Close
dadaIMC Discussion List
Binghamton-IMC DDoS attack
Spud, et. al.,
IMC-Binghamton is under a DDoS attack. Other Dada sites beware.
We have been victimized by comment spam for many months
now, and while annoying, has not as yet disabled the site.
Sometime yesterday, our site became unusable. I don't know all
the details yet, but apparently they are doing searches on the
database using SQL wildcard characters.
Unless anyone has any better ideas, the approach I will take for now is
as follows
to get the site back up:
1) disable the search function
2) examine logs to determine worst offending IP address
3) manually block IP addresses.
BTW Spud. #3 is especially difficult, b/c the addresses
in the blocked_ips table is encoded as an MD5 hash.
I think this is a problematic, because it makes checking
which IPs have been already blocked a problem, especially
since a database exception is thrown and an email is generated
to the admin account if you try to add an IP already in the db
(when using the Admin "block IP" form).
I'm developing some perl scripts to help with this problem,
which I'll share with other IMCs.
I'll post more to this list as I learn more about the
problem.
Spud, if you can assist me during this, I would be
grateful.
--
Bill Huston
607-724-1755
bhuston-AT-stny.rr.com
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
IMC-Binghamton is under a DDoS attack. Other Dada sites beware.
We have been victimized by comment spam for many months
now, and while annoying, has not as yet disabled the site.
Sometime yesterday, our site became unusable. I don't know all
the details yet, but apparently they are doing searches on the
database using SQL wildcard characters.
Unless anyone has any better ideas, the approach I will take for now is
as follows
to get the site back up:
1) disable the search function
2) examine logs to determine worst offending IP address
3) manually block IP addresses.
BTW Spud. #3 is especially difficult, b/c the addresses
in the blocked_ips table is encoded as an MD5 hash.
I think this is a problematic, because it makes checking
which IPs have been already blocked a problem, especially
since a database exception is thrown and an email is generated
to the admin account if you try to add an IP already in the db
(when using the Admin "block IP" form).
I'm developing some perl scripts to help with this problem,
which I'll share with other IMCs.
I'll post more to this list as I learn more about the
problem.
Spud, if you can assist me during this, I would be
grateful.
--
Bill Huston
607-724-1755
bhuston-AT-stny.rr.com
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
Next message in thread
Thread
Re: Binghamton-IMC DDoS attack / magduv <magduv-AT-gmail.com> / 31 Dec 1969
Re: Binghamton-IMC DDoS attack / BHUSTON-AT-stny.rr.com / 25 Sep 2006
Re: Binghamton-IMC DDoS attack / John Milton <john-AT-johnmilton.ca> / 25 Sep 2006
Re: Binghamton-IMC DDoS attack / Jon Sullivan <punkrider-AT-gmail.com> / 25 Sep 2006
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!