This past couple of days I have noticed that there is a bit of downtime on this website. It is happening daily and the down time probably lasts for about 30 minutes. At first, I did not care about it since the attacks don’t last very long, but after investigating further, I found that this website is once again being attacked. Upon checking the SecurePort attack logs provided by Staminus, surprisingly there wasn’t any source of the attackers. Normally botnet owners require hundreds or thousands of hacked computers to launch a DDoS attack on a website but surprisingly there were only about 30 of them that are attacking my server.
I ran a whois on the IP using DomainTools, and found that the IP addresses belonged to webhosting companies such as Softlayer, ThePlanet, LunarPages, LeaseWeb, BlueHost and etc… Instantly, I knew someone that hated this website bought a tool called “Booter” to launch the attack. A booter is sold at a very cheap price, probably costing from $5 to $50 depending the length of subscription. The method that is used to “boot” off a connection is by using multiple hacked or rooted servers. Since servers have much faster bandwidth than home broadband connections, they are able to bring down a connection with only a couple of servers combining their bandwidth.
Using a booter is as simple as A-B-C. Just buy the tool, run it, enter the website URL that you want to attack and click a button. Normally a booter only allows you to hit a connection for a very short period of time, probably from 100 seconds to 180 seconds and it will automatically stop. All you need to do to continue hitting is just press the button again. The hard work goes to the person who develops and sells the booter because they need to constantly add new hacked servers into the pool. If the pool doesn’t contain enough servers, then it won’t be powerful enough to boot off connections.
What the person that is being attacked can do is to install a firewall, get the IP addresses that are attacking your server and report it to the abuse department.
Here is my Staminus SecurePort showing the list of IP addresses that attacked my server
I copied the IP address that is circled in red, go to http://whois.domaintools.com, paste the IP address in the box and click the lookup button. There should be an email address to contact the Abuse department.
Simply write an email to that abuse department asking them to take the necessary action and attaching the screenshot of the firewall log. The webhost or datacenter will normally respond to your request because they are in a business and they don’t want their servers being misused or abused for malicious activities. I’ve got a few replies assuring me that they have identified the issue and handled them accordingly. Although I wasn’t able to report all of the IP addresses because some of them don’t contain an abuse email, but I guess it should good enough to make their server pool smaller.
Hi Raymond, I like your new theme.
raymond your site has become extremely slow after u have changed ur theme or whatever the reason maybe..
It’s a bit sad knowing that there’s someone out there pressing a button every couple of minutes just to bring down your website.
“The hard work goes to the person to develops and sells the booter
because they need to constantly add new hacked servers into the pool.” Well, the really hard work goes to you, Raymond, for jumping on this and doing what it took to get the report to your server abuse department. ihsanapps akmal nailed it: envy and black heart. I’ve learned so much from you and thanks for so cheerfully revealing cheap, mean people who need to get a life.
Quite possibly it’s someone whose software you recently reviewed,tested and published the test results of and those results showed that the software did not do what the developer claimed the software did……..?
Some people don’t like & can’t accept your direct, open and totally honest critique and attitude Ray, especially when it goes against them.
But I do and I think you have the big cojones for being so openly truthfull.
Well done, thank you and keep it up Ray, cos there are so many little untruths told in software marketing that us technologically lesser experienced mortals need someone with your greater knowledge and wisdom in this field to help and guide us like you do.
Yours respectfully with a great deal of honest and open admiration too
Starlight
Its not only the knowledge in IT but the way its explained in simple language is really appreciative.
Thank for sharing. Even though my website is small and don’t get an attack it is a very useful information for a webmaster.
I don’t know there are people who have shitty heart to attack this site. Probably, he envy with your knowledge in IT
Useful information you provide to us and I hope that you will be protected by the knowledge and technique