CEO and Khmer440 BLACKOUT!
-
- Expatriate
- Posts: 22
- Joined: Mon Aug 11, 2014 1:32 am
- Reputation: 1
- Location: floating about
Re: CEO and Khmer440 BLACKOUT!
OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.
Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...
Any ideas on where the traffic was coming from?
- General Mackevili
- The General
- Posts: 18418
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3408
- Location: The Kingdom
- Contact:
Re: CEO and Khmer440 BLACKOUT!
That ssd scary! I'm still shook up, LoL.
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
- General Mackevili
- The General
- Posts: 18418
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3408
- Location: The Kingdom
- Contact:
Re: CEO and Khmer440 BLACKOUT!
Please don't be from Saudi, please don't be from Saudi......johnnyj wrote:
Any ideas on where the traffic was coming from?
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
- General Mackevili
- The General
- Posts: 18418
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3408
- Location: The Kingdom
- Contact:
Re: CEO and Khmer440 BLACKOUT!
And very well done, OD!
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
Re: CEO and Khmer440 BLACKOUT!
I am also wondering if this event and the vicious and deliberate attack on my avatar are connected.
The attack on Cambodia's two top forums and my avatar, could be seen as attacking three of the four cornerstones of ex-pat culture in the region.
Can we expect an imminent attack on Vlads - Pun-store next? This would complete the most callous assault on our way of life.
Is there any hope for the walls of Babylon ?
I tremble with anticipation
The attack on Cambodia's two top forums and my avatar, could be seen as attacking three of the four cornerstones of ex-pat culture in the region.
Can we expect an imminent attack on Vlads - Pun-store next? This would complete the most callous assault on our way of life.
Is there any hope for the walls of Babylon ?
I tremble with anticipation
Remember your Karma helps a Wet Child In Wigan !
- General Mackevili
- The General
- Posts: 18418
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3408
- Location: The Kingdom
- Contact:
Re: CEO and Khmer440 BLACKOUT!
Haha! Now this is even ten times more worrying! Ed, I think you need to post a list of anyone you've had disagreements with over the past 2 years. Potty will weed them out, one by one.EdinWigan wrote:
The attack on Cambodia's two top forums and my avatar, could be seen as attacking three of the four cornerstones of ex-pat culture in the region.
This is bigger than I had originally thought.
I think your avatar was the main target, and the sites going down were just collateral damage.
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
-
- Site Admin
- Posts: 4193
- Joined: Fri May 02, 2014 8:05 pm
- Reputation: 17
Re: CEO and Khmer440 BLACKOUT!
not positive it was aimed at us both.. but that would be a shaky coincidence if it weren't. it was for sure a DDoS attack on our side, and I've now added another layer of protection at the DNS level, and will be continuing to tune my countermeasures through the day. Biggest hit was timing... they hit while i was asleep and couldn't react quickly.johnnyj wrote:OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.
Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...
Any ideas on where the traffic was coming from?
and a site shutdown is only one minor impact/goal of a DDoS. They can also be used to launch man in the middle attacks, which are much much worse and can cause a server security breach. i'd rather the site shut down than some hackers gain access to it for sure.
downloading all of my logs now, and i'm going to toss them all into Splunk to review and search for patterns on. With any luck Scoby will send me the ones from 440 as well so I can do a full analysis. Depends on how cooperative they're feeling.
-
- Expatriate
- Posts: 22
- Joined: Mon Aug 11, 2014 1:32 am
- Reputation: 1
- Location: floating about
Re: CEO and Khmer440 BLACKOUT!
I've done quite a bit of work on tracking this sort of thing down, let me know if you want a hand reviewing any logs, I'll be offering the same to Scobienz as well.OrangeDragon wrote:not positive it was aimed at us both.. but that would be a shaky coincidence if it weren't. it was for sure a DDoS attack on our side, and I've now added another layer of protection at the DNS level, and will be continuing to tune my countermeasures through the day. Biggest hit was timing... they hit while i was asleep and couldn't react quickly.johnnyj wrote:OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.
Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...
Any ideas on where the traffic was coming from?
and a site shutdown is only one minor impact/goal of a DDoS. They can also be used to launch man in the middle attacks, which are much much worse and can cause a server security breach. i'd rather the site shut down than some hackers gain access to it for sure.
downloading all of my logs now, and i'm going to toss them all into Splunk to review and search for patterns on. With any luck Scoby will send me the ones from 440 as well so I can do a full analysis. Depends on how cooperative they're feeling.
Re: CEO and Khmer440 BLACKOUT!
Great to see the brains of both sites working together for the common benefit of us all.johnnyj wrote:I've done quite a bit of work on tracking this sort of thing down, let me know if you want a hand reviewing any logs, I'll be offering the same to Scobienz as well.OrangeDragon wrote:not positive it was aimed at us both.. but that would be a shaky coincidence if it weren't. it was for sure a DDoS attack on our side, and I've now added another layer of protection at the DNS level, and will be continuing to tune my countermeasures through the day. Biggest hit was timing... they hit while i was asleep and couldn't react quickly.johnnyj wrote:OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.
Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...
Any ideas on where the traffic was coming from?
and a site shutdown is only one minor impact/goal of a DDoS. They can also be used to launch man in the middle attacks, which are much much worse and can cause a server security breach. i'd rather the site shut down than some hackers gain access to it for sure.
downloading all of my logs now, and i'm going to toss them all into Splunk to review and search for patterns on. With any luck Scoby will send me the ones from 440 as well so I can do a full analysis. Depends on how cooperative they're feeling.
Thank you
Remember your Karma helps a Wet Child In Wigan !
-
- Site Admin
- Posts: 4193
- Joined: Fri May 02, 2014 8:05 pm
- Reputation: 17
Re: CEO and Khmer440 BLACKOUT!
Worst part is, i'd JUST downloaded the distro of Splunk last night to put on the server for monitoring this stuff live... and ended up going to bed without finishing.
*sigh*
*sigh*
-
- Similar Topics
- Replies
- Views
- Last post
-
- 0 Replies
- 1099 Views
-
Last post by CEOCambodiaNews
-
- 0 Replies
- 1064 Views
-
Last post by CEOCambodiaNews
-
- 95 Replies
- 23865 Views
-
Last post by Born-Confused
-
- 80 Replies
- 25393 Views
-
Last post by Alex
Who is online
Users browsing this forum: barang_TK, Big Daikon, dirtymacca, Freightdog, Jaas, John Bingham, khmerhamster, Majestic-12 [Bot], Ozinasia, phuketrichard, PSD-Kiwi, Richy9999Rich, simon43, Stravaiger, Username Taken, Zyzz and 981 guests