Server Attack underway - Jan 3 2009 - RESOLVED

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
The MartialTalk server has been under heavy attack by a bot net since around 8am this morning. So far we've blocked several thousand systems trying to brute force their way in. While this continues, you may experience some performance issues.

The server and the site are both secure, and can easily ride this out, so rest easy.

We apologize for any inconvenience these jack asses cause.
 

Sukerkin

Have the courage to speak softly
MT Mentor
Lifetime Supporting Member
MTS Alumni
Joined
Sep 15, 2006
Messages
15,325
Reaction score
493
Location
Staffordshire, England
:sigh: I've never understood what these people gain from such vandalism - they're no different from the drunken yobs who put the windows through on bus shelters :grr:.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
I've been amusing myself looking up IP addresses as they are blocked. Seems a few are from a data center I'd briefly used that couldn't secure a paper bag, but are known for very cheap server hosting. We're in a good data center, with a great security and support team, so I've been rather relaxed all day for a change.

214 more notices since I posted this a few minutes ago.
 

Tames D

RECKLESS
MTS Alumni
Joined
Apr 18, 2006
Messages
5,133
Reaction score
665
Location
Los Angeles, CA
Stupid questions:
  • What is the reason/purpose of this attack? What are they trying to accomplish?
  • What can happen to MT if they succeed?
  • Is it a personal thing against you Bob?
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
1- A compromised server is a useful thing. It's where SPAM comes from, as well as adds strength to other brute-force attacks. They can use it to attack, spam, steal data, etc. Could also be an attempt to knock us offline, for a variety of reasons.

2- If they succeed, it goes "poof", until I can get a replacement server online.

If they compromise the server, all data on it is open to them. This is why I pay almost a grand a month for my hosting. I like having a solid company behind me who can handle this stuff.

But I'm confident we're safe. There's only a small number hitting us at one time, so it's more a "energetic jiggling the doors" than an all out attack, IMO.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
Let me clarify.

Small number = couple hundred to a few thousand systems attacking.
Large number = couple hundred thousand systems attacking.

Bot-nets tend to range from 50,000-500,000 compromised systems. All the more reason to make sure your anti-virus and anti-spyware is current and functioning folks.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
Just to give you an idea how hard this is....

There are over 65,000 "ports" you can connect to.
We've got all but a few blocked. So you have to guess. Too many bad guesses from a single computer, it's locked out.

If you guess which port, now you have to figure out what the username is.
Too many bad guesses from a single computer, it's locked out.

Even if you guess the port, and guess the username, you still have to guess the password right.
Too many bad guesses from a single computer, it's locked out.

Oh, but even if you guess the port, the username, and the password.....you still have to come from one of the few authorized computers who can access the server.
Not it? It doesn't matter if you got em all right, still can't get in.

It's not impossible, but pretty damn difficult. ;)
 

jks9199

Administrator
Staff member
Lifetime Supporting Member
Joined
Jul 2, 2006
Messages
23,560
Reaction score
3,911
Location
Northern VA
Bob --
Technical question on this: Could someone spoof the IP to get access?
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
Sure.

They'd have to know it though.
And be located in the data center.
On a non-routable internal use only IP.
 

grydth

Senior Master
Joined
Jan 13, 2007
Messages
2,464
Reaction score
150
Location
Upstate New York.
I am sure most of us have no idea what effort and caring it takes on your part to keep this up and running.....especially in the face of threats from cyber anarchists such as these.

Thank you. It is sppreciated.
 

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,524
Reaction score
9,779
Location
North American Tectonic Plate
The MartialTalk server has been under heavy attack by a bot net since around 8am this morning. So far we've blocked several thousand systems trying to brute force their way in. While this continues, you may experience some performance issues.

The server and the site are both secure, and can easily ride this out, so rest easy.

We apologize for any inconvenience these jack asses cause.

That explains it, Thanks Bob
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
We did the cyber version of "modulated the shields" and that seems to have ended things for now. I haven't gotten many notices the last 7 hours.
 

jarrod

Senior Master
Joined
Jul 7, 2008
Messages
2,172
Reaction score
96
Location
Denver
MT under attack!?!?!?

to the front, MTers!

huzzah!

jf
 

kidswarrior

Senior Master
Joined
Jan 27, 2007
Messages
2,697
Reaction score
152
Location
California
Thanks for everything you do to keep us up and running, Bob. I'm sure I don't know even a fraction of it.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
LOL! That's kinda what we did, but in a way that the "good guys" can still see us. :)
 

arnisador

Sr. Grandmaster
MTS Alumni
Joined
Aug 28, 2001
Messages
44,573
Reaction score
456
Location
Terre Haute, IN
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?
 

shesulsa

Columbia Martial Arts Academy
MT Mentor
Lifetime Supporting Member
MTS Alumni
Joined
May 27, 2004
Messages
27,182
Reaction score
486
Location
Not BC, Not DC
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?

*Not Kaith, but ...* Yes.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,245
Reaction score
772
Location
Land of the Free
Kaith, in your professional opinion, would you say these people attacking the network are a.) lowlife scum, or b.) pathetic weasels?
I'd go with both a and b here.
I personally think that anyone who kills a bulk spammer or bot horde manager deserves a reward, knighthood and a free drink at the pub of their choosing.
But that's just me.
 
Top