Latest Update..

Search
Joined
Jan 17, 2007
Messages
99,709
Tokens
assuming its not spoofed connections we are talking about (in which case listing thousands of IPs is of course useless but those can probably be detected in an easier fashion...once again by the upstream ISPs who implement Unicast RPF that mitigates spoofing or do a backscatter analysis)

and of course......putting an ACL with thousands of entries in a firewall has its own complications

if it is a botnet running a script like you describe, most definitively it sticks like a sore thumb and can be easily blocked......simply using a packet inspector that matches the script in question


So Wolfie, do you believe that this is something like using a thousand zombie systems to simultaneously launch smurf attacks against a remote host ?

The major advantages to an attacker of using a DDOS attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down.
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
For the record

This format is all temporary. At least we have access, regardless of some minor inconvienencs (scolling down) for the time being. The first page should be reformatted real soon to eliminate the scrolling.


Thanks for your patience, wilheim
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
Buster

what does page down mean? i had to go through click here thingy..and there is a bunch of jibberish at the top...could page down bypass that? otherwise everything has been good on this end..<!-- / message -->


Yes scolling or paging down is simply to get by the for now out of sequence sections of the site to get here to the Forums. They included it so posters would not think there is no forum as it is quite a ways down from the top to the Offshore Forum and the rest of the various forums..


Remember all this is just temporary until we are back to normal (very soon).


wil.
 

New member
Joined
Sep 19, 2007
Messages
3,472
Tokens
Wait, are we suppose to be accessing the site through the URL "http://64.40.117.4" now? I realize that's where we're currently being redirected, but this URL won't potentially put posters' CPU's at risk by placing us onto a foreign, unprotected server or something, correct?
 

New member
Joined
Sep 19, 2007
Messages
3,472
Tokens
I wonder if the speed will maintain though once we're back on the actual "www"? It'd sure be nice to hear a little bit more about this temporary URL we're being redirected on as well.
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
hippieki11er

I wonder if the speed will maintain though once we're back on the actual "www"? It'd sure be nice to hear a little bit more about this temporary URL we're being redirected on as well.

Once the attacks are defeated the speed will be as fast if not faster than ever. The "new" URL is just part of our home page and harmless.


wilheiim
 

New member
Joined
Sep 21, 2003
Messages
42,910
Tokens
We very much appreciate everyone's support throughout these difficult times.

TheRX.com will not forget our posters loyalty.
 

New member
Joined
Aug 27, 2007
Messages
4,994
Tokens
Some of us aren't going anywhere. I know it's a rough time for Wil and the mods, hang in there boys.

d1g1t:toast:
 

New member
Joined
Sep 13, 2005
Messages
2,369
Tokens
I definitely appreciate the hard work and effort incurred by the RX IT team and RX management in fighting this attack. This site has been very helpful and entertaining to me over the years. As Jimmy V. famously said "don't give up, don't ever give up."
 

New member
Joined
Nov 29, 2005
Messages
4,391
Tokens
I for one didn't realize how much I spend on this site until it's down. Glad people are working on it and again, I'll offer my IT expertise if it's needed to help.
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
Fyi

I expect us to take a hit around 8:15PM or so Eastern, lets see if we can hold them off tonight. Tech Support is still working very hard to keep the site running 24/7. I just don't know when they will be 100% there yet.


Wil..
 

Member
Joined
Sep 21, 2004
Messages
1,659
Tokens
Oh thanks a lot Go Blue 34. H.ere you have expertise and i spend hours a week trying to get my computer just to run properly. I loaded some software on last night and then spent most of the day trying to take it off because it started acting funny.
 

This place isn't paradise... trust me.
Joined
Jan 23, 2006
Messages
6,437
Tokens
to start with that will be totally and absolutely USELESS if the link is already saturated (that was basically the situation we had in CR a few years ago with those attacks) %^_, it actually enforces my point that sometimes you can be as competent as you want......but you rely on the equipment/expertise/resources of your upstream ISP's (who are shown over and over to not be totally prepared to deal with these situations such as the time when some ISP in Pakistan managed to throw youtube offline using a simple BGP advertisement)

btw I am not saying that there are no trivial attacks.....I am just saying that the ones that we (users) notice/find out about are most of the time not trivial at all and as another poster noted.......while there are mitigation technologies that can be deployed.....many times it doesnt make financial sense.....back in the days of the attacks that we had here in CR I remember hearing a quote for a 'medium' site going at 50k /year, before the attack happened obviously it would have been a hard sell to spend 50k on a 'may be this can happen'

Yeap, this shit is more coordinated than ever now days. These guys can do multiple "types" of attacks at different times. For instance DNS poisoning, Web server attack, Backend database attack (which is why you should use a mysql server from an ISP in Canada because they give you a public IP to map your DB settings to, which can be attacked directly by iteself), etc There are just so many possibilities that you literally will be helpless.

And Cisco for Security, I wouldn't bank a million dollar site on Cisco to protect me.
 

This place isn't paradise... trust me.
Joined
Jan 23, 2006
Messages
6,437
Tokens
I agree wolfie, a packet inspector might do the trick, but I'm guessing they have several flavors of the exploit floating around - not all using the same syntax! - making it harder to nail every possible request.

I agree with you that admins with the right tools and resources should be able to help, but really the fix should come from vBulletin.

So is this like a Sql Injection attack or something to do with VBulletin only? Now this is finally starting to make sense. When I originally read the post about this, it was stated that it was a "corrupted database". Now the puzzle fits together.

I was hoping the RX would move up to Vbulletin 3.7 so we could take advantage of newer features like Tags, Tag Clouds, and more advanced features of the software. The upgrade is fairly easily as well.
 

New member
Joined
Jul 20, 2002
Messages
75,154
Tokens
Fwiw

I was hoping the RX would move up to Vbulletin 3.7 so we could take advantage of newer features like Tags, Tag Clouds, and more advanced features of the software. The upgrade is fairly easily as well.<!-- / message -->

The Rx is well aware of the VBulletin upgrade but right now it is not a priority. We finally added PMs recently but these DDOS attacks have the IT guys occupied. The Rx.com actually is a waste of time to attack if you are looking for a ransom, the motive is more along the lines of vindictivness.


wil..
 

Forum statistics

Threads
1,119,810
Messages
13,573,479
Members
100,871
Latest member
Legend813
The RX is the sports betting industry's leading information portal for bonuses, picks, and sportsbook reviews. Find the best deals offered by a sportsbook in your state and browse our free picks section.FacebookTwitterInstagramContact Usforum@therx.com