Server Attack underway - Jan 3 2009 - RESOLVED

Bob Hubbard

MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Aug 4, 2001
Reaction score
Land of the Free
The MartialTalk server has been under heavy attack by a bot net since around 8am this morning. So far we've blocked several thousand systems trying to brute force their way in. While this continues, you may experience some performance issues.

The server and the site are both secure, and can easily ride this out, so rest easy.

We apologize for any inconvenience these jack asses cause.
:sigh: I've never understood what these people gain from such vandalism - they're no different from the drunken yobs who put the windows through on bus shelters :grr:.
I've been amusing myself looking up IP addresses as they are blocked. Seems a few are from a data center I'd briefly used that couldn't secure a paper bag, but are known for very cheap server hosting. We're in a good data center, with a great security and support team, so I've been rather relaxed all day for a change.

214 more notices since I posted this a few minutes ago.
Stupid questions:
  • What is the reason/purpose of this attack? What are they trying to accomplish?
  • What can happen to MT if they succeed?
  • Is it a personal thing against you Bob?
1- A compromised server is a useful thing. It's where SPAM comes from, as well as adds strength to other brute-force attacks. They can use it to attack, spam, steal data, etc. Could also be an attempt to knock us offline, for a variety of reasons.

2- If they succeed, it goes "poof", until I can get a replacement server online.

If they compromise the server, all data on it is open to them. This is why I pay almost a grand a month for my hosting. I like having a solid company behind me who can handle this stuff.

But I'm confident we're safe. There's only a small number hitting us at one time, so it's more a "energetic jiggling the doors" than an all out attack, IMO.
Let me clarify.

Small number = couple hundred to a few thousand systems attacking.
Large number = couple hundred thousand systems attacking.

Bot-nets tend to range from 50,000-500,000 compromised systems. All the more reason to make sure your anti-virus and anti-spyware is current and functioning folks.
Just to give you an idea how hard this is....

There are over 65,000 "ports" you can connect to.
We've got all but a few blocked. So you have to guess. Too many bad guesses from a single computer, it's locked out.

If you guess which port, now you have to figure out what the username is.
Too many bad guesses from a single computer, it's locked out.

Even if you guess the port, and guess the username, you still have to guess the password right.
Too many bad guesses from a single computer, it's locked out.

Oh, but even if you guess the port, the username, and the still have to come from one of the few authorized computers who can access the server.
Not it? It doesn't matter if you got em all right, still can't get in.

It's not impossible, but pretty damn difficult. ;)
Bob --
Technical question on this: Could someone spoof the IP to get access?

They'd have to know it though.
And be located in the data center.
On a non-routable internal use only IP.
I am sure most of us have no idea what effort and caring it takes on your part to keep this up and running.....especially in the face of threats from cyber anarchists such as these.

Thank you. It is sppreciated.
The MartialTalk server has been under heavy attack by a bot net since around 8am this morning. So far we've blocked several thousand systems trying to brute force their way in. While this continues, you may experience some performance issues.

The server and the site are both secure, and can easily ride this out, so rest easy.

We apologize for any inconvenience these jack asses cause.

That explains it, Thanks Bob
We did the cyber version of "modulated the shields" and that seems to have ended things for now. I haven't gotten many notices the last 7 hours.
MT under attack!?!?!?

to the front, MTers!


Thanks for everything you do to keep us up and running, Bob. I'm sure I don't know even a fraction of it.
LOL! That's kinda what we did, but in a way that the "good guys" can still see us. :)
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?

*Not Kaith, but ...* Yes.
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?
I'd go with both a and b here.
I personally think that anyone who kills a bulk spammer or bot horde manager deserves a reward, knighthood and a free drink at the pub of their choosing.
But that's just me.