vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   DoS Attack Shutdown! (https://vborg.vbsupport.ru/showthread.php?t=67665)

smestas 07-26-2004 08:06 PM
DoS Attack Shutdown!
 
Man do I have a story to tell!

One week ago my dedicated server was taken offline. Upon calling in the outage to tech support they tell me my account has been suspended due to a DoS attack on another network. After a week of begging and pleading (over a dozen calls) for access to my DB and files (not yet backed up) I was notified that all my files and DB have been deleted and the system has been re-formated. When I heard this I just about died. My site (a automotive forum) was getting thousands of visitors a day and I had just been negotiating with vendors for advertising and retail business to start reaping some revenue after two years of laboring on the site and financing it.

Has this ever happened to anyone else? Do I have any recourse against the hosting company after I explicitly instructed to them not to damage or remove my DB and files? Is this a common thing to have a dedicated box compromised?

Thanks for letting me vent!

I guess my next step is to find a lawyer and speak to their legal department.

smestas 07-26-2004 08:07 PM
Here is the proof that the hosting company sent to me. I have no idea of what it means!

--------------------------------
23:11:49.463437 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463683 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463688 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463712 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463867 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464152 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464158 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464167 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464380 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464389 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464422 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464690 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
--------------------------------

Andreas 07-26-2004 08:10 PM
Do you mind letting us know the name of this hosting company?
So nobody will never-ever make the mistake to host there.

Colin F 07-26-2004 08:12 PM
Quote:
Originally Posted by smestas
Man do I have a story to tell!

One week ago my dedicated server was taken offline. Upon calling in the outage to tech support they tell me my account has been suspended due to a DoS attack on another network. After a week of begging and pleading (over a dozen calls) for access to my DB and files (not yet backed up) I was notified that all my files and DB have been deleted and the system has been re-formated. When I heard this I just about died. My site (a automotive forum) was getting thousands of visitors a day and I had just been negotiating with vendors for advertising and retail business to start reaping some revenue after two years of laboring on the site and financing it.

Has this ever happened to anyone else? Do I have any recourse against the hosting company after I explicitly instructed to them not to damage or remove my DB and files? Is this a common thing to have a dedicated box compromised?

Thanks for letting me vent!

I guess my next step is to find a lawyer and speak to their legal department.
I can't really tell you what rights they have, but it seems to me that formating the whole system (on a dedicated box!) is a much to harsh reaction to a DoS attack.
Simply temporarily unhooking it from the network would have worked as well as far as I know...

AN-net 07-26-2004 08:37 PM
wow thats harsh, someone must of hacked your server and hijacked it and used to DoS other sites. I would ask for a list of ip's who had accessed it recently cause it seems as though u didnt DoS anyone so someone must have of hijacked your server, i would also like to know what company this is. Maybe we should flood their email with complaints and then they'll give him his hosting back:D

RichieBoy67 07-26-2004 09:34 PM
Oh man that sucks dude... Sorry that happened to ya.. I would be pissed too...

Thanks for the push though. I am backing up my sites right now...

Erwin 07-27-2004 01:32 AM
I know it's no consolation now, but in future I encourage forum admins to organize off-server backups on a regular basis, just in case something like this happens.

DrkFusion 07-27-2004 01:39 AM
Quote:
Originally Posted by Erwin
I know it's no consolation now, but in future I encourage forum admins to organize off-server backups on a regular basis, just in case something like this happens.
And to ad on to that, take the extra effort to get some very stable source on hand to backup. If you are a very large board and every single bit of your site is dead serious to you, and revenue then I would suggest investing in a new home computer all together that performs automatic downloads and dumps of your offshore server. I can tell you after investing in such a system, I have one lieing in the corner, no monitor no keyboard no mouse, just the tower and thats all, 7 bay, 6 harddrive raid, 3 are just for my website, the other 3 are for ftp server. I take care of it to death, I can tell you it has kept me going so many times and I have had many close encounters.

Just for the very serious websites just would like to get that option out, if someone is thinking of doing something like that private message me I have some links to software. The thing is you have a daily archive of backups of the server space consuming, but as I said 3 harddrive (200gb each) just for backup of that 1 server which runs only that 1 site.

smestas 07-27-2004 06:33 PM
Quote:
Originally Posted by KirbyDE
Do you mind letting us know the name of this hosting company?
So nobody will never-ever make the mistake to host there.
It was with iPowerWeb.com on one of their dedicated plans. The price was right but their policies and customer service stink!

smestas 07-27-2004 06:34 PM
I've tried everything I can with these guys! Just cant get to someone who can help me. My last conversation was via email and they told me the box/IP has already been re-issued and that my account has been canceled. Needless to say Im really bummed out on them!

On the brighter side I have found a manual backup I ran from May of 2004 which I will be using to get the site back up and going. Unfortunatly Ill be missing thousands of posts and a few hundred members.

I'll chalk this up as one of those life lessons. Does anyone here have any security measure recomendations for me my second time around?


All times are GMT. The time now is 02:17 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01128 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete