Latest Update..

[Betallsports]

assuming its not spoofed connections we are talking about (in which case listing thousands of IPs is of course useless but those can probably be detected in an easier fashion...once again by the upstream ISPs who implement Unicast RPF that mitigates spoofing or do a backscatter analysis)

and of course......putting an ACL with thousands of entries in a firewall has its own complications

if it is a botnet running a script like you describe, most definitively it sticks like a sore thumb and can be easily blocked......simply using a packet inspector that matches the script in question

So Wolfie, do you believe that this is something like using a thousand zombie systems to simultaneously launch smurf attacks against a remote host ?

The major advantages to an attacker of using a DDOS attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down.

 

[wilheim]

For the record

This format is all temporary. At least we have access, regardless of some minor inconvienencs (scolling down) for the time being. The first page should be reformatted real soon to eliminate the scrolling.


Thanks for your patience, wilheim

 

[wilheim]

Buster

what does page down mean? i had to go through click here thingy..and there is a bunch of jibberish at the top...could page down bypass that? otherwise everything has been good on this end..<!-- / message -->

Yes scolling or paging down is simply to get by the for now out of sequence sections of the site to get here to the Forums. They included it so posters would not think there is no forum as it is quite a ways down from the top to the Offshore Forum and the rest of the various forums..


Remember all this is just temporary until we are back to normal (very soon).


wil.

 

[hippieki11er]

Wait, are we suppose to be accessing the site through the URL "http://64.40.117.4" now? I realize that's where we're currently being redirected, but this URL won't potentially put posters' CPU's at risk by placing us onto a foreign, unprotected server or something, correct?

 

[noPunter]

this URL won't potentially put posters' CPU's at risk by placing us onto a foreign, unprotected server or something, correct?

Correct

 

[DayTraderNation]

right now this is the fastest i have ever seen this forum move, no joke! the speed is like lightening!

 

[hippieki11er]

I wonder if the speed will maintain though once we're back on the actual "www"? It'd sure be nice to hear a little bit more about this temporary URL we're being redirected on as well.

 

[steaktartar]

right now this is the fastest i have ever seen this forum move, no joke! the speed is like lightening!

mr jinx:drink:

 

[wilheim]

hippieki11er

I wonder if the speed will maintain though once we're back on the actual "www"? It'd sure be nice to hear a little bit more about this temporary URL we're being redirected on as well.

Once the attacks are defeated the speed will be as fast if not faster than ever. The "new" URL is just part of our home page and harmless.


wilheiim

 

[DayTraderNation]

mr jinx:drink:

yup I did curse the mother. After I posted that I couldnt get on until now!:finger:

 

[teazeman]

just able to get back on...

 

[SportSavant]

We very much appreciate everyone's support throughout these difficult times.

TheRX.com will not forget our posters loyalty.

 

[Cusipz]

Some of us aren't going anywhere. I know it's a rough time for Wil and the mods, hang in there boys.

d1g1t:toast:

 

[zeeman]

I definitely appreciate the hard work and effort incurred by the RX IT team and RX management in fighting this attack. This site has been very helpful and entertaining to me over the years. As Jimmy V. famously said "don't give up, don't ever give up."

 

[GoBlue34]

I for one didn't realize how much I spend on this site until it's down. Glad people are working on it and again, I'll offer my IT expertise if it's needed to help.

 

[wilheim]

Fyi

I expect us to take a hit around 8:15PM or so Eastern, lets see if we can hold them off tonight. Tech Support is still working very hard to keep the site running 24/7. I just don't know when they will be 100% there yet.


Wil..

 

[buddym]

Oh thanks a lot Go Blue 34. H.ere you have expertise and i spend hours a week trying to get my computer just to run properly. I loaded some software on last night and then spent most of the day trying to take it off because it started acting funny.

 

[Masxmenos]

to start with that will be totally and absolutely USELESS if the link is already saturated (that was basically the situation we had in CR a few years ago with those attacks) %^_, it actually enforces my point that sometimes you can be as competent as you want......but you rely on the equipment/expertise/resources of your upstream ISP's (who are shown over and over to not be totally prepared to deal with these situations such as the time when some ISP in Pakistan managed to throw youtube offline using a simple BGP advertisement)

btw I am not saying that there are no trivial attacks.....I am just saying that the ones that we (users) notice/find out about are most of the time not trivial at all and as another poster noted.......while there are mitigation technologies that can be deployed.....many times it doesnt make financial sense.....back in the days of the attacks that we had here in CR I remember hearing a quote for a 'medium' site going at 50k /year, before the attack happened obviously it would have been a hard sell to spend 50k on a 'may be this can happen'

Yeap, this shit is more coordinated than ever now days. These guys can do multiple "types" of attacks at different times. For instance DNS poisoning, Web server attack, Backend database attack (which is why you should use a mysql server from an ISP in Canada because they give you a public IP to map your DB settings to, which can be attacked directly by iteself), etc There are just so many possibilities that you literally will be helpless.

And Cisco for Security, I wouldn't bank a million dollar site on Cisco to protect me.

 

[Masxmenos]

I agree wolfie, a packet inspector might do the trick, but I'm guessing they have several flavors of the exploit floating around - not all using the same syntax! - making it harder to nail every possible request.

I agree with you that admins with the right tools and resources should be able to help, but really the fix should come from vBulletin.

So is this like a Sql Injection attack or something to do with VBulletin only? Now this is finally starting to make sense. When I originally read the post about this, it was stated that it was a "corrupted database". Now the puzzle fits together.

I was hoping the RX would move up to Vbulletin 3.7 so we could take advantage of newer features like Tags, Tag Clouds, and more advanced features of the software. The upgrade is fairly easily as well.

 

[wilheim]

Fwiw

I was hoping the RX would move up to Vbulletin 3.7 so we could take advantage of newer features like Tags, Tag Clouds, and more advanced features of the software. The upgrade is fairly easily as well.<!-- / message -->

The Rx is well aware of the VBulletin upgrade but right now it is not a priority. We finally added PMs recently but these DDOS attacks have the IT guys occupied. The Rx.com actually is a waste of time to attack if you are looking for a ransom, the motive is more along the lines of vindictivness.


wil..