# Dealing with the Buffalo DDoS Mafia



## drmike (Oct 9, 2013)

Earlier today a valued member of vpsBoard made available an image upload site for use on vpsBoard.

I was the first tester of the service and uploaded (4) photos of Colocrossing's routers and rack.  Those photos were purged from imgur.com the other day likely from complaints from CC.  The uploads were included in the original post so the images were displayed as they should have been.

Literally in a very small time < a few hours, the VPS and IP hosting the upload site were DDoS'd offline.  Provider autonulls and that stays in place for 24 hours.

Clearly, only one company would care so much about those photos "reappearing" and dips so low as to DDoS things.  Yeah I am talking about ColoCrossing here.


----------



## Lee (Oct 9, 2013)

To be fair it could just as easily be someone fed up with you rather than CC.


----------



## drmike (Oct 9, 2013)

Well, that's possible @W1H-Lee but there is other stuff happening in the backchannel that indicates otherwise.   Shame that sometimes I have to keep my lips closed.

The image upload site will be back in a few hours... with filtering... elsewhere...


----------



## rds100 (Oct 9, 2013)

Just post the pics on FB and then post the links from fbcdn. I doubt this will be easily DDoSable.


----------



## TheLinuxBug (Oct 9, 2013)

Ha! Those fucktards on LET just modified one of my thread responses because I included the fact that vpsBoard.com is a community and LET isn't any longer.  I would love to bitch slap Jbiloh atm, ignorant piece of crap he is.

Edit: What's is even more hilarious is now he is in the thread pretending like he cares. I am speechless.

Cheers!


----------



## wlanboy (Oct 9, 2013)

Ddos because of some hardware pictures?

Quite a heavy overreaction.


----------



## drmike (Oct 9, 2013)

@TheLinuxBug, nice of them to modify people's words in posts.   That's about the worst thing you can do in a public contributed forum.


----------



## drmike (Oct 9, 2013)

wlanboy said:


> Ddos because of some hardware pictures?
> 
> Quite a heavy overreaction.


Yes sir, my sentiments.

That rack in the photos, it would go poof if someone threw some malicious traffic at it.


----------



## Francisco (Oct 9, 2013)

buffalooed said:


> Yes sir, my sentiments.
> 
> That rack in the photos, it would go poof if someone threw some malicious traffic at it.


If the floods are true then that's *rough*.

Has anyone been able to get the nullroute notification?

Francisco


----------



## RiotSecurity (Oct 9, 2013)

buffalooed said:


> Earlier today a valued member of vpsBoard made available an image upload site for use on vpsBoard.
> 
> I was the first tester of the service and uploaded (4) photos of Colocrossing's routers and rack.  Those photos were purged from imgur.com the other day likely from complaints from CC.  The uploads were included in the original post so the images were displayed as they should have been.
> 
> ...


While they ddosed you, they are offline themselfs.

Ironic.

An error occurred.
Sorry, the page you are looking for is currently unavailable.


Please try again later.

If you are the system administrator of this resource then you should check the error log for details.

_Faithfully yours, nginx._


----------



## manacit (Oct 9, 2013)

Didn't the US government shut down right around the time you posted the pics? I BLAME COLOCROSSING

 - this thread


----------



## jarland (Oct 9, 2013)

manacit said:


> Didn't the US government shut down right around the time you posted the pics? I BLAME COLOCROSSING
> 
> 
> - this thread


Laugh now, you won't think it's so funny when you learn who Biloh really is.


I'll give you a hint. It starts with Maxine and ends with Waters.


----------



## drmike (Oct 9, 2013)

manacit said:


> Didn't the US government shut down right around the time you posted the pics? I BLAME COLOCROSSING
> 
> - this thread


Dude, you really need some CC swag...   official ColoCrossing pom poms....

Not picking on you though.  Everyone needs a heckler to keep them on their toes.


----------



## Aldryic C'boas (Oct 9, 2013)

As much as I enjoy playing Devil's Advocate, I'm loathe to do so in this situation since it (partially) helps CC.  But said pics were of their deployment at Coresite, right?  All remote hands work?  Seems like that would negate any fault on them, since it was all EGI on-hands that did that setup.  Would make more sense for EGI to want those pictures gone than CC.

Of course,  you could also take it up another level, and assume that CC realizes the above, and is using the circumstance to DDoS something of pub's out of spite, knowing they could 'logically' claim no motivation.


----------



## manacit (Oct 9, 2013)

I actually rent a server from ChicagoVPS located in Buffalo, service is nice, they just ditched Cogent and got L3, it's nice.

Here's why this post is dumb:


You're blaming them for something you have absolutely no proof of. At all. You can't go around making baseless accusations and expect to be taken seriously. 
They didn't even do the work on the rack - someone *asked* John about it and he admitted that it was bad, that it was theirs, but they outsourced it all to EGI (whom we all know isn't the best). 
EGI would be the one who'd want this gone, it reflects much more poorly on them
I'm all for exposing the negative CC business practices, but you give them more press (and keep them on everyone's radar) far more often than even they could. You aren't heckling them, you're coming off like a conspiracy nut with a bone to pick, crying wolf.


----------



## RiotSecurity (Oct 9, 2013)

manacit said:


> I actually rent a server from ChicagoVPS located in Buffalo, service is nice, they just ditched Cogent and got L3, it's nice.
> 
> Here's why this post is dumb:
> 
> ...


He thinks it's cc due to the IRONY that it got ddosed and pulled from imgur.

I know more to the story than you do, so hush up.


----------



## manacit (Oct 9, 2013)

RiotSecurity said:


> He thinks it's cc due to the IRONY that it got ddosed and pulled from imgur.
> 
> I know more to the story than you do, so hush up.


lol


----------



## drmike (Oct 9, 2013)

Someone is asshurt on LET.  Posting about the thread over there is Mr. ChicagoVPS.  My question is why does LET hide so many post behind the log-in veil?

[[[[[  If vpsBoard wanted to be LET it would be  secretly owned by another provider that promotes their own shell companies.   ]]]]]]

and while CC doesn't staff their San Jose location, they certainly put that gear there..  That was the real topic of the conversation and photos.  The top of rack gear.   Are they blaming EGI on the switch/router there?


----------



## MannDude (Oct 9, 2013)

"You'll never see a DDoS from our network"

A phrase I've heard too often. Anytime a controversial thread is posted, vpsBoard generally gets DDoSed.


----------



## peterw (Oct 10, 2013)

W1H-Lee said:


> To be fair it could just as easily be someone fed up with you rather than CC.


Or EGI which seem to be very eager to get the images removed.


----------



## kaniini (Oct 10, 2013)

Not to be 'that guy', but can you lay out some actual evidence correlating the DDoS had at all anything to do with these pictures?

It's not that I don't disbelieve, I just feel that it is better to provide actual proof.


----------



## AnthonySmith (Oct 10, 2013)

kaniini said:


> Not to be 'that guy', but can you lay out some actual evidence correlating the DDoS had at all anything to do with these pictures?
> 
> It's not that I don't disbelieve, I just feel that it is better to provide actual proof.


This, but as usual the answer will be no, well not no, it will be a lengthy rant to try an convince you that coincidence is actual proof.


----------



## MannDude (Oct 10, 2013)

AnthonySmith said:


> This, but as usual the answer will be no, well not no, it will be a lengthy rant to try an convince you that coincidence is actual proof.


I think the speculation is valid considering the images were reported on Imgur, then pulled down. Then reuploaded, and then that IP DDoSed.

No one, not EGI or CC has asked for the images to be pulled. EGI is a member here and I'm sure they'd simply shoot me a PM if they had concern over the images.

Combined with the history of controversial threads in the past that are followed by DDoS attacks it's not hard to see why someone would want to point fingers in a certain direction. Obviously no 'proof' exists as they're not dumb enough to do it from their own network if it is them, but nowadays kids just use booter, spoofed addresses, etc. It's hard to prove who is behind such attacks, hence their so wildly popular.


----------



## AnthonySmith (Oct 10, 2013)

MannDude said:


> I think the speculation is valid considering the images were reported on Imgur, then pulled down. Then reuploaded, and then that IP DDoSed.
> 
> No one, not EGI or CC has asked for the images to be pulled. EGI is a member here and I'm sure they'd simply shoot me a PM if they had concern over the images.
> 
> Combined with the history of controversial threads in the past that are followed by DDoS attacks it's not hard to see why someone would want to point fingers in a certain direction. Obviously no 'proof' exists as they're not dumb enough to do it from their own network if it is them, but nowadays kids just use booter, spoofed addresses, etc. It's hard to prove who is behind such attacks, hence their so wildly popular.


Sorry I don't agree.

"Dealing with the Buffalo DDoS Mafia" 
"Yeah I am talking about ColoCrossing here. " 

This is clearly an acquisitive thread, the title itself is a statement.

Coincidence is not evidence, never has been and never will be. those that post slander as fact based on coincidence deserve any fall out imo.

I am not a fan of CC but these toxic threads sure make me sound like one.


----------



## drmike (Oct 10, 2013)

Well sad to say, only two folks really have an interest in the photos disappearing --- CC and EGI.  So I should edit the thread to reflect EGI as well - in light of yesterday's events. One or the other knows the booter skids...

*"Coincidence is not evidence, never has been and never will be. "*

I agree.   But been plenty of coincidence in the past.  Time and reality be told, what I say is pretty sound and often later confirmed. Who secretly acquired Lowend*?  Who was Kevin/Adam = same?  Thomas Dale works at CC/CVPS?  Their routers aren't what they say? That's the small list... Just give some credit already 

When you see the same thing involving the same people time and time again, it isn't coincidence.   It's how they do business.  Miffed that they can't control reality through censorship and pulling/editing posts like over on that other site.


----------



## kaniini (Oct 10, 2013)

AnthonySmith said:


> Sorry I don't agree.
> 
> "Dealing with the Buffalo DDoS Mafia"
> "Yeah I am talking about ColoCrossing here. "
> ...


Well... I think that speculation based on coincidence is actually worse because it devalues the issues that are known.

That is why I think if we are to have a serious discussion on these issues, that it should be done with the actual hard data.  In most cases, he has provided the data... but this is kinda weak.

But personally I am not sure this is the better place for this discussion.  I think, that this community is better served by discussing virtualization, which is the actual purpose of the board.  In some cases, some discussion is warranted because people should be advised of these issues when they consider whether or not to purchase virtualization products from vendors using CC.  I am also not sure that it is right to 'punish' providers who use CC for that fact alone; there are very few colo/infrastructure vendors out there willing to sell servers at prices that make these cheap $15/year VPS possible in a way that is actually sustainable.  After all, you gotta do what you gotta do.

However, I think that there is a lot of emphasis on the CC issue which really detracts from the possible value that this community could have.  At least, I am not interested in participating in a tabloid...


----------



## drmike (Oct 10, 2013)

> In most cases, he has provided the data... but this is kinda weak.


It's hard to provide DDoS info--- who initiated the attack and is running their attack network.  That's the nature of the attacks and why people use them to inflict harm.     Sadly it's waaaaaayyyyy too common with the company at hand.   I wonder if they DDoS their network when the office piped music sucks and someone refuses to stop playing whatever?



> I am also not sure that it is right to 'punish' providers who use CC for that fact alone; there are very few colo/infrastructure vendors out there willing to sell servers at prices that make these cheap $15/year VPS possible in a way that is actually sustainable.


There will eventually be fewer facilities for providers as they sink the competition with DDoS traffic.   There are a growing number of datacenters that won't deal with low end providers since inevitably in come the DDoS attacks.  Costs money, impacts legitimated business customers, requires staff , hardware and software... 

These kids operate like the mob, pay us protection racket money or we DDoS you out of business.



> issue which really detracts from the possible value that this community could have.


Going forward, I'd hope that this community takes steps to move more away from the lowend business model and focusing so highly on low end pricing.  I don't find the model sustainable and it's clear it is more problems that it is worth.

Like I tend to ask, pointed questions, how many low end companies out there make payroll?  How many have owners that are full time employees only of that company (i.e. not working a 'real' job to subsidize things)?  

Of course that goes on elsewhere to some degree, but nowhere like in the low end.  If I open a burger joint selling $2 burgers, I surely am not working my spare hours up the road for McDonalds or the fine dining restaurant to subsidize.   No offense, just saying, the low end really isn't a sustainable business model for but a handful of companies tops.


----------



## datarealm (Oct 10, 2013)

buffalooed said:


> Going forward, I'd hope that this community takes steps to move more away from the lowend business model and focusing so highly on low end pricing.  I don't find the model sustainable and it's clear it is more problems that it is worth.



Hopefully OVH proved this to everyone, though I for one am not holding my breath on that.


----------



## MannDude (Oct 10, 2013)

Probably best I lock this. Sadly DDoS attacks aren't very easily traced back to a legit source of the 'sender' and at this point it's just speculation based on someone having a motive aswell as past coincidences.

Luckily we've got DDoS protection on all important public facing servers so they don't impact the site at all.

:lock:


----------

