestoJuarell]

I just think it's such a shame, that you have to hide behind all sorts of protection, even when you run a descend business in which people depend on to put food on their table.

On another site i have read that they use cloudflare resolver to figure the real ip. I could gather such a tool if youre interested, however, could be a fake soft tough.

Thank you for bringing this to my attention. It seems I made the correct choice of building my own solution based on amazon ec2 implementation and applying custom firewall rules to prevent this DDoS.

My only regret is that I did not foresee the size of this attack as it caught me totally off guard.

Any chance you could publish a blacklist?

[fm1234]

Assassination Market

The first time some chronic DDoSer, whether an extortionist, "political activist" or idiot script kiddie is found slashed from his groin to his solar plexus, 90%+ of people who have ever launched even a single attack will go find a new hobby.  

Been saying this for 15+ years about malevolent hackers; while society itself seems inclined to give them a free pass, I think that the fact that despite huge leaps in technology, no group has ever taken on a serious criminal organisation speaks volumes about what their real level of confidence against reprisals is.  


Frank

[Desolator]

3 pages later, I bet this has been posted but tl;dr.  DDOS = a lot of PCs.  If they control them, couldn't they just use them all for mining instead of targeting them at a server for extortion?

[ErnestoJuarell]

3 pages later, I bet this has been posted but tl;dr.  DDOS = a lot of PCs.  If they control them, couldn't they just use them all for mining instead of targeting them at a server for extortion?

CPU Mining is so worthless, even with a botnet of average PCs. You could make way more money by DDOSing or just stealing user info. There's already been Bitcoin mining botnets discovered.

Also, mining may slow the PCs down more which could potentially reveal to the user that they are infected or even drive them to get rid of the infection.

[WikileaksDude]

3 pages later, I bet this has been posted but tl;dr.  DDOS = a lot of PCs.  If they control them, couldn't they just use them all for mining instead of targeting them at a server for extortion?

CPU Mining is so worthless, even with a botnet of average PCs. You could make way more money by DDOSing or just stealing user info. There's already been Bitcoin mining botnets discovered.

Also, mining may slow the PCs down more which could potentially reveal to the user that they are infected or even drive them to get rid of the infection.

This is true, even using botnets to mine its not worth the time. DDOS and identity theaft much more profitable.

[Vladimir]

We do not negotiate with DDOS attackers. Simple really.

[paraipan]

Prolexic has it covered...

[Desolator]

How do people stop DDOS attacks anyway?  Is it like a separate box or proxy laid down in the chain of connected stuff that auto-ignores requests from any IP sending way too many requests at a much faster speed than the server could or something?

[capsqrl]

BitPay is back from their DDOS now. Any information on whether they paid their way out, and if so, how much?

[jgarzik]

How do people stop DDOS attacks anyway?  Is it like a separate box or proxy laid down in the chain of connected stuff that auto-ignores requests from any IP sending way too many requests at a much faster speed than the server could or something?

A lot of little strategies, rather than one big obvious fix.  DDoS typically involves flooding of some type of traffic.  A simple DDoS might be a flood of TCP/IP open-a-new-connection packets, designed to confuse and overload OS kernel networking software.  Other DDoS's are simply a massive amount of valid traffic, i.e. sending HTTP requests to compute-intensive script on the web server, over and over again, hundreds of thousands of requests per second.

Each DDoS is different.  The traffic sources may come from different parts of the world, originate from different ISPs.  They may originate from a criminal DDoS black market, where armies of "zombie" machines may be rented by the hour to perform DDoS attacks.

One thing is certain, though:  there is very little economic reason to pay DDoS ransoms, as that simply serves as a clear economic signal that you are a mark, and can possibly be taken for even more money.  Paying ransoms encourages further DDoS.  Criminal parasites don't need your business to be profitable and sustainable.

Typically a business will take unspecified technical steps themselves, or hire a security firm or DDoS-proof hosting firm to do it for them.

Sometimes it is possible wait out a DDoS, but that's not realistic for most web businesses/services.  It could take weeks or months, as the cost of zombies is probably below the several-thousand-bitcoin payout that other thieves have seen in the bitcoin press headlines.

[hashman]

Ridiculous.  Walletbit? 
I thought gambling sites were always the best targets for would-be DDOS extortion thugs.
 

[Kris]

I just think it's such a shame, that you have to hide behind all sorts of protection, even when you run a descend business in which people depend on to put food on their table.

On another site i have read that they use cloudflare resolver to figure the real ip. I could gather such a tool if youre interested, however, could be a fake soft tough.

Thank you for bringing this to my attention. It seems I made the correct choice of building my own solution based on amazon ec2 implementation and applying custom firewall rules to prevent this DDoS.

My only regret is that I did not foresee the size of this attack as it caught me totally off guard.

Any chance you could publish a blacklist?

Sorry, I don't store much logs because of people wanting to be anonymous. So they are probably already overwritten. The important thing is that the service was running again after only 48 hours from Saturday to Monday, while still being DDoS'd