OcUK DDoS attack - £10,000 reward

Status
Not open for further replies.
Ok, say this DDOS was using infected machines, what sort of malware would it take the form of? I've got Kaspersky AV and run regular scans, is this sort of thing detectable usually by AV or is it something more sinister?

Forgive my ignorance in this matter. And hope OcUK get this resolved to their satisfaction.
 
I've looking to buy some stuff this week and it's been very frustrating (more so for OcUK i imagine!), hopefully you'll catch the people responsible.

I don't think this is the first time you've been hit in this way? i seem to remember there were a few occasions last year as well. I suspect that there's a good reason why you're posting the reward on the forum, unless i'm barking up the completely wrong tree.

Knowing that someone out there is trying to screw up my shopping makes me want to buy here even more :p
 
Last edited:
bennyboy2606 said:
As above, could you not cross check the huge list of I.P's against that of registered users to see if a user has been accessing the site at an unhuman rate? Also, you could always change the domain of the website/shop frequently until the case is solved, whilst leaving the other one up, would the "zombie invasion" not continue on the original site, whilst legit customers and forumers having an alternate? I dunno, was just a suggestion.
Click to expand...

That would only work if the zombies weren't looking up the IP using the domain name and changing the domain would mean the site would look like its down to joe public.
 
platinum87 said:
i must say that it would be near impossible to get a conviction or even to find out who is causing this..

my recommendation is to invest in dome ddos protection, or upgrade it
Click to expand...
The only "ddos protection" is more capacity than the attackers. Either that or weathering the storm until the attacker(s) get what they want, or get bored. You can't block the ports that they will be attacking without cutting off your services altogether.

Routers don't stop all but the most trivial script-kiddy single IP/subnet attacks. Content scanners can help but when it's just bandwidth being abused there really isn't a lot you can do.

One wonders what the motivation for this would be - DDoS attacks typically have a strong motive behind them.
 
Was at work today and noticed the forums were dying at dinner time :(

I litterally sat and ate my sandwitch with nothing good to read!

THIS SHOULD NEVER HAPPEN! OcUK forums gives me things to do at work and if the sites down I HAVE to accutally do work!! Outrageous!! :mad:
 
Dogoid said:
how could a router differentiate between a customer and an attacker?
Click to expand...

Some firewalls can in the case of SYN floods in that it will only pass requests through where an ACK from client has been received (handshake completion). This just moves the problem to the firewall though in reality when there's a huge volume of traffic.

Anyways, might just dob someone random in - probably better odds than the lottery ;) (j/k)
 
Was wondering what was happening over the last few days.

In all my years here, I have never known the forums to fault so much - and i thought it was one of the windows patches I had applied.

Wonder why someone would be so petty as to attack a forum though.
 
Solari said:
Some firewalls can in the case of SYN floods in that it will only pass requests through where an ACK from client has been received (handshake completion). This just moves the problem to the firewall though in reality when there's a huge volume of traffic.
Click to expand...
Exactly, which is why capacity is king.

If rogue traffic looks identical to regular customer traffic then you can't block it, you can overload any webserver/database with sufficient capacity - the reason why it seldom happens with anyone notable is because their capacity & clustering, etc makes it practically impossible.

Lest we forget - CNN, Yahoo, eBay have all been victims of DDoS attacks in the past.
 
Rroff said:
That would only work if the zombies weren't looking up the IP using the domain name and changing the domain would mean the site would look like its down to joe public.
Click to expand...

Yes it may look down to the public, how about redirecting to a page with details on how to access the new site, as a redundant computer won't be able to relay this information, however an average joe trying to buy some hardware, would see what to do, and follow steps accordingly? Possibly using one of them "Enter code in image" type of things, for the link to be showed. Or possibly having the link forwarded to an email address, at least then you could create a clearer picture of which I.p's are attackers, and which are not, cross check this against a list of previous visitors, and wahla you have you list of people, and list of drones, and then I have no idea what you could do with such list :P
 
divosuk said:
Was wondering what was happening over the last few days.

In all my years here, I have never known the forums to fault so much - and i thought it was one of the windows patches I had applied.

Wonder why someone would be so petty as to attack a forum though.
Click to expand...

Cuz of the damage it would do! i mean who knows of a better or bigger forum than OCuK?
 
Status
Not open for further replies.
Back
Top Bottom