Latest Update..

Search

Rx God
Joined
Nov 1, 2002
Messages
39,226
Tokens
at least posters aren't getting some virus by logging in ( or visiting) here. Something like that happened with another forum ( forgot which one) a few years ago.

OGD ?

I think you have to look at who has something to gain here, or at least who really hates the RX... and has the ability to do this.
 

Member
Joined
Dec 12, 2006
Messages
16,073
Tokens
Hasn't the U.S. Gov't or some big financial institutions been hacked into before? If so, what would make this site not vulnerable to outside attacks?
 

Rx God
Joined
Nov 1, 2002
Messages
39,226
Tokens
All kinds of sites can get hacked into. No great reason for RX to have crazy levels of security, IMO. It can happen to places like BofA.

Losing a couple days of posts is no biggie, but the downtime has to hurt, and they may well try to it on the weekend again.
 

New member
Joined
Aug 27, 2007
Messages
4,994
Tokens
Guys, you are missing the point here. It's not just a DDOS. If so, even if they had to kick out all the botnet IPs by hand, it would be fixed now.

It seems to me the attackers are using a botnet running a script that exploits a flaw in the Vbulletin software, crashing the db/forums, or just wasting a zillion cycles.

Until VBulletin issues a patch and theRX loads the new softwareto counter this, the forums will be up and down constantly.

Frustrating, but don't blame theRX site admins, they are stuck waiting for Vbulletin, I believe.
 

New member
Joined
Sep 20, 2004
Messages
6,066
Tokens
cisco floodguard laughs at DDOS attacks.

to start with that will be totally and absolutely USELESS if the link is already saturated (that was basically the situation we had in CR a few years ago with those attacks) %^_, it actually enforces my point that sometimes you can be as competent as you want......but you rely on the equipment/expertise/resources of your upstream ISP's (who are shown over and over to not be totally prepared to deal with these situations such as the time when some ISP in Pakistan managed to throw youtube offline using a simple BGP advertisement)

btw I am not saying that there are no trivial attacks.....I am just saying that the ones that we (users) notice/find out about are most of the time not trivial at all and as another poster noted.......while there are mitigation technologies that can be deployed.....many times it doesnt make financial sense.....back in the days of the attacks that we had here in CR I remember hearing a quote for a 'medium' site going at 50k /year, before the attack happened obviously it would have been a hard sell to spend 50k on a 'may be this can happen'
 

Rx God
Joined
Nov 1, 2002
Messages
39,226
Tokens
Guys, you are missing the point here. It's not just a DDOS. If so, even if they had to kick out all the botnet IPs by hand, it would be fixed now.

It seems to me the attackers are using a botnet running a script that exploits a flaw in the Vbulletin software, crashing the db/forums, or just wasting a zillion cycles.

Until VBulletin issues a patch and theRX loads the new softwareto counter this, the forums will be up and down constantly.

Frustrating, but don't blame theRX site admins, they are stuck waiting for Vbulletin, I believe.


So they can get any forum using V-bulletin, must be a million of them. Could they get all of them at once ?
 

New member
Joined
Aug 27, 2007
Messages
4,994
Tokens
I'm guessing they will only bring down the ones they are paid for, it takes cash to run a botnet.

Same thing happened to certain phpBB forums not too long ago.

They have RX at the mercy of vbulletin, because it would be a nightmare to switch forum software now.
 

New member
Joined
Sep 20, 2004
Messages
6,066
Tokens
Guys, you are missing the point here. It's not just a DDOS. If so, even if they had to kick out all the botnet IPs by hand, it would be fixed now.

assuming its not spoofed connections we are talking about (in which case listing thousands of IPs is of course useless but those can probably be detected in an easier fashion...once again by the upstream ISPs who implement Unicast RPF that mitigates spoofing or do a backscatter analysis)

and of course......putting an ACL with thousands of entries in a firewall has its own complications

if it is a botnet running a script like you describe, most definitively it sticks like a sore thumb and can be easily blocked......simply using a packet inspector that matches the script in question
 

New member
Joined
Aug 27, 2007
Messages
4,994
Tokens
I agree wolfie, a packet inspector might do the trick, but I'm guessing they have several flavors of the exploit floating around - not all using the same syntax! - making it harder to nail every possible request.

I agree with you that admins with the right tools and resources should be able to help, but really the fix should come from vBulletin.
 

New member
Joined
Sep 20, 2004
Messages
6,066
Tokens
I agree wolfie, a packet inspector might do the trick, but I'm guessing they have several flavors of the exploit floating around - not all using the same syntax! - making it harder to nail every possible request.

I agree with you that admins with the right tools and resources should be able to help, but really the fix should come from vBulletin.

probably but you put someone to watch the traffic....looking for mutations of the script, there are less scripts to block than IPs in a botnet attack thats for sure

in the meantime we both speculate cause we cant see the graphs .....but on the good side we can be having our :toast: while therx techs work :lol:
 

New member
Joined
Aug 27, 2007
Messages
4,994
Tokens
Indeed wolfie. Hopefully they are working that angle.

In the meantime: :toast: :drink:
 

Member
Joined
Mar 6, 2005
Messages
2,337
Tokens
Since everyone thinks its so 'easy' to counterattack a DoS attack I will just add my 2 cents on the issue.

There is no such thing as 'a site that is NOT vulnerable to a DoS attack' just as there is NO site that is 'not vulnerable to a hacking attempt', if something its exposed to the internet.....its vulnerable whether its because of lack of filtering/small pipe/vulnerabilities in the daemons that are running etc

You have sites that have been hacked, sites that have not been hacked yet and sites that don't know they been hacked

Depending on the resources you have available in both analyzing/filtering the attack with your upstream providers (and if the upstream providers are competent in this area....which is not guarranteed at all) it can be very hard to defeat an attack, specially if the attack is well designed so that a silly/simple null route......packet filtering etc doesn't do trick


CNN, Yahoo, Ebay etc have all been subject to crippling DDoS attacks...as well as very large sportsbooks that are also based in the UK (and those are the ones that were succesful at prosecuting the crooks....because the local autorities stepped in)

Bottom line, if it would be THAT simple there would not be companies specializing in preventing/defeating these attacks for BIG bucks

No one said it was easy. The bottom line is that IF this had been an event that had been anticipated and prepared for, they'd have likely been back up 100% in a few hours. When it takes this long and there are still no promises it's fixed, well then it seems to me that the "What do we do if we get hit by an attack" entry in the IT Policy Guide was left to be filled in later.
 

New member
Joined
Sep 20, 2004
Messages
6,066
Tokens
No one said it was easy. The bottom line is that IF this had been an event that had been anticipated and prepared for, they'd have likely been back up 100% in a few hours. When it takes this long and there are still no promises it's fixed, well then it seems to me that the "What do we do if we get hit by an attack" entry in the IT Policy Guide was left to be filled in later.

Then there is the financial side. How much does it cost to prepare versus 'x' and what is the likelihood of getting hit by 'x' (while I am sure that therx is profitable....resources for IT are always limited, this is not a bank that gets away with 40% APR interest rates for instance)

Sometimes you are also told by your ISP or hosting company that they have 'y' and when the shit hits the fan there is no such thing (been there a couple of times and after that its 'oh yeah.....lets unplug that and show me' )

And like I've said, there are DDoS attacks that have gone for weeks (very large books in the United Kingdom ...with First World technologies....and resources etc)

I am not making up excuses for therx........but since I have been on a 'similar boat' for almost 10 years I can understand how these situations can happen.

In IT (or engineering in general) its hard enough to make a case to pay $$$$ for 'x' when its absolutely necessary .....let alone when its a 'prevention in case xyz happens'

In essence, tech guys at therx......keep up the caffeine and gl
 

Conservatives, Patriots & Huskies return to glory
Handicapper
Joined
Sep 9, 2005
Messages
87,117
Tokens
Good luck Wil, obviously the situation was much worse than a "failed server". I appreciate the efforts by theRx, and the site seems to be running better than ever right now.

:toast:
 

New member
Joined
Sep 19, 2007
Messages
3,472
Tokens
Running lightning fast right now with over 4500 users, don't think I've ever seen it this fast in fact. Let's hope this doesn't jinx things.
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
Important.

Make sure you page down if you have to go thru click here to go to froum after clicking.



wilheim..
 

2009 RX Death Pool Champion
Joined
Apr 3, 2005
Messages
13,603
Tokens
Make sure you page down if you have to go thru click here to go to froum after clicking.



wilheim..


what does page down mean? i had to go through click here thingy..and there is a bunch of jibberish at the top...could page down bypass that? otherwise everything has been good on this end..
 

Member
Joined
Nov 2, 2006
Messages
434
Tokens
This is insane, and is contributing to me doing alot more of this :drink: and less of this d1g1td1g1t.


Thanks guys! :toast:
 

Member
Joined
Nov 2, 2006
Messages
434
Tokens
what does page down mean? i had to go through click here thingy..and there is a bunch of jibberish at the top...could page down bypass that? otherwise everything has been good on this end..


Same effect as scrolling down just uses the keyboard without going to the mouse. Usually to the left of the numbers on a regular keyboard, or topright on laptop keyboard. :toast:
 

Forum statistics

Threads
1,119,810
Messages
13,573,483
Members
100,871
Latest member
Legend813
The RX is the sports betting industry's leading information portal for bonuses, picks, and sportsbook reviews. Find the best deals offered by a sportsbook in your state and browse our free picks section.FacebookTwitterInstagramContact Usforum@therx.com