NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - DDoS attempt against site


15 Results - Page 1 of 1 -
1
Author Message
Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Thu, 11 Jul 2013 @ 12:58:21

OK, so I've had someone running a DDoS against me for like 3 days now. The attack consists of requesting the getattachment.ashx page over and over hence my bandwidth has been a bit slower but I'm blocking the user-agent anyway hence the 404 responses below in the logs:

Code:
2013-07-11 11:52:26 GET /getattachment.ashx fileid=3269 - 125.39.68.131 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 500
2013-07-11 11:52:26 GET /getattachment.ashx fileid=3478 - 202.77.125.146 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 333
2013-07-11 11:52:26 GET /getattachment.ashx fileid=1222 - 217.12.113.67 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 116
2013-07-11 11:52:28 GET /getattachment.ashx fileid=3049 - 200.54.92.187 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 246
2013-07-11 11:52:28 GET /getattachment.ashx fileid=680 - 177.43.164.229 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 252
2013-07-11 11:52:33 GET /getattachment.ashx fileid=2233 - 88.85.108.16 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 114
2013-07-11 11:52:35 GET /getattachment.ashx fileid=2960 - 125.39.66.146 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 542
2013-07-11 11:52:38 GET /getattachment.ashx fileid=315 - 211.138.121.37 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 395
2013-07-11 11:52:38 GET /getattachment.ashx fileid=324 - 115.25.216.6 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 391
2013-07-11 11:52:41 GET /getattachment.ashx fileid=866 - 221.130.18.185 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 391
2013-07-11 11:52:42 GET /getattachment.ashx fileid=1294 - 62.173.43.73 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 155
2013-07-11 11:52:46 GET /getattachment.ashx fileid=3478 - 219.159.105.180 curl/7.21.2+(x86_64-unknown-linux-gnu)+libcurl/7.21.2+OpenSSL/1.0.0c+zlib/1.2.5+libidn/1.15+libssh2/1.2.7 404 19 0 474
2013-07-11 11:52:46 GET /forum22-hashcracking-requests.aspx - - 61.55.181.19 Mozilla/4.0+(compatible;+MSIE;+Windows+NT+5.1;+SV1;+.NET+CLR+1.0.3705;+.NET+CLR+1.1.4322;+Tablet+PC+1.7) 200 0 0 2941

I can only imagine they are also trying to screw my monthly bandwidth which will fail as I have unlimited .

Assholes! I can't block by IP and there are 1000s of them! Not causing any issues now but annoying.


Please read the forum rules | Please read the paid section rules

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Thu, 11 Jul 2013 @ 14:04:45

Blandy, do you think this is just malicious or are they trying to do something else ?

Seems like they are trying to download all the attachments posted on the forum, is that right ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Thu, 11 Jul 2013 @ 16:16:30

You would think so but due to the sheer amount of requests, like 10,000s! I don't think so as there just isn't that many. It's malicious for sure. Supprised they haven't noticed all the 404 responses yet lol.


Please read the forum rules | Please read the paid section rules

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Thu, 11 Jul 2013 @ 16:36:45

blandyuk said:

Supprised they haven't noticed all the 404 responses yet lol.

DDOS clearly doesn't require the perpetrator to be &quotobservant&quot !!


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
K9

Status: Member
Joined: Sat, 30 Jul 2011
Posts: 113
Team:
Reputation: 38 Reputation
Offline
Thu, 11 Jul 2013 @ 16:45:10

Why do they always attack you? lol


Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Thu, 11 Jul 2013 @ 17:00:06

Because I'm a cracking site or they are wankers with nothing better to do. I had 10,588 file attachment requests from them yesterday lol, all failed with 404 obviously.


Please read the forum rules | Please read the paid section rules

Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Fri, 12 Jul 2013 @ 10:49:24

Update on this, it's still going lol, they start 07-July-2013 @ 21:50:35 and they are still coming in. Retards!


Please read the forum rules | Please read the paid section rules

Avatar
eljolot

Status: Senior
Joined: Wed, 15 Aug 2012
Posts: 757
Team:
Reputation: 275 Reputation
Offline
Fri, 12 Jul 2013 @ 17:37:12

All that ips are not in good status. They appear in spam pages, they are marked in the DB's

http://www.stopforumspam.com/ipcheck/202.77.125.146

http://www.stopforumspam.com/ipcheck/125.39.68.131


Kill hashes is a way of life
/dev/null/ before dishonor
/dev/null/ antes que el deshonor
CPU: AMD 8350FX
Rig 1: 1 x Radeon HD 7970 Non reference cooler

Avatar
Pengo

Status: n/a
Joined: Sat, 17 Nov 2012
Posts: 53
Team:
Reputation: 19 Reputation
Offline
Fri, 12 Jul 2013 @ 17:44:33

Stooges, as blan said - kids with nothing else to do.


Avatar
giveen

Status: Senior
Joined: Fri, 12 Jul 2013
Posts: 705
Team: Newbie Teaching Squad
Reputation: 385 Reputation
Offline
Tue, 16 Jul 2013 @ 00:32:43

Are you under attack again? Download speeds went dramatically down just now.


Right: 2x GTX 1050 TI

Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Tue, 16 Jul 2013 @ 12:31:12

No, they stopped trying day or two ago. All is good in the world of md5decrypter.co.uk


Please read the forum rules | Please read the paid section rules

Avatar
giveen

Status: Senior
Joined: Fri, 12 Jul 2013
Posts: 705
Team: Newbie Teaching Squad
Reputation: 385 Reputation
Offline
Tue, 16 Jul 2013 @ 12:46:25

Okay, yesterday I was downloading a hash list and it was going at 13KB/s (my line is a 7MB/s line.)


Right: 2x GTX 1050 TI

Avatar
iHack

Status: Senior
Joined: Sat, 23 Feb 2013
Posts: 590
Team:
Reputation: 344 Reputation
Offline
Wed, 17 Jul 2013 @ 03:25:50

I get a 30-40 KB/s download speed when downloading attachments on the website (with a 2MB/s line)


Computer Specs:
CPU:Intel Core i7 3930k
GPU:AMD Radeon HD 6870

Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Offline
Wed, 17 Jul 2013 @ 07:22:39

Yes, that's about right as I can't get good bandwidth here


Please read the forum rules | Please read the paid section rules

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Wed, 17 Jul 2013 @ 09:42:13

This is quite interesting.

http://www.incapsula.com/the-incapsula-blog/item/225-what-google-doesnt-show-you-31-of-website-traffic-can-harm-your-business?src=147

At least it isn't just happening to us !


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E


15 Results - Page 1 of 1 -
1

We have a total of 211998 messages in 26000 topics.
We have a total of 23001 registered users.
Our newest registered member is NDecrypt.