amuck-landowner

We will, we will DDoS you...

drmike

100% Tier-1 Gogent
vpsBoard has been getting dinged most of the past 24 hours by big attacks.

Congrats to those spending their mom's allowance money on booters.  You little shits.

To the regular users and viewers of vpsBoard, just part of the theater and fun of running a site in this general segment.  

It hasn't been your internet, just some nulls, rolling around, more nulls, repeat, wash, rinse, have a drink, curse at the sun, sleep goofy, repeat.

DNS has choked and broke at points in between too.. At least for me.
 

vRozenSch00n

Active Member
I can't access vpsboard since yesterday, and I thought it was another IPB vulnerability.

edit: Any suspect, Doc?
 
Last edited by a moderator:

splitice

Just a little bit crazy...
Verified Provider
Welcome back VpsB :)

I think Mann removed the A's to let the IPs cool off (if its DNS targeted). That and apparently both servers are being targeted with 20G+.

Rage4's been online without issue from what I can see.
 
Last edited by a moderator:

Geek

Technolojesus
Verified Provider
I noticed this early yesterday when asking @MannDude something via PM on IRC.
Yeah.  The Dude popped in around Midnight I think. Said that RamNode was taking hits at that time also. Realized we could get to the front page of https://biggiesmalls.vpsboard.com - but that was prior to finding out it was a DDoS. Before that we thought it was maintenance, and that pulling the zone was a peculiar way to down the site for the duration.  Then again I remember the last WHMCS zero-day, and Fran's "maintenance" page was a plain 404.  :D  Guess anything's possible.
 
Last edited by a moderator:

splitice

Just a little bit crazy...
Verified Provider
I suppose Vpsboard might have hit a DNS Query limit if it was DNS targeted. The dude will probably publish an attack postmortem once everything settles I guess.
 

drmike

100% Tier-1 Gogent
The DNS down I saw -  I can't finger why or what as I am not the person at the deadman switch. ;)

But vpsboard.com was serving up empties for a while here and there.  No record found basically.  

When I saw the fail I ran to shell and did manual DNS look ups against multiple DNS servers to confirm the funkiness.  So was legit.

I caught it multiple times throughout the day doing that.  (i.e. 3-4 times) and duration was a good chunk like 5-10 minutes each time. May have been longer though as I am highly distracted and not hawk eyeing things.

Ideally someone in the filtering side of things labeled the attack, nature of it.   Probably more NTP de/reflection BS.
 

rds100

New Member
Verified Provider
The DNS was working but it was returning no A records, just MX records. Probably the A records were removed on purpose.
 

Erawan

Member
Oh, so it's a DDoS?
I tought it was just my ISP blocking some websites, and problem with DSLAM.

When will this kind of game stopped? It's really not nice if we can't open our favourite site.
 

Geek

Technolojesus
Verified Provider
I just put two and two together on the thread topic. I was pretty tired last night.  :D 

*stomp-stomp-clap, stomp-stomp-clap*
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Yeah I have some leads.  Wasn't expecting all these attacks and one thrown directly at me (might be unrelated but never can say), so need to devise creative future tracking.

I am baiting traps for next round of hunting varmints.  Give folks some special target honeypots.

People throwing packets my way very well might end up snagged.  I am glad to do home visits to kick someones ass for free. That's something this industry sorely needs.   Hopefully, an ocean or two stand between me and the skiddie.

Skiddies better get fit, to the gym, and some MMA / martial arts training.
 

Aldryic C'boas

The Pony
It was the government, ineptly breaking their spy program while trying to conquer the internet to keep tabs on pesticide experts.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Curtis carries pocket sand, it's OK.


Francisco
Not just pocket sand, either. Y7ekN3P.gif

We've got a solution that was tested and working last night that will be permanently implemented soon, and will fail-over that setup to BuyVM's 100Gbps filtering in LV when it becomes available if the other setup fails. Advertisers will also receive 2 days added to their billing cycle renewal as well which I'll add later this evening.
 

drmike

100% Tier-1 Gogent
Is this why the site was unavailable yesterday? How long did it last?
Intermittent.  Attack, get stuff down and broken, then vpsB comes back and repeat.

Bunches of times for hours and hours on end.

I feel for all involved.  Total headache.
 
Top
amuck-landowner