Real Cases
Re: Advise on DDoS attck Aug 03 2007 07:20PM
auto13925 hushmail com (1 replies)

Many thanks to everyone for your time and advice. Some replies were
sent directly to me therefore I will try to summarise and make a
single reply here.

So far, the advice given was:
Ban IPs, regions etc.
Allow only member IPs
Forensic logging etc.
Contact hosting company
Contact Authorities
Buy more bandwidth, technology, etc.

Yes, I still have the demand email. It read: "Hello, I am X Slim. I
am denying access to your website and email. To restore service,
deposit $500 USD into egold account 4639221. If you have any
questions you can email me at x-slim-x (at) hotmail (dot) com [email concealed]". The same
message was left on my answering machine as well. How did he get my
phone number is a mystery. He cannot be one of the forum members as
each member is thoroughly vetted and has been a member of the
community for quite sometime. In addition, they would ask a little
more than $500 I think :)

I do not have technical background to understand/comment on the
details of the attack. I don't have physical access to the server
and would not know what to do even if I had access. The only logs I
can see are some fancy graphs (Webalizer?) that was already setup
by the hosting company. This shows massive number of page hits
etc., about 1000 times larger than our usual hits, coming from all
over the world. I also have FTP to add/remove pages.

I already contacted the hosting company on the second day of the
attack and they were not happy with the situation as if it was my
fault. I was told that the attack was having negative effect on
other clients too. They did not come out and tell openly but I got
the feeling that if the attack does not stop I may be needing to
look for another place. Looks like we will be doing this anyway.
Suffice to say they were not very helpful, or maybe just too busy
to deal with a small customer :(

Somebody said that it was not wise to talk about this openly. Would
you please elaborate? I thought I took steps to keep the
forum/domain name/details private.

Thanks for the various links. I visited each and read thoroughly
but it seems we do not have the know-how to deal with this attack
in the ways advised. Although a trivial amount, we refuse to pay on
principal and obviously there is not a quick and easy solution as
we had hoped. So, we will just move on to another hosting company
as voted overwhelmingly by the forum members (96 votes)** and hope
the attacker will not find us there. At least, we learnt to ask
about DDoS protection when we are shopping for a new hosting
company. Very annoying that hiding behind a computer, someone can
force people off their sites.

Once again many thanks for all replies and your time. Best regards.

other options were:
- hire a tech-guy to deal with the situation (43 votes)
- pay the ransom / offer less (2 votes)
- ignore/weather the attack (6 votes)
- contact FBI (2 votes)
- don't know (4 votes)
- not present (11)

p.s. X-Slim, if you are reading this, hopefully some day we will
meet in person. Meanwhile, the members pledged over $5000, 10x more
than your demand, to hire a computer wizard to locate you if you
don't leave us alone in the future. So be prepared for a fight if
you wish to continue this at our new location.

Click here to compare top medical billing products, get demos, and quotes.

[ reply ]
Re: Advise on DDoS attck Aug 05 2007 05:44AM
Roland Dobbins (rdobbins cisco com)


Privacy Statement
Copyright 2010, SecurityFocus