I had a rather massive DDOS attack against my server earlier this evening. Luckily NatNet was on top of it. They said at one point the inbound UDP traffic got up to 12 Gbps, though based on the graph it averaged out to something lower than that.
I’m not really sure why someone attack me at this point in time. Mainstream has gone bareback, so there’s not a lot of controversy around my stuff anymore. There was a meth head who hit me up a week or two ago. He’d start with compliments and then wind up with these vague threats of lawsuits but he was so incoherent I can’t see him being the source.
Anyway, the traffic is being filtered and I’m back up. Hopefully it won’t go on for long.
DDOS attacks don’t necessarily have to be aimed at you or your sites specifically. I’ve had a few over the years and my host didn’t think they where aimed at me as they seen similar at random on other servers. But who knows.
Yes we had the same, even if we have fully dedicated solutions, the host had one of it’s nodes under attack and it was affecting all the servers in that particular data center. Sometimes it happens, albeit rarely.
I hope that was the case and that someone didn’t target you in particular, that would be just sad.
When I called in, the tech at NatNet made the comment “well, someone doesn’t like you”. That, plus the fact that it got to a level that NatNet wasn’t capable of dealing with themselves (they had to bring in the help of a third party company that deals with this sort of thing) makes me think it was more than a random attack. Also, the IP that was being attacked is my primary IP for porn. I had the choice of shutting my business down until it was over or paying $75/day for traffic filtering. The $75 seemed like it was cheaper solution.
[QUOTE=Ben;162682]Something similar happened to me about a year ago, but Bill from Natnet assured me that my sites were not the primary target.
After this I switched my DNS management to Dyn.com and haven’t had these DDOS problems since then.[/QUOTE]
How would changing DNS servers avoid a DDOS attack? Are you talking about the general attack on NatNet’s DNS servers a year or two ago? At that time I was using Enom for DNS, so I wasn’t affected. But that was very different than this attack. This one was aimed at my server specifically â either one site or one IP on my server (they’re not sure which).
I think that was in April 2004. I don’t know much about DNS and DDOS attacks, but if I understand it correctly the attackers aim at your DNS server (not necessarily your main server where you keep your data) in an attempt to overflood it with requests and render it useless. Apparently the DNS server on Natnet that was used for my blogs was not mine exclusively but served several sites… I think that most people who switch to Dyn.com want to avoid DDOS attacks anyway, but as I said I don’t know much about that. Bottom line, this has worked for me so far.
The issue was that the volume of UDP traffic overwhelmed the switch that I was on and it started affecting some of NatNet’s other customers that had servers on the same switch. All they could do was unplug my server and then reroute all the inbound traffic to my server through a 3rd party company that filters out the attack traffic (which is costing me an additional 4x my normal hosting bill, but at least the charge is daily, so hopefully I won’t have to pay for that much longer).
The attacks are intermittent, but continuing. Apparently at one point the inbound traffic topped 1.6 million packets per second / 17 Gbps. NatNet is filtering it and for the most part it’s not affecting the server. It got a little sluggish on this morning’s attack since they managed to get some of the hacking past the filter. At one point I had about 93 Mbps inbound to the server. But the traffic that got through wasn’t hitting any services that do logging (for the most part).
I did have a guy with a Russian email address hit me up and ask for money to make the attack stop. But I’d rather pay NatNet than pay that guy. Probably best to just pretend there is no impact on the server and have the guy go look for an easier target.
Oh, and I heard PPV had an attack on their servers yesterday as well. Though it was much smaller than the attack on my server. Their inbound traffic increased “just” ten fold. Still, it makes you wonder if they’re targeting a particular type of site.
His email said “250$ BTC or stay down you choose.” I’m not sure if he meant $250 or 250 BTC (which would be $60K). Either way, the attack subsided without paying.
I’m not about to pay him for attacking me. That just encourages him or others to do the same in the future. As I said before, I’d MUCH rather pay NatNet. It’ll probably wind up being cheaper.
We have gone through several DDOS attacks over the years. In one case we did have to negotiate with the perpetrator (a former host that was unhappy we left his company and since he knew our sustem and placed some backdoors we had to work something out). We also have had attacks we battled and won from China, and had our natnet name servers attacked (and also moved to Dyn, which has saved us from that happening again).
It is never fun to go through this, hope you can get through it relatively unscathed!
