# We will, we will DDoS you...



## drmike (Nov 22, 2014)

vpsBoard has been getting dinged most of the past 24 hours by big attacks.

Congrats to those spending their mom's allowance money on booters.  You little shits.

To the regular users and viewers of vpsBoard, just part of the theater and fun of running a site in this general segment.  

It hasn't been your internet, just some nulls, rolling around, more nulls, repeat, wash, rinse, have a drink, curse at the sun, sleep goofy, repeat.

DNS has choked and broke at points in between too.. At least for me.


----------



## vRozenSch00n (Nov 22, 2014)

I can't access vpsboard since yesterday, and I thought it was another IPB vulnerability.

edit: Any suspect, Doc?


----------



## splitice (Nov 23, 2014)

Welcome back VpsB 

I think Mann removed the A's to let the IPs cool off (if its DNS targeted). That and apparently both servers are being targeted with 20G+.

Rage4's been online without issue from what I can see.


----------



## k0nsl (Nov 23, 2014)

I noticed this early yesterday when asking @MannDude something via PM on IRC.


----------



## Geek (Nov 23, 2014)

k0nsl said:


> I noticed this early yesterday when asking @MannDude something via PM on IRC.


Yeah.  The Dude popped in around Midnight I think. Said that RamNode was taking hits at that time also. Realized we could get to the front page of https://biggiesmalls.vpsboard.com - but that was prior to finding out it was a DDoS. Before that we thought it was maintenance, and that pulling the zone was a peculiar way to down the site for the duration.  Then again I remember the last WHMCS zero-day, and Fran's "maintenance" page was a plain 404.    Guess anything's possible.


----------



## William (Nov 23, 2014)

splitice said:


> Rage4's been online without issue from what I can see.


Yup, should not have caused any downtime.


----------



## splitice (Nov 23, 2014)

I suppose Vpsboard might have hit a DNS Query limit if it was DNS targeted. The dude will probably publish an attack postmortem once everything settles I guess.


----------



## drmike (Nov 23, 2014)

The DNS down I saw -  I can't finger why or what as I am not the person at the deadman switch. 

But vpsboard.com was serving up empties for a while here and there.  No record found basically.  

When I saw the fail I ran to shell and did manual DNS look ups against multiple DNS servers to confirm the funkiness.  So was legit.

I caught it multiple times throughout the day doing that.  (i.e. 3-4 times) and duration was a good chunk like 5-10 minutes each time. May have been longer though as I am highly distracted and not hawk eyeing things.

Ideally someone in the filtering side of things labeled the attack, nature of it.   Probably more NTP de/reflection BS.


----------



## wlanboy (Nov 23, 2014)

Looks like it is DDoS time again.

Some LEB providers get targeted too.


----------



## rds100 (Nov 23, 2014)

The DNS was working but it was returning no A records, just MX records. Probably the A records were removed on purpose.


----------



## Erawan (Nov 23, 2014)

Oh, so it's a DDoS?
I tought it was just my ISP blocking some websites, and problem with DSLAM.

When will this kind of game stopped? It's really not nice if we can't open our favourite site.


----------



## Geek (Nov 23, 2014)

I just put two and two together on the thread topic. I was pretty tired last night.   

*stomp-stomp-clap, stomp-stomp-clap*


----------



## vRozenSch00n (Nov 23, 2014)

Geek said:


> *stomp-stomp-clap, stomp-stomp-clap*


But that's definitely not Queen


----------



## drmike (Nov 23, 2014)

Yeah I have some leads.  Wasn't expecting all these attacks and one thrown directly at me (might be unrelated but never can say), so need to devise creative future tracking.

I am baiting traps for next round of hunting varmints.  Give folks some special target honeypots.

People throwing packets my way very well might end up snagged.  I am glad to do home visits to kick someones ass for free. That's something this industry sorely needs.   Hopefully, an ocean or two stand between me and the skiddie.

Skiddies better get fit, to the gym, and some MMA / martial arts training.


----------



## GaleDribble (Nov 24, 2014)

Is this why the site was unavailable yesterday? How long did it last?


----------



## Aldryic C'boas (Nov 24, 2014)

It was the government, ineptly breaking their spy program while trying to conquer the internet to keep tabs on pesticide experts.


----------



## Francisco (Nov 24, 2014)

Aldryic C said:


> It was the government, ineptly breaking their spy program while trying to conquer the internet to keep tabs on pesticide experts.


Curtis carries pocket sand, it's OK.

Francisco


----------



## MannDude (Nov 24, 2014)

Francisco said:


> Curtis carries pocket sand, it's OK.
> 
> 
> Francisco


Not just pocket sand, either. 

We've got a solution that was tested and working last night that will be permanently implemented soon, and will fail-over that setup to BuyVM's 100Gbps filtering in LV when it becomes available if the other setup fails. Advertisers will also receive 2 days added to their billing cycle renewal as well which I'll add later this evening.


----------



## drmike (Nov 24, 2014)

GaleDribble said:


> Is this why the site was unavailable yesterday? How long did it last?


Intermittent.  Attack, get stuff down and broken, then vpsB comes back and repeat.

Bunches of times for hours and hours on end.

I feel for all involved.  Total headache.


----------

