SatoshiDICE and SatoshiCircle under sustained DDoS... who could it be?

[SatoshiDICE_PR]

Dear community, if you can provide any information about this matter we would be most grateful.

SatoshiDICE has been under sustained DDoS for over a week now. We've confirmed that SatoshiCircle has been suffering the same. Are there other gaming sites that are under heavy attack over the past week or more? Please PM me if so.

There have not been any extortion messages or demands.  We believe we know who is doing it... though we do not have proof. What new BTC gaming operator has come out with both a blatant clone of SatoshiDICE (copy and design elements ripped straight off the site) and a blatant clone of SatoshiCircle within the last month? What operator has been lying about usage statistics while simultaneously sending out numerous well-crafted Press Releases claiming innovation and market dominance to gain attention? Who could it be?

A line has been crossed here and we are working to remedy it. We regret and apologize for the interference suffered by our players throughout this episode. If anyone within the community can provide information on this matter, either through private PM or publicly in this thread, we would be very grateful.

SD

PS - Note that we do not suspect either Just-Dice or PrimeDice whatsoever, both run by esteemed individuals who have been great innovators.

[Stunna]

We've been under attack past few weeks on and off, not to the degree of SD though. Mainly just moderate flood attacks. JD has been under significant attack as well. Don't think identifying whoever is doing this will be possible and even if we were able to, not much could be done about it. More important to focus on how we can mitigate these attacks instead.

If I were to point a finger of blame I'd say it is the new notorious dice site that is getting a decent amount of attention, however ddos attacks on SD occurred before their launch so that nullifies my suspicions a bit.

Given the scale of SD it might be worth utilizing http://www.prolexic.com/  or the most expensive cloudflare option if you are unable to mitigate the attacks through more standard means.


EDIT: After posting this message we're now suffering from a stronger ddos which has pushed us offline.

[satcircle]

Hi SD -

Yes, SatoshiCircle can confirm that we, too, have been under a vicious attack for the last couple of weeks.
Sorry to hear you've been suffering the same mate - but we're totally in alignment with your suspicions!

Best of luck on the defense! May the Satoshis prevail

Team SatoshiCircle

[aksplace]

Dear community, if you can provide any information about this matter we would be most grateful.

SatoshiDICE has been under sustained DDoS for over a week now. We've confirmed that SatoshiCircle has been suffering the same. Are there other gaming sites that are under heavy attack over the past week or more? Please PM me if so.

There have not been any extortion messages or demands.  We believe we know who is doing it... though we do not have proof. What new BTC gaming operator has come out with both a blatant clone of SatoshiDICE (copy and design elements ripped straight off the site) and a blatant clone of SatoshiCircle within the last month? What operator has been lying about usage statistics while simultaneously sending out numerous well-crafted Press Releases claiming innovation and market dominance to gain attention? Who could it be?

A line has been crossed here and we are working to remedy it. We regret and apologize for the interference suffered by our players throughout this episode. If anyone within the community can provide information on this matter, either through private PM or publicly in this thread, we would be very grateful.

SD

PS - Note that we do not suspect either Just-Dice or PrimeDice whatsoever, both run by esteemed individuals who have been great innovators.

As an endorsed company I'm a tad disappointed with you folks pointing fingers at another company. If I think it's the same company all the organizations are claiming it is "BetcoinTM" I can assure you folks your probably wrong. The gentleman is pure 100% class and is a true asset to bitcoin gambling. I think instead of pointing directions at other companies we could use the time, resources, and energy on adapting away to defeat these dos attacks so players can continue on doing what they enjoy doing. Dos attacks are not uncommon for larger companies and with proper backup plans like mirror backup sites this can help defeat the purpose of the attack and that is your player base.

[🏰 TradeFortress 🏰]

I've been looking into betcoindice's transactions and I've found evidence of house bets / blockchain spamming. Will make a new thread.

https://bitcointalk.org/index.php?topic=297110.0

[Zaih]

I've been looking into betcoindice's transactions and I've found evidence of house bets / blockchain spamming. Will make a new thread.

Woah, surprise surprise lol. It was always so obvious. I guess you're the first to get some real 'proof'

[bit777]

We have been at a very sustained DDOS for the past week but managed to mitigate it! AND I do agree with your thoughts on who is doing it and it really does make a lot of sense to attack the top 3 sites, competing with their 3 products! So low class!!

As an endorsed company I'm a tad disappointed with you folks pointing fingers at another company. If I think it's the same company all the organizations are claiming it is "BetcoinTM" I can assure you folks your probably wrong. The gentleman is pure 100% class and is a true asset to bitcoin gambling. I think instead of pointing directions at other companies we could use the time, resources, and energy on adapting away to defeat these dos attacks so players can continue on doing what they enjoy doing. Dos attacks are not uncommon for larger companies and with proper backup plans like mirror backup sites this can help defeat the purpose of the attack and that is your player base.

I would suggest you to stop schilling. How much are they paying you?

[gweedo]

Satoshi Dice you just purchased a site for a $11.5 million, you should be able to migrate this very easily. Do you have a CTO or even a lead networking person?

[deepceleron]

It seems like if you put a valuable Internet Bitcoin property up, it will get DDoSed. First pools, then exchanges, the forum and wiki/.org, now gambling sites. The previous attacks would rotate where they point their bandwidth every few hours or days, likely to frustrate many sites with partial downtimes instead of just taking out a single site.

The first step would be to identify several of the IP addresses, contact the ISP's abuse departments to see if they will facilitate owner identification for anti-malware research, and implement full promiscuous monitoring with the owner's permission to determine command and control or obtain an image or copy of the malware. You probably wouldn't want to identify your attack mitigation efforts as representative of the interests of Internet gambling sites unless legal in your jurisdiction and the bot attacker's.

Then what do you do when c&c is from its-only-cyber-crime-if-you-are-a-civilian.army.mil...

[fuggedit]

I dont know but either ive been having HORRIBLE luck lately or some of bets got fukked up. Like the last 20 bets with them have gone wonky and I only one 1 time on a 91%....Use with CAUTION ATM

[fuggedit]

It is funny though....A few times when I was trying to log in to SD to see my bets if they won, I kept getting redirected to Just-Dice....Anyone care to explain? If true you should be ashamed, you are not only hurting SD(which IDGAF about) but you are hurting us the betters as innocent collateral damage. Dont fuck with the clientele base we will destroy you if so/thatisall

[Zakryze]

I think blockchain is suffering from ddos lately too...

[bit777]

If someone wants to investigate the DDOS, here are some of the IPs that have been hitting us: https://i.imgur.com/T4v0oI9.png & https://i.imgur.com/i58avqi.png

Note: there could be false positives among the IPs. Also I would recommend the advanced DDOS protection of CloudFlare. It did the trick for us!

[fuggedit]

This has to have resulted in some erroneous bets no?

[bit777]

This has to have resulted in some erroneous bets no?

It results in the websites going offline entirely.

[Mitchell]

There was a guy claiming to be the DDOS'er. He asked for "protection money" to make it stop. I don't know if that really is the guy who is doing the DDOS.

[knowitnothing]

If anyone within the community can provide information on this matter, either through private PM or publicly in this thread, we would be very grateful.

What I can tell you is that renting a DDoS attack is both cheap and very easy.

My guess is that an unexperienced user (or maybe a couple of them) are renting these services for 1 or 2 hours and repeating at different times of the day. Sustaining an attack for 24h/7 might cost more than the person is willing to pay and may also be irrelevant, i.e. you just need to affect the site during the peak hours.

If my guess is correct, it is pointless trying to find out who is doing this. You would need to contact these "companies" providing such services and ask who is paying them to attack you; repeat for every other such company.

The only reason I'm posting this is that I missed it in this thread, so I'm not sure if people are aware of how easy it is to launch a DDoS attack.

[b!z]

If someone wants to investigate the DDOS, here are some of the IPs that have been hitting us: https://i.imgur.com/T4v0oI9.png & https://i.imgur.com/i58avqi.png

Note: there could be false positives among the IPs. Also I would recommend the advanced DDOS protection of CloudFlare. It did the trick for us!

Probably a botnet, not much you can do other than bringing in better DDoS protection.

[betcointm]

Dear colleagues,

 We don't want to engage in lengthy discussions, but we can not simply ignore all of the statements in this thread, and will state a few facts:

 We're spending more than $20,000 a month on protected hosting, and even THAT provides insufficient at times.

(http://www.bitcoincasinopro.com/reviews/betcoin-tm-unrated-2-4-bitcoin-complaint-received/)

All of our gaming sites have been under intermittent moderate to severe DDOS attacks for about three weeks now,
the casino site went offline for about 48 hours during the worst attack. Even our mining equipment website which is not related to gambling in any way has  been attacked several times. There are constant floods, and database hacking attempts, however, we're not pointing fingers at anyone, and instead are working with the best security experts on mitigating and preventing these issues. We're an established company, and we've been in business for 25 years, our heavy spending on advertising doesn't cross any lines - it's a free market economy. And regarding the new features - they're being rolled out on an almost weekly basis, and very soon our games will be completely different from those offered by the earlier market entrants. We have consciously introduced a game interface that is more familiar to most players, with the intent of guiding them in the direction of a better user experience.

Best regards,

betcointm

[knowitnothing]

We're spending more than $20,000 a month on protected hosting, and even THAT provides insufficient at times.

All of our gaming sites have been under intermittent moderate to severe DDOS attacks for about three weeks now,
the casino site went offline for about 48 hours during the worst attack. Even our mining equipment website which is not related to gambling in any way has  been attacked several times. There are constant floods, and database hacking attempts, ...

$20,000 in hosting alone seems a bit excessive for such site, but there isn't much I can say about that alone.

Now, what I find weird is: 1) "mining equipment". Why would you use mining equipment for taking bets ?. 2) "database hacking attempts". Why are you even exposing your database ? Or are you claiming this is an internal issue with your hosting company ?

Why am I asking this ? Because it is irrelevant whether you pay $20k, $200k, or any amount of k dollars if in the end you do such things. High price also doesn't equate in good quality of service.

And this is all offtopic obviously