1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some Fu** is attacking my website

Discussion in 'BlackHat Lounge' started by Bross, Aug 13, 2010.

  1. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    I logged in to my stats today.
    Found over 2000 requests (full bandwith visits) one following the other.
    Each request comes 3 seconds after the other. This looks like a DOS attack.

    This is a nice website I have. 100% whitehat, 100% unique content. Good positions.
    Any suggestions? I have the referring site.. (competitor); but I assume it must be someone just trying to screw him over.. He cannot be that stupid.

    If this keeps coming my server will go down..

    What u suggest BHers?
     
    • Thanks Thanks x 1
  2. cnick79

    cnick79 Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2010
    Messages:
    653
    Likes Received:
    341
    Location:
    Google's SandBox
    Contact your hosting provider, they should be able to handle it. I think cPanel has an IP Deny Manager or something like that. I never used it so I'm not sure what it does but it sounds like it could help you?
     
    • Thanks Thanks x 1
  3. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    Thanks for the heads up guys. Hosting is on it.. I wish DOS was legal for a nice payback. If you have any creative ideas feed me up ;)
     
    Last edited: Aug 13, 2010
  4. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,127
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    • Thanks Thanks x 3
  5. SuperBlackHat

    SuperBlackHat Power Member

    Joined:
    Feb 2, 2009
    Messages:
    576
    Likes Received:
    116
    Its sad that your competitor will try to bring you down in a unscrupulous way rather than beat you legitimately.
     
  6. TomasBlackhat

    TomasBlackhat Junior Member

    Joined:
    Sep 15, 2009
    Messages:
    150
    Likes Received:
    25
    ^Can't believe you're on a site called "Black Hat World" and just said that.
     
    • Thanks Thanks x 1
  7. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    I don't assign the tag "Black hat" to DOSing a competitor website.
    You can spam his website with comments, you can blast Xrumer, whatever.. DOS is not blackhat, is screams "I am hopeless, I wish I knew what you were doing".

    BH is supposed to be far from hopeless.
     
  8. TomasBlackhat

    TomasBlackhat Junior Member

    Joined:
    Sep 15, 2009
    Messages:
    150
    Likes Received:
    25
    I don't assign DOSing to Black Hat either. Much worse, but don't tell me you think spamming comments and blasting Xrumer is a legitimate way to beat someone.
     
  9. craigygee

    craigygee Regular Member

    Joined:
    Nov 5, 2009
    Messages:
    356
    Likes Received:
    209
    Occupation:
    Chef
    Location:
    313
    Home Page:
    Both are illegitimate but it is "Blackhat" regardless and this IS blackhatworld.
     
  10. Sanitarium

    Sanitarium Regular Member

    Joined:
    Sep 27, 2008
    Messages:
    312
    Likes Received:
    648
    Occupation:
    I guess making love to your eyes since you're read
    Location:
    In your mind.
    [​IMG]
     
    • Thanks Thanks x 1
  11. Venture

    Venture Regular Member

    Joined:
    Jun 25, 2010
    Messages:
    324
    Likes Received:
    100
    iptables
    if your server runs apache, install mod_evasive
     
  12. greentitanium

    greentitanium Senior Member

    Joined:
    Feb 8, 2010
    Messages:
    1,141
    Likes Received:
    213
    Occupation:
    Prob the same as yours
    Location:
    Great Lakes & RTP
    i have to say i dont agree.... attacking someones site isnt the same. is there a forum section here dedicated to how to attack websites? there is a difference in talking sh*t about someone and walking up to them and punching them in the face.
     
  13. ┼blackrat┼

    ┼blackrat┼ Senior Member

    Joined:
    Jul 31, 2010
    Messages:
    899
    Likes Received:
    729
    Location:
    Sewer

    Yes let us all start DoS wars against each others websites. I heard that´s how the world will end on 2012.


    The moment The big Gay decides to join the war, there´d be no world wide web anymore. It´s be like U.S against the world. Our only hope would be Vietnam, maybe Osama. he managed to survive :D...

    That´s stupid. The real winner is the one who wins without defeating the opponent.

    Sounds dreamy I know, but life has proved me so. Many times.
     
  14. LyNHS

    LyNHS Regular Member

    Joined:
    Jul 20, 2010
    Messages:
    282
    Likes Received:
    98
    Occupation:
    Google AdSense
    Home Page:
    Have you researched mod_security ? That will be hugely beneficial. Trust me.

    Also, if you're using cPanel you'll probably have access to your php.ini files - be sure to check the configuration and to see if they're "global" ... changing that will help a lot!
     
  15. cruddpuppet

    cruddpuppet Registered Member

    Joined:
    Feb 18, 2009
    Messages:
    90
    Likes Received:
    20
    Use iptables to point traffic from their server to themselves. :D
     
  16. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    The IP blocking might not work and you may want to take closer look at the logs. If they hired a hacker with a botnet you might see the traffic coming from a number of different IP addresses associated with different zombie machines. I'd be interested in knowing what you find.
     
  17. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    That wasn't something so clever. Had the attack, it took a lot of BW, but the server was OK.
    I took the advise here and could indeed put blocks, but since I pay loads to a hosting company... I called them and told them about it + I expect them to handle this without downtime. That's why we have them right?

    They added some coding to the core files (blocks I guess) & It was gone.
    Everything is OK.. it's over now..

    Thanks all.
     
  18. holy_spirit

    holy_spirit Registered Member

    Joined:
    Aug 14, 2009
    Messages:
    87
    Likes Received:
    32
    Location:
    mumbai
    nice to hear that.. :)
     
  19. zetzux

    zetzux Newbie

    Joined:
    Aug 18, 2010
    Messages:
    9
    Likes Received:
    2
    Yeah..
     
  20. tacopalypse

    tacopalypse Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 30, 2009
    Messages:
    980
    Likes Received:
    2,485
    Home Page:
    requires a little bit of coding, but..

    1. use google to look up a list of known attack sites.

    2. make an html file that opens 20 of these sites in iframes.

    3. redirect all requests from the offending ip to this html file.

    the end :)