- Messages
- 2,786
I wouldn't want to 'test' the attackers so don't post anything about this anywhere public. If you're found to do so we'll just ban your account. It's not worth it.
Now things appear to have settled I feel comfortable letting you know what's being going on and why we've been up and down like a yoyo.
Keep this out of the public areas of the forum and whatnot. As it risks screwing the forum again.
Sunday morning we noticed a massive amount of traffic coming into the network, a few hours on we noticed it was a DDOS attack. Where too many requests are sent to the websites for the server and network to handle so it crashes the websites. Our hosts were able to manage the traffic to a degree while we traced what was going on. And it became apparent that it was thousands if not near 100,000+ botnets (computers being controlled by attackers without the owners knowledge) sending false requests to the forums to crash the server.
This had a knock-on effect on our hosts other customers, and even my hosts ISP in the London Docklands had to shut down some of their own traffic routing systems to stop the traffic.
Monday the attackers changed tactics and used HTTP requests that were left open, so the websites wouldn't resolve them properly. That crashed the forums too.
Tuesday it changed to DNS reflection where they attack the IP address itself and send traffic directly to that.
And today we've switched to an expensive routing service to send traffic through to filter out any nasty stuff. Done this for the main forums, carted all my customers off to other solutions so they're not affected now, and I have closed down a lot of my own websites and forums and things.
It's cost me thousands in losses and extra services and I wouldn't wish this on any of our competitor forums. Really dodgy situation to be put in.
I was expecting a ransom related message but haven't got anything so far. The attack is classed as industrial sabotage and as dozens of other companies we affected, along with our host, their network provider (and their other customers) and their ISP (and their other customers) we've had to get the old SOCA (Serious and Organised Crimes Agency) which is now called NCA (National Crimes Agency) involved who are investigating the attack in case this is part of some bigger issue (like that dodgy RansomWare thing that's going about). We're not too sure who's doing it or why but we've fought them off for now.
At no point were anything to do with personal details at risk. They we're NOT physically hacking us or anything, just sending massive amounts of traffic to us in the form of what took down PayPal and Amazon and VISA (and even SOCA last year).
So it looks like we're okay now. A few people are having DNS / Cache related issues but that'll all calm down in the next 24 hours or so as networks refresh and whatnot.
I wouldn't want to 'test' the attackers so don't post anything about this anywhere public. If you're found to do so we'll just ban your account. It's not worth it.
Now things appear to have settled I feel comfortable letting you know what's being going on and why we've been up and down like a yoyo.
Keep this out of the public areas of the forum and whatnot. As it risks screwing the forum again.
Sunday morning we noticed a massive amount of traffic coming into the network, a few hours on we noticed it was a DDOS attack. Where too many requests are sent to the websites for the server and network to handle so it crashes the websites. Our hosts were able to manage the traffic to a degree while we traced what was going on. And it became apparent that it was thousands if not near 100,000+ botnets (computers being controlled by attackers without the owners knowledge) sending false requests to the forums to crash the server.
This had a knock-on effect on our hosts other customers, and even my hosts ISP in the London Docklands had to shut down some of their own traffic routing systems to stop the traffic.
Monday the attackers changed tactics and used HTTP requests that were left open, so the websites wouldn't resolve them properly. That crashed the forums too.
Tuesday it changed to DNS reflection where they attack the IP address itself and send traffic directly to that.
And today we've switched to an expensive routing service to send traffic through to filter out any nasty stuff. Done this for the main forums, carted all my customers off to other solutions so they're not affected now, and I have closed down a lot of my own websites and forums and things.
It's cost me thousands in losses and extra services and I wouldn't wish this on any of our competitor forums. Really dodgy situation to be put in.
I was expecting a ransom related message but haven't got anything so far. The attack is classed as industrial sabotage and as dozens of other companies we affected, along with our host, their network provider (and their other customers) and their ISP (and their other customers) we've had to get the old SOCA (Serious and Organised Crimes Agency) which is now called NCA (National Crimes Agency) involved who are investigating the attack in case this is part of some bigger issue (like that dodgy RansomWare thing that's going about). We're not too sure who's doing it or why but we've fought them off for now.
At no point were anything to do with personal details at risk. They we're NOT physically hacking us or anything, just sending massive amounts of traffic to us in the form of what took down PayPal and Amazon and VISA (and even SOCA last year).
So it looks like we're okay now. A few people are having DNS / Cache related issues but that'll all calm down in the next 24 hours or so as networks refresh and whatnot.
I wouldn't want to 'test' the attackers so don't post anything about this anywhere public. If you're found to do so we'll just ban your account. It's not worth it.
Last edited:
