Full Post
Comments
Marian Boczek wrote:
Do you even know who you were targeted by? Was it supposed to be a joke or was it competition's idea?
16/07 04:27:45
caymanhost wrote:
@Marian,
I have no idea who or why singled me out for such an attack, no. I have a few unsubstantiated theories but no proof to back any of them up. It is extremely difficult to trace the source of such attacks and all you can really do is just try to protect yourself from repeat performances.
All I can say for sure is that it was not an accident and my site was definitely the intended victim.
I have no idea who or why singled me out for such an attack, no. I have a few unsubstantiated theories but no proof to back any of them up. It is extremely difficult to trace the source of such attacks and all you can really do is just try to protect yourself from repeat performances.
All I can say for sure is that it was not an accident and my site was definitely the intended victim.
16/07 12:21:57
Nieruchomosci Gryfino wrote:
That's awful You have been a target of sneak attack. It's just another thing about blogging that makes the whole business even more difficult. Some people are just beeing eaten alive by greed and need to destroy something that other people build for years or more.
23/07 04:45:43
Frank Lynch wrote:
I am sorry about what happened to you, But also glad that you are back in full force after clearing some Junk , getting some unresolved questioned resolved and yes the best pat of the attack was spring cleaning, i know its a hard way to get sprung cleaning done, But I am also surprised that you were targeted, I mean its for the bigger sites. Denial of service attacks can be personal though!
23/07 21:45:59
caymanhost wrote:
@Frank,
Thanks for your comments. I believe this is entirely personal following some negative feedback that has been going on on my hosting directory which is the site the attackers have decided to take offline.
Unfortunately I have no weapons to fight against such an attack and it is in the hands of my hosting company who are trying to come up with a solution.
The fact that some countries have passed laws against this kind of thing is hardly reassuring when it is almost impossible to track down the perpetrators. In the UK it is punishable by up to ten years in jail, but as the attackers use zombie machines to do their dirty work, tracing back to a source is virtually impossible.
However, I believe these attackers have left some footprints and we are following every lead possible.
Thanks for your comments. I believe this is entirely personal following some negative feedback that has been going on on my hosting directory which is the site the attackers have decided to take offline.
Unfortunately I have no weapons to fight against such an attack and it is in the hands of my hosting company who are trying to come up with a solution.
The fact that some countries have passed laws against this kind of thing is hardly reassuring when it is almost impossible to track down the perpetrators. In the UK it is punishable by up to ten years in jail, but as the attackers use zombie machines to do their dirty work, tracing back to a source is virtually impossible.
However, I believe these attackers have left some footprints and we are following every lead possible.
24/07 23:56:36
Your comment
This item is closed, it's not possible to add new comments to it or to vote on it
Comments must be approved before being published.
14/07: A DDOS Attack Takes Down The Site
I apologize to anyone who had trouble accessing any areas of the site recently but at the tail end of last week I suffered a severe DDOS attack on this domain which brought the server to its knees and took some time to nail down.
The hosting directory was the target and the Wordpress site was down all over the weekend while frantic messages travelled between myself and my host. Finally this morning we got most areas up and running again but there was some damage done in the process and I'm still trying to restore some areas of functionality to various sites.
Why we were targeted in this way I have no idea, but the attack was swift and came with no warning whatsoever. I wasted a lot of time thinking that it was something to do with my Wordpress installation and to be honest the tech support guys were rather slow off the mark.
I was completely baffled and only after downloading and checking my raw access logs did I see what was causing my domain to crash the server the minute it was enabled. Thousands upon thousands of calls every second from thousands of different IP addresses. Even after notifying my host of what I had found they seemed very slow to respond or even take any notice of what I was telling them, stubbornly sticking to the belief that it was a script on my site causing the heavy server load.
This is the first time I have had cause to be disappointed in the response from their support system. Not only were they rather slow but they didn't seem to be very knowledgable either. Eventually my message obviously got through and someone considered the possibility that it was indeed an outside attack on the server and they looked at the box and confirmed what I had been asking them to check for. This was a full on and nasty DDOS attack that found a vulnerability somewhere and caused a lot of downtime for my domain.
Finally this morning my index file was unlocked and so far, things have been OK. However, I continue to find areas of my site that seem to have been affected by the whole thing and I'm not sure how or why.
A whole day has been spent checking and reactivating WP plugins and having a good spring clean. Many of the widgets have had to be re-installed and the site is slowly returning to the way it was before the attack. For some reason there were also some strange effects on this blog but hopefully I have now resolved them. If you do notice any strange behavior or non functioning areas please let me know.
As a result of this however, I did do some housekeeping and cleared up a lot of obsolete junk lying around in various places. I have also installed Bad Behavior on both the WP site and this blog. I made sure that every password was changed and beefed up in all admin areas just as a precaution.
My understanding is that there is little that can be done to prevent such attacks but I am sure my host will be looking at ways to prevent this from happening at their end and I will be having a conference with them tomorrow online to see what can be learned from the experience.
I always believed that such attacks were reserved for high profile and high traffic sites, but have learned the hard way that it can and does happen to anyone. What can you do as a site owner to prevent it? Well, it seems you cannot protect yourself completely but I will say this - the security on my WP installation is probably far more comprehensive than the majority of blogs out there and it made no difference. Whether Bad Behavior would have stopped the attack I don't know but it certainly persuaded me to give the plugin a try, something I have always deemed unnecessary until now. I recommend you consider using it too, if you don't already. Anything you do to make things harder from these internet vandals has got to be a good thing.
It's been a four day nightmare that I can only hope is now behind me.
TCH
tags: DDOS attack, DDOS, dos attacks, hackers, spammers, spam, Wordpress
Related Posts