# Server Attack underway - Jan 3 2009 - RESOLVED



## Bob Hubbard

The MartialTalk server has been under heavy attack by a bot net since around 8am this morning.  So far we've blocked several thousand systems trying to brute force their way in.  While this continues, you may experience some performance issues.

The server and the site are both secure, and can easily ride this out, so rest easy.

We apologize for any inconvenience these jack asses cause.


----------



## Sukerkin

:sigh:  I've never understood what these people gain from such vandalism - they're no different from the drunken yobs who put the windows through on bus shelters :grr:.


----------



## Bob Hubbard

I've been amusing myself looking up IP addresses as they are blocked.  Seems a few are from a data center I'd briefly used that couldn't secure a paper bag, but are known for very cheap server hosting.   We're in a good data center, with a great security and support team, so I've been rather relaxed all day for a change.  

214 more notices since I posted this a few minutes ago.


----------



## Tames D

Stupid questions: 

What is the reason/purpose of this attack? What are they trying to accomplish?
What can happen to MT if they succeed?
Is it a personal thing against you Bob?


----------



## terryl965

Thanks for the info, I was wnodering why it was so slow.


----------



## Bob Hubbard

1- A compromised server is a useful thing. It's where SPAM comes from, as well as adds strength to other brute-force attacks. They can use it to attack, spam, steal data, etc.  Could also be an attempt to knock us offline, for a variety of reasons.

2- If they succeed, it goes "poof", until I can get a replacement server online.  

If they compromise the server, all data on it is open to them. This is why I pay almost a grand a month for my hosting. I like having a solid company behind me who can handle this stuff.

But I'm confident we're safe.  There's only a small number hitting us at one time, so it's more a "energetic jiggling the doors" than an all out attack, IMO.


----------



## Bob Hubbard

Let me clarify.

Small number = couple hundred to a few thousand systems attacking.
Large number = couple hundred thousand systems attacking.

Bot-nets tend to range from 50,000-500,000 compromised systems.  All the more reason to make sure your anti-virus and anti-spyware is current and functioning folks.


----------



## Bob Hubbard

Just to give you an idea how hard this is....

There are over 65,000 "ports" you can connect to.
We've got all but a few blocked.  So you have to guess.  Too many bad guesses from a single computer, it's locked out.

If you guess which port, now you have to figure out what the username is.
Too many bad guesses from a single computer, it's locked out.

Even if you guess the port, and guess the username, you still have to guess the password right.
Too many bad guesses from a single computer, it's locked out.

Oh, but even if you guess the port, the username, and the password.....you still have to come from one of the few authorized computers who can access the server.
Not it?  It doesn't matter if you got em all right, still can't get in.

It's not impossible, but pretty damn difficult.


----------



## jks9199

Bob -- 
Technical question on this: Could someone spoof the IP to get access?


----------



## Bob Hubbard

Sure.

They'd have to know it though. 
And be located in the data center. 
On a non-routable internal use only IP.


----------



## grydth

I am sure most of us have no idea what effort and caring it takes on your part to keep this up and running.....especially in the face of threats from cyber anarchists such as these.

*Thank you.* It is sppreciated.


----------



## Xue Sheng

Bob Hubbard said:


> The MartialTalk server has been under heavy attack by a bot net since around 8am this morning. So far we've blocked several thousand systems trying to brute force their way in. While this continues, you may experience some performance issues.
> 
> The server and the site are both secure, and can easily ride this out, so rest easy.
> 
> We apologize for any inconvenience these jack asses cause.


 
That explains it, Thanks Bob


----------



## Bob Hubbard

We did the cyber version of "modulated the shields" and that seems to have ended things for now. I haven't gotten many notices the last 7 hours.


----------



## jarrod

MT under attack!?!?!?

to the front, MTers!

huzzah!

jf


----------



## kidswarrior

Thanks for everything you do to keep us up and running, Bob. I'm sure I don't know even a fraction of it.


----------



## Xue Sheng

Bob Hubbard said:


> We did the cyber version of "modulated the shields" and that seems to have ended things for now. I haven't gotten many notices the last 7 hours.


 
Now if you could only get that DAMN Klingon Cloaking device working with MT Technology


----------



## Bob Hubbard

LOL!  That's kinda what we did, but in a way that the "good guys" can still see us.


----------



## arnisador

Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?


----------



## shesulsa

arnisador said:


> Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?



*Not Kaith, but ...* Yes.


----------



## Bob Hubbard

arnisador said:


> Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?


I'd go with both a and b here.  
I personally think that anyone who kills a bulk spammer or bot horde manager deserves a reward, knighthood and a free drink at the pub of their choosing.
But that's just me.


----------



## Xue Sheng

Bob Hubbard said:


> I'd go with both a and b here.
> I personally think that anyone who kills a bulk spammer or bot horde manager deserves a reward, knighthood and a free drink at the pub of their choosing.
> *But that's just me*.


 
no its not


----------



## MA-Caver

I asked a "super geek" that I know as to "WHY?" these spoor of a rabid dehydrated camel would want to and like to do these things and he stated simply... 

"Because they can..."

Seems like a power trip for some of these guys who were probably fired program writers and have a vendetta and thus write malicious codes (viruses, worms, et al) and send them out. 

Some folks are just plain mean and it gets them off ... we call them trolls of sorts. Like those of fantasy literature there are several types of trolls out there. 

So if your kid(s) ever ask... are there such things as trolls... you can honestly answer "yes... on the net"


----------



## Kacey

Thanks for the heads-up - but why are you apologizing for the actions of *******s?


----------



## MA-Caver

Kacey said:


> Thanks for the heads-up - but why are you apologizing for the actions of *******s?


I think it's probably because Bob is really a nice guy at heart... and he knows that _THEY_ won't apologize for themselves.


----------



## Carol

Meh.  Keeps threads from being derailed with a large number of "hey, this site is slow" and "why won't this page load?" complaints


----------



## tellner

If you need someone to go talk to the perps in a productive personal manner I've got a baseball bat...


----------



## Xue Sheng

MA-Caver said:


> "Because they can..."


 
Had a guy from NSA that was doing a Computer/Network security seminar I was at say that same exact thing a few years back.


----------



## Miles

Is there any police or governmental agency which prosecutes for this sort of thing?  My office received a bug/worm/virus and it kept 17 people nearly inactive for 2 days.  I have no idea what the cost was in terms of lost productivity, but it grinds my gears that this sort of thing happens.

Good luck!


----------



## jks9199

Miles said:


> Is there any police or governmental agency which prosecutes for this sort of thing?  My office received a bug/worm/virus and it kept 17 people nearly inactive for 2 days.  I have no idea what the cost was in terms of lost productivity, but it grinds my gears that this sort of thing happens.
> 
> Good luck!


There aren't even consistent laws on it, either at the state or federal level.  I could probably make a case under Virginia's computer laws... but I'm not sure it'd be easy.  And there was something with an appeal on a relatively recent anti-spam conviction too that cast some of the laws in doubt.

Virginia's Computer Trespass laws can be found at 18.2-151.1 to 18.2-151.8.  VA has some pretty wide computer crime laws, no doubt in part due to AOL's headquarters having been here for so long.


----------



## Bob Hubbard

Eh, spams illegal, they just moved the servers outside the US.  Most of the ones trying to break in here last night were based in India and SE Asia.  A lot of the will come from Russia and Africa as well.


----------



## arnisador

That doesn't mean they truly originate there, of course...just that they found servers that don't keep logs there, and so the trail effectively runs cold in those places.


----------



## Bob Hubbard

http://en.wikipedia.org/wiki/Storm_botnet



> Some have estimated that by September 2007 the Storm botnet was running on anywhere from 1 million to 50 million computer systems.http://en.wikipedia.org/wiki/Storm_botnet#cite_note-NEO_090707-0Other sources have placed the size of the botnet to be around 250,000 to 1 million compromised systems. More conservatively, one network security analyst claims to have developed software that has crawled the botnet and estimates that it controls 160,000 infected computers





> The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, and is estimated to be capable of executing more instructions per second than some of the world's top supercomputers.



That's why you need to update your system and lock it down.  That SOB hits us we're toast.


----------



## Bob Hubbard

Side note: Botnet attacks have come from all over, including computers inside the US Military and US Government's supposedly secure networks. 

See also: http://en.wikipedia.org/wiki/Kraken_botnet


----------



## jks9199

Bob Hubbard said:


> Eh, spams illegal, they just moved the servers outside the US.  Most of the ones trying to break in here last night were based in India and SE Asia.  A lot of the will come from Russia and Africa as well.


And that's the other problem...  International law (or lack thereof). :shrug:


----------

