amuck-landowner

GreenValueHost forced password reset - Security breach?

Status
Not open for further replies.

Nett

Article Submitter
Verified Provider
RamNode provides 10Gbps DDoS protection only. That's *tiny* compared to real DDoS attacks.
 

hellogoodbye

New Member
This is getting beyond ridiculous. 

For all that people slag on GVH and its teenaged chief of operations running the joint, I think whoever that is launching this DDoS attack is the real child here. The earlier compromise (and I do consider it to be a compromise, irregardless of their own definition of the term) was already crossing the line, but at least it revealed something useful-- that GVH had failed to harden basic security with their WHMCS. This however serves absolutely no purpose besides being a dick just because he can.
 

drmike

100% Tier-1 Gogent
RamNode provides 10Gbps DDoS protection only. That's *tiny* compared to real DDoS attacks.
That is true.  Assuming they have that much filtering and connectivity dedicated to such... not making a judgement either way... cause...

What is going to happen way before then is a puny VPS is going to blow up IO on container and probably ruin the entire server.  Ending up in null, and or more properly a service suspension.
 

Nett

Article Submitter
Verified Provider
What is going to happen way before then is a puny VPS is going to blow up IO on container and probably ruin the entire server.  Ending up in null, and or more properly a service suspension.

Just delete the VPS and close the account. /joking
 

DomainBop

Dormant VPSB Pathogen
conspiracy theory: Jon is upset that nobody started any new GVH threads today so he's DDoSing himself to get attention. :p

The attack literally increased it's size by 10 in the past 30 minutes. We're still trying to find a solution.
My suggestion to GVH would be STFU and not give any details about the attack to anyone until the attack is completely mitigated. DDoS attackers epenis sizes (and the intensity of their attacks) tend to increase each time their victims publicly post about the attacks.
 

KuJoe

Well-Known Member
Verified Provider
RamNode is using CNServers for their DDOS protection and CNServers does not offer any form of layer 7 protection so any sized attack will bypass their protection unless RamNode has something implemented on their network or their server to mitigate it.
 

drmike

100% Tier-1 Gogent
I ran out of popcorn ... so I went back to being helpful... Ho hum...

Ramnode had like 200+ load on that server, due to attack... so Layer 7 they have, meh... what shall I call it?

People diss CloudFlare, me included, but up it went. Things were alright.  Then CF started straight passing traffic. Growl.

So CF back in place now.... and more heavy duty linebacker blocks put up... Whee...

http://www.downforeveryoneorjustme.com/greenvaluehost.com

Let's see how long this magic carpet ride lasts.

Done offering free mob protection for tonight.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
I ran out of popcorn ... so I went back to being helpful... Ho hum...

Ramnode had like 200+ load on that server, due to attack... so Layer 7 they have, meh... what shall I call it?

People diss CloudFlare, me included, but up it went. Things were alright.  Then CF started straight passing traffic. Growl.

So CF back in place now.... and more heavy duty linebacker blocks put up... Whee...

http://www.downforeveryoneorjustme.com/greenvaluehost.com

Let's see how long this magic carpet ride lasts.

Done offering free mob protection for tonight.
Were they using free or paid CloudFlare? Free or the $25/mo plan is useless against attacks. And if they didn't change their IPs then CF won't be of any use anyhow.
 

drmike

100% Tier-1 Gogent
"It's not just you! http://greenvaluehost.com looks down from here."

This is why you have staff around the clock or get your lazy princess ass out of bed, or never go to bed when someone is burning your castle down.

Kids though, they have a bed time or they might get grounded and their i-devices untethered.
 

drmike

100% Tier-1 Gogent
Were they using free or paid CloudFlare? Free or the $25/mo plan is useless against attacks. And if they didn't change their IPs then CF won't be of any use anyhow.
Well they were to start with base CF.. and tier up appropriately....  Much of this botnet would be pre-bad-listed with CF and get captcha'd by CF or dealt with otherwise by them.   The botnet is still running on compromised machines that were put on lists nearly 2 months ago.

As for the IP previously exposed, unsure what they did there.  I run nested onion-like layers with throwaway front end IPs for this reason. GVH does not.

I'll say it once, this is the type of stuff that seperates the boys from the men - the real providers from the hobby hosts.  Other companies I know / deal with / etc. run monitoring of everything.  An outage like this forces someone with some ability out of bed even on Christmas.  An hour into this and other staff gets woke up and policies are in place for what to do (and if not, people are just that damn good).

There are plenty of inept companies of all sizes that would fail like this.  So not grinding GVH.   People sleeping during stuff like this with crap ongoing, I have no love for it. Impacted customers shouldn't be sunshine, rainbows and daisies either about it.
 
Last edited by a moderator:

Hxxx

Active Member
drmike is this DDoS just to their client area or their whole networks, including VPS and other stuff?

I though this was just to the WHMCS... no client affected. Is it otherwise?
 
Last edited by a moderator:

KuJoe

Well-Known Member
Verified Provider
This is why you have staff around the clock or get your lazy princess ass out of bed, or never go to bed when someone is burning your castle down.

Kids though, they have a bed time or they might get grounded and their i-devices untethered.
Actually the best thing they can do is go to bed and worry about it later. They can either throw money at the problem or wait for the attacker to get bored, and waiting doesn't cost a dime. Sure, they can't take any new sales while their website is down but if the trade-off is not having to pay costly mitigation fees and bandwidth overages then so be it.

Now if this truly is a layer 7 attack then there are much cheaper mitigation methods out there than CloudFlare that are much more effective.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
True to some extent Mr. KuJoe!

Problem is, since I went to looking, is that ability for customers to log into panels seems to be hosed also.  WHMCS appears down along with their website.

Someone with services now or prior can maybe confirm if other direct URLs to Solus are also down.
 

drmike

100% Tier-1 Gogent

Nett

Article Submitter
Verified Provider
The first URL is their old URL and the second is their new one. I am surprised that they "don't have time" to remove the old URL.
 

WSWD

Active Member
Verified Provider
Kids though, they have a bed time or they might get grounded and their i-devices untethered.
Well on the plus side, it's not a school night, so hopefully no homework to do, and maybe the parents will extend their bedtime slightly.  :lol:
 
Status
Not open for further replies.
Top
amuck-landowner