These synchronized attacks mean one thing and one thing only. The zero day virus; that is a RAT, is still infecting computers to this day. The virus is cross platform compatible. Most easily infecting Windows systems. The RAT can spread across networks, bypass firewalls and attaches to USB devices. I tested it from hacking forums; in a controlled environment. You can wipe binary and deface the operating system in one mouse click. It had full remote access like TeamViewer. I wish I still had it, an antivirus software deleted it. It could also embed itself into .exe files and was not detectable on AVG and Avast. As well as packets across your own network. It would attach and build itself. In order to use it, you had to get yourself hacked and be a host. So the creator infected you and everyone else it infected. It gave you a textbox so everyone you infected DDOSED the specified IP Address with one button click.
I forgot to mention the built in keylogger. It returned every character back and could also send an email.
that’s with iFastNet and ByetHost, InfinityFree does not have any servers AFAIK
or… it’s just people sending a whole lot of packets from a few computers they own
It is usually from several at the same time. Otherwise, you can IP ban the source. We are talking about hundreds to the tens of thousands of different hosts. All with a unique IP or masked through several VPNs and/or Gateways. They use multiple methods including HTTP, FTP and INJECTIONS. The only way to stop it… Change the IP, DDOS them back or stop it from the source.
My idea: change the IP Address every 12 hours and mask it. Somehow without dropping everyone’s website and making extremely large moves to a different server. I took some information security courses; however, I am no networking engineer. It sounds costly; but crucial to maintain stability of user’s websites. Also difficult; but not impossible. Are they trying to brute force attack the MySQL database? That would cause this disruption of service as well.
The file manager and the FTP server are affected by maintenance to the underlying hosting cluster. This maintenance is causing automated failovers as servers are taken own, maintained and put back in. These failovers are generating additional load which is why the FTP service is unhappy. And since the file manager also uses FTP.
The FTP issues from yesterday are not a DDoS attack.
Also, why do you keep going on about these remote terminals so much? And about what viruses could do? Sure, there are botnets in the world, composed from involuntary and usually unsuspecting devices. All we know is that there was an attack. We don’t know who did this, how they did it or why. Maybe it’s a foreign government trying to get access to our servers. Maybe it’s a bored kid who threw a bit of money at a DDoS stresser to harass a “friend”'s site.
Assigning a new IP to a server, updating the configuration of websites to use that IP and updating the DNS of websites to point to the IP is easy. But it has a few problems:
- DNS caching will cause websites to be down for some time. Reducing the DNS TTL mitigates this, but you still get at least a few minutes of downtime at best and much more if the resolver doesn’t respect the TTL (which many won’t).
- It would completely break support with third party DNS providers, because we can’t auto update their settings.
And what do you mean by “masking” an IP address? All data sent over the internet needs an IP address in order to be routed to another computer. You can’t just hide it and somehow still have a working network connection.
And how do you suppose that the same mechanism that would allow visitors to connect to the IP, would not allow the attacker to reroute their attack either?
All in all, it’s a lot of work with a lot of risk of causing more trouble than it solves.
Our database servers are only accessible over our internal network, so there is no practical way someone could brute force them remotely.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.