Well, just to give everyone an update. I was contacted by the attackers, who are still attacking...and basically they are trying to blackmail me to get them to stop. Yes, I am not kidding. My site isn't down at the moment, as my host has been a ton of help in helping to mitigate everything. However, I am sure it isn't over.

I had something similar happen to me recently. They hacked my godaddy account and stole the two main domains for my site and tried to blackmail me to get them back. They thought I would care about google rankings and all that when they pointed my domains to a stupid web search page. However, I could care less about that and just went through the proper channels with godaddy and the new domain registrar and got the domains back after three weeks. In the meantime, I simply used one of our other domains for the site. Sure, it was a pain in the *** (my editing), but I wasn't about to give them the money they wanted.

Have you forwarded this correspondence to any other organization, such as local law enforcement?

It's considered hacking (obviously), and is a violation of international law. Contact a law enforcement agency. If the DDoS is coming from the US, contact the people listed below. Seriously. Since it's hacking of a computer (technically), contact these groups.

• FBI local office
• U.S. Secret Service
• Internet Crime Complaint Center

Source: http://www.usdoj.gov/criminal/cybercrime/reporting.htm

If you live in another nation, find out how to contact them.

I was talking about core software, not your "partition" VPS Like installed software.

Everyone knows that on a VPS you cant fully control your server since it's a virtual server (thus the VPS) and other VPS share the same hardware rack or cpu. You only have access to your own VPS and not the Rack software.

Well, the attack is back folks. Like I said before, I was contacted by users from a website basically wanting me to advertise their site and they will stop the attack. Well, my host installed some very nice hardware to prevent the attack and it was working well for the past 2 weeks or so. Well, it's back and has hit almost 2.0Gbit/sec...boy oh boy. I know the attackers will be reading this, so feel free to contact me when you do.

Have you done anything like contact their ISPs? Do you know who the actual 'attackers' are?

I do. However, I cannot contact any ISP until I know their IP. Which, I am sure they have hidden in every way possible.

But you've their website name - don't you ? Maybe do a whois lookup and then contact the provider / hoster of the website forwarding the mails / messages they sent you and ask them to do steps against such form of aggressive marketing.

Good idea, except it won't help my website. It will just piss them off. If they have access to enough boxes to attack me with such a huge amount of bandwidth I am sure they have access to their own private box.

check your server logs... get the ip address and add a deny rule to the .htaccess in you root folder...

I'm guessing by DDOS you mean over port 80... if so just deny access for that address.

Except if they are exceeding the bandwidth you have, you're screwed anyway. Think that there is a pipe to your server. If that pipe is blocked all the way to it - nothing you do at the server level can help.

According to my host, they exceeded my bandwith of 2TB within an hour because the attack was so large at times. Now, my site has been down for a while because we are caught in a limbo as to if they are attacking.

Curtis, it is obvious you upset some badass because of a previous action you performed... orelse you would not be in this situation. And I'm sure you know exactly why they are attacking you. An attack of this magnitude is not ran by a kiddie.

Even if he knows everything, he cannot do anything about it. Those attacks are not ran by amateurs. It is obvious they use many zombies combined with a ton of Windows computers from the daily armada of unprotected online users. You realize the attackers are pumping 512MB/sec worth of data to his pipe, right?

Hmm.

Something seems a bit fishy here.

Just wondering, by any chance is the person first quote who is blackmailing you?

Try this..
http://nix101.com/2007/07/21/syn-deflate/
it actually works

Just because you didn't want to advertise their site? What? I don't even know why people do this. These attackers should just let people run their site peacefully. Take the time to improve their own site and make it more marketable rather than waste their time and to hurt somebody else. If they do that, people will advertise them without their need to even ask! Just look at Google! Practically every person sources them for no reason at all!

My site I am sure makes plenty of enemies because we are constantly banning people who scam users. Just like any other trading site. However, as far as I know the attacks have nothing to do with that. If they do, no one has claimed that at least. Now my main problem is my host can't open my account back up because I am too high risk. Anyone have any advice for a high-risk hosting plans?

Cleaned thread from all replies that where advertising a hosting service. Hosting discussions should take place on vB.com.

Amazon AWS with EC2/EBS/S3/CloudFront

OBTW, this is a pretty good article about defending against DOS/DDOS attacks:

Protecting against DDOS attacks

The author recommends you keep a current backup on AWS EC2/EBS (for example) and run it when you are a victim of an attack.

The reason is that it is too expensive to run full time on EC2 against a massive attack, but you can run it there to frustrate the attacker (and keep your customers happy), and maybe they will go away (and you can return to your cheaper configuration).

Cheers.

I find it difficult to take an article serious if the author thinks an ISP is the same as a host.

Well, good for you :-)

I think the article is well written and provides sound advice, and I have considerable experience in the security field.

In addition, I don't think the author thinks an "ISP is the same as a host" (as you said), he just did not choose his words carefully.

Obviously, the author is smarter than that.

--------------- Added [DATE]1249655031[/DATE] at [TIME]1249655031[/TIME] ---------------

Anyway, where in the article did the author say "An ISP is the same as a host"... I did not read that into anything written, and did a search, and did not read it either directly or indirectly :-)

When i posted my comment i had only read part of the article. The total article is usefull and does provide some tips on how to handle, or prepair for, a DDOS.

He nevers say "host = ISP", but he uses the terms in the document as indentical. 1 example:

He is clearly talking about his host providing the server, not about the provider of the internet connection.

Listen to some of the lil wayne songs, he has some weird, confusing lyerics.

Like " I got old money, it could have been a dinosaur"

HAHA

Hello
In stupid people terms, can someone briefly explain to me what all this attack stuff means? Is this something I have to worry about on my forums? I have tech support obviuosly but don't want to run into any overage problems which will cost me time and money.

Thanks

Gabby

DDos attacks are made my others who have nothing better to do than target a random site and harass it to the end, i have been targeted several timed due to the nature of my forum. anyway i use lunarpages hosting company and their servers are top notch, i have to be careful with my ftp clients or i get denied myself...lol . some hosts that are resellers can't do much, while others that have their own server farms can handle situations much better.

Basically i am saying if you become a victim of continued attacks, move your site to a very good host.

Are you on twitter? Yesterday twitter was brought down due to a ddos attack. Basically, several computers all try to hit the site at the same time and it stops 'real' users from trying to access the site.

lol.. i was about to mentioned that twitter was getting pounded. But they refused to say it, till later. facebook was also ddos a while back.There was a inside joke about myspace was doing the ddos...lol but here is the report

http://news.cnet.com/8301-13577_3-10...dStoriesArea.1

Ok everyone. Thank you so much for explaining this. I normally have about 50-70 posts a day so if I start to see very large numbers of people trying to post, this is a DDOS attack? DO people have to be logged into your forum to do this or do they just bring up your forum all at the same time?

Usually you won't see a thing on the site since they don't necessarily try to hit a vbulletin file, they just pound the server, not the site itself, with requests. I know that the few times I've been dosed (how to you spell that?), I have not seen any increase in the number of users (well, the number of users goes down cuz no one can access the site!).

Thank you Lynn. So DDOS attacks are usually from an individual with problems or is this something an organization would employ to quell competition? Sorry to ask so many questions. I did have something like this not to long ago but my host took care of it pretty quickly. I have no idea what they did to solve this problem. LOL Now I wish I did. All I knew what that I had run out of bandwidth like two days after the first of the month and my site was taken offline by the host for excessive bandwidth. Is this a DDOS attack?

You might want to read this about them - http://en.wikipedia.org/wiki/Denial-of-service_attack Sometimes, like with twitter, there are a group of users doing it specifically because of something (in that case, they were targeting a particular user but didn't seem to care that they brought down the whole site), but sometimes they just do it for fun (like hacking sites is often done for fun).

Ah ok. Lyne Thank you . Just read the Wiki artile. Too bad there aren't has stringent laws for hackers.

Cash Money Records is a known group of individuals that DDOS (and I am not talking about the recording company)

Lots of people DDOS. It's pretty common to see it done. And there are lots of ways for people to DDOS.

If you find out who is DDOSing you just put a redirect on your domain to their site. So it will attack their site everytime they attack yours.

Will that actually work?

Someone may have already said to contact the upstream to get them to filter the attack, case should be resolved at that point.