WE'RE BACK!!!

***SlimKlim*** · 10-13-2014, 12:28 PM

I dunno why, but someone DDOS'd us last night and IX took us offline and sent us a sternly worded TOS email informing us that they took the site down until we could get our ship in order.

I poked around, unfairly blamed & executed my mashup thread with all those videos in it, thinking that youtube plugin was causing the issue. Then I find out that we got gangbanged with by approximately 33,482 POST requests at about 2:15 this morning from some IP in Spain. :dunno:

I blocked the IP responsible for all of those hits and now I'm skimming the log to make sure the other hits around that time are at least from US IPs.

At any rate, that's why we went down. We're back now.

***Jake*** · 10-13-2014, 02:28 PM

Thank you xMillions for sorting this out!!

I got the email from the web host at 7:30 this morning, right as I walked in to the office... and I've been in meetings ever since. So, I was able to IM the requisite info to Joey and he took care of it. Much appreciate.

davej · 10-13-2014, 02:59 PM

nice job team.

[Image: high-fives.gif]

***SlimKlim*** · 10-13-2014, 05:04 PM

Thanks guys, I've been keeping an eye on the log files today, but I never really done this before so I'm not sure what's considered abnormal. We're getting hit from the same IP addresses sometimes 100+ times in a row, all within a couple minutes of each other.

Obviously nothing like the 30k+ consecutive hits we were getting this morning, and all of the IPs I cared to check were either mobile network IPs or somewhere on the east coast, whereas our DDOS-er had a Spanish IP.

Is that pretty normal to see, or are we still somehow getting a whole bunch of unwanted traffic?

BLINGMW · 10-14-2014, 08:48 AM

thanks for fixing, yesterday was boring
:thumbup:

HAULN-SS · 10-14-2014, 12:11 PM

Do they give you guys logins to the actual VM this site is running on? Do you have any other services running that might be attracting attention? Do you have at least some minimal set of firewall rules in place on the box?

***SlimKlim*** · 10-14-2014, 12:16 PM

1. ) I don't know but I'm pretty sure they don't. We can FTP into the domain or fiddle around in the hosting control panel, but we can't see the other sites on the VM that we don't own.

2.) The only other thing Jake has hosted here is his personal portfolio site, can't imagine someone would want to DDOS that.

3.) I dunno. Teach me and I will learn Grandmaster.

HAULN-SS · 10-14-2014, 12:28 PM

well i know nothing of the setup you guys have going on here, but if you're just one site being hosted on a VM or hardware server, it's kind of on the host to secure the box. If they give you a VPS (VM), then presumably you'd have some login info to it, and could check out what's going on as far as local firewall rules and other services running. If they just give you some hosting control panel, I'd have no idea where to start other than google for whatever platform it is.

***SlimKlim*** · 10-14-2014, 12:39 PM

Yeah it's just some hosting control panel, just looked around and there are no firewall/security settings that I can see to fiddle around with.

Login




Remember me Lost Password?