Author Topic: PSA: Several servers are being DDoS attacked by a botnet. (Read 25075 times)

Tactical Nuke · September 01, 2017, 07:30:48 AM

did he really just mix up ports with BLIDs

Ad Bot · Advertisement

DrenDran · September 01, 2017, 03:02:56 PM

Quote

(D)DoS attack against your service
Sep 01 2017 01:02:03 PM PT   Our system responded to a (D)DoS against your service with a filter.

Target address: 63.251.20.184
Attack: a UDP flood containing the string "zzzz"
Filter duration: about 5 days

Example positive match

13:01:50.463138 IP (tos 0x28, ttl 114, id 1, offset 0, flags [none], proto UDP (17), length 38) 72.89.110.11.1146 > 63.251.20.184.28000: UDP, payload 10
   0x0000: 4528 0026 0001 0000 7211 3d87 4859 6e0b E(.&....r.=.HYn.
   0x0010: 3ffb 14b8 047a 6d60 0012 0000 7a7a 7a7a ?....zm`....zzzz
   0x0020: 7a7a 7a7a 7a7a

TheBlackParrot · September 01, 2017, 10:09:20 PM

same

Quote

(D)DoS attack against your service
Sep 01 2017 05:14:05 PM PT   Our system responded to a (D)DoS against your service with a filter.

Target address: 74.201.57.218
Attack: a UDP flood containing the string "zzzz"
Filter duration: about 3 days

Example positive match

17:14:00.276833 IP (tos 0x28, ttl 110, id 1, offset 0, flags [none], proto UDP (17), length 38) 31.78.177.86.8486 > 74.201.57.218.60006: UDP, payload 10
   0x0000: 4528 0026 0001 0000 6e11 f756 1f4e b156 E(.&....n..V.N.V
   0x0010: 4ac9 39da 2126 ea66 0012 0000 7a7a 7a7a J.9.!&.f....zzzz
   0x0020: 7a7a 7a7a 7a7a zzzzzz

Mr Queeba · September 01, 2017, 11:06:41 PM

a guy named sausageman entered my discord and said he was the ddoser and provided a bit of details. will provide chat logs in a sec.

Mr Queeba · September 01, 2017, 11:33:58 PM

ok, here they are. in order of most to least recent posts

discord id is 4748 by the way

Kyuande · September 01, 2017, 11:37:26 PM

Finally the coward is revealing himself.

At the same time anyone could claim they did it.

Kidalex90 · September 01, 2017, 11:38:40 PM

Quote from: Mr Queeba on September 01, 2017, 11:33:58 PM

ok, here they are. in order of most to least recent posts
discord id is 4748 by the way

hes probably just full of stuff

Mr Queeba · September 02, 2017, 12:18:30 AM

i was actually pressing X to doubt when he said that stuff, decided to post the chatlog for obvious reasons tho.

Trogtor · September 02, 2017, 12:50:32 AM

Quote from: Mr Queeba on September 01, 2017, 11:33:58 PM

not like ips can change or anything lol

Conan · September 02, 2017, 01:03:56 AM

making net himself sucks cause that means he isnt bleeding cash to make it work :(

sigh. guess we'll just have to get ddos protection for any serious server.

TheBlackParrot · September 02, 2017, 02:41:51 AM

what's the extent of the randomness? i can never get on to capture traffic when this crap strikes
we could just drop all traffic inbound from that set

Refticus · September 02, 2017, 03:11:17 AM

Quote from: Mr Queeba on September 01, 2017, 11:33:58 PM

if that was true, then he'd have beef with everyone hosting a server on blockland.
but the word "someone" means that he will ddos someone if he doesn't like the person who's hosting the server.

Khaz · September 02, 2017, 04:00:44 AM

why tho wtf

GeoEffect · September 02, 2017, 09:21:02 AM

For god's sake, did you really believed him? It could be just a regular joke, or attempt to confuse us. I know what you gonna say about it, but it could be an artifice as well. Also, the real criminal will not reveal himself, it's better for him to stay unnoticed for as long as possible. CO, gentlemans.

The Young Avenger · September 02, 2017, 09:30:12 AM

Quote from: GeoEffect on September 02, 2017, 09:21:02 AM

For god's sake, did you really believe him? It could be just a regular joke, or attempt to confuse us. I know what you gonna say about it, but it could be an artifice as well. Also, the real criminal will not reveal himself, it's better for him to stay unnoticed for as long as possible. CO, gentlemen.

fixed, and honestly it's safe to believe that this is the guy for now