Revenge DDoS - Warning to Providers

bulbasaur

@codydoby said:
I did talk about situation of @yoursunny. But I didn't offend you, so don't be like this.

Abusing the people who expose scalpers will get you replies from others, deal with it.

bulbasaur

@yoursunny said:
Ever since I exposed him, the MJJs have been attacking me:

{"ts":1615402645.5092282,"uri":"//plus/comments_frame.php"}
{"ts":1615402645.7275572,"uri":"//data/cache/t.php"}
{"ts":1615402646.166398,"uri":"//robots1.php"}
{"ts":1615402646.6065145,"uri":"//12345.php"}
{"ts":1615402647.0454571,"uri":"//robots.php"}
{"ts":1615402647.4913428,"uri":"//x.php"}
{"ts":1615402647.9297335,"uri":"//uploadfile/member/0/0x0.php"}
{"ts":1615402648.1486795,"uri":"//user.php?act=login"}
{"ts":1615402648.5907912,"uri":"//utility/convert/index.php?a=config&source=d7.2_x2.0"}
{"ts":1615402649.2518916,"uri":"//c.php"}
{"ts":1615402649.691293,"uri":"//libsoft.php"}
{"ts":1615402650.1313114,"uri":"//libsoft.php"}
{"ts":1615402650.5712504,"uri":"//libsoft.php"}
{"ts":1615402651.0123096,"uri":"//libsoft.php"}
{"ts":1615402651.4536102,"uri":"//libsoft.php"}
{"ts":1615402651.8916042,"uri":"//nuan.php"}
{"ts":1615402652.3285081,"uri":"//user.php?act=login"}
{"ts":1615402808.4545996,"uri":"/wp-login.php"}
{"ts":1615402812.634916,"uri":"/t/wp-login.php"}
{"ts":1615432643.0138078,"uri":"/wp-login.php"}

Which webserver is this? Caddy? Maybe try logging the request headers, method and bodies, might make for some good analysis of you're into that sort of thing.

codydoby

@yoursunny said:

@codydoby said:

@yoursunny said:
Ever since I exposed him, the MJJs have been attacking me:

I'm sorry about that, but I don't know much about such advanced things. Maybe it's just a coincidence, after all you are so famous. People are afraid of famous and pigs are afraid of fat.

Well, when your website got plagiarized, others suggested you to attack the other site. You expressed the desire to attack, but claimed that you did not know how to do so.

Thank you for your close attention.

@codydoby said:
It means @yoursunny is always famous not only among MJJ but also among (maybe) guys in other places for his various speeches including replying with the classic no-IPV6 shame list and special push up videos.

Do you want me to do a special push-up video for you?

Thank you for your kindness. But I really don't like this.

TimboJones

@thedp said:
Please don't turn this thread into the one which was recently closed.

Maybe if a person Godwin's a drama thread, they get a vacation and thread stays open?

appcomq

The cost of the Chinese MJJ attack is zero, amany Windows XP are still running. When I just scan 10.0.0.0/16 port 3389, I can scan a large number of hosts No have password.

ps, MJJ = eunuch

Levi

@appcomq said: ps, MJJ = eunuch

How to write in Chinese "MJJ"?

its420somewhere

So basically the Chinese MJJ attack was retaliation for the shame that @codydoby brought?

notarobo

@LTniger said:

@appcomq said: ps, MJJ = eunuch

How to write in Chinese "MJJ"?

没鸡鸡。

Jio

@notarobo said: 没鸡鸡。

What is 雞?

notarobo

@Jio said:

@notarobo said: 没鸡鸡。

What is 雞?

雞is older way of writing 鸡. both mean same. simply it mean Chicken. but somehow if you double it up it becomes nickname for penis. I'm not 100% sure it means penis or balls.

Boogeyman

The end is nigh

Cabbage

I genuinely can't tell whether he's actually taking the push up thing seriously or something got lost in the translation lol

Back on topic, can anyone give a good guess on how much attack OP mentioned would cost? Even if the attack itself isn't straining, I really want to know how much it would cost to take control of that many subnets.

bulbasaur

@Cabbage said: I really want to know how much it would cost to take control of that many subnets.

Probably nothing, since the attack is probably being launched through botnets on infected IoT devices and systems.

TimboJones

@appcomq said:
The cost of the Chinese MJJ attack is zero, amany Windows XP are still running. When I just scan 10.0.0.0/16 port 3389, I can scan a large number of hosts No have password.

ps, MJJ = eunuch

I don't think you can RDP into a machine without a password. Maybe if they go out of their way...

Though, they have SMBv1 and no password, that's probably worse.

And why the hell are you on a /16 with other users who aren't part of your organization? Dafuq shit is that?

desperand

@LTniger said: Good news, big attacks costs big money. Usually, they won't last more than few days. You knew the risk of the industry. Swallow it.

Damn. I am getting older...
Instead of writing a wall of text with arguments, explanation to what to do, why that happened, how to be, and so on and so on, I sit and was watching into writing post field for around 10 mins and deleted my previous comment =(

Sad...

appcomq

@TimboJones said:

@appcomq said:
The cost of the Chinese MJJ attack is zero, amany Windows XP are still running. When I just scan 10.0.0.0/16 port 3389, I can scan a large number of hosts No have password.

ps, MJJ = eunuch

I don't think you can RDP into a machine without a password. Maybe if they go out of their way...

Though, they have SMBv1 and no password, that's probably worse.

And why the hell are you on a /16 with other users who aren't part of your organization? Dafuq shit is that?

Hi,

You may not know, China’s ISPs only provide local area IPs.

its420somewhere

@appcomq said:

@TimboJones said:

@appcomq said:
The cost of the Chinese MJJ attack is zero, amany Windows XP are still running. When I just scan 10.0.0.0/16 port 3389, I can scan a large number of hosts No have password.

ps, MJJ = eunuch

I don't think you can RDP into a machine without a password. Maybe if they go out of their way...

Though, they have SMBv1 and no password, that's probably worse.

And why the hell are you on a /16 with other users who aren't part of your organization? Dafuq shit is that?

Hi,

You may not know, China’s ISPs only provide local area IPs.

China is such a backwards country, with their GFW and MJJ PayPal disputes, hardly anything would shock..

Jio

@TimboJones said: And why the hell are you on a /16 with other users who aren't part of your organization? Dafuq shit is that?

in many smaller countries too there is no real CGNAT or genuine best practice type of nat

when i visited sri lanka before i got a 192.168 ip, i could scan all of my negihbours and they were there.. giant LAN /16 NAT in NAT... and the isp ran fucking warez server on a 192.168. ip for everyone to share

TimboJones

@appcomq said:

@TimboJones said:

@appcomq said:
The cost of the Chinese MJJ attack is zero, amany Windows XP are still running. When I just scan 10.0.0.0/16 port 3389, I can scan a large number of hosts No have password.

ps, MJJ = eunuch

I don't think you can RDP into a machine without a password. Maybe if they go out of their way...

Though, they have SMBv1 and no password, that's probably worse.

And why the hell are you on a /16 with other users who aren't part of your organization? Dafuq shit is that?

Hi,

You may not know, China’s ISPs only provide local area IPs.

I got that. I'm more floored about the /16 design.

treesky2017

It is clear. He does not need any cost to initiate ddos. In China, They are called dalao.

rcxb

@randvegeta said:
our website has been under continuous DDOS. Our firewall has blocked some 1000 subnets in the last 24 hours alone.

Make it a point to report each of the bots to the ISPs responsible. Automate the log collection and reporting so it does not take all your time. Taking down even a small chunk of the botnet will at least make you a much more expensive target.

DataWagon

@randvegeta said:
I'm very curious as to how much this is costing, and how much he's willing to spend just to slow down our website.

He probably bought a booter for $5. I highly doubt that the guy opening a dispute over $8 is spending any significant amount of money on DDoS.

Billyham07

Cost is 0 --Mjj

randvegeta

@Billyham07 said:
Cost is 0 --Mjj

You would know. Wouldn't you?

Billyham07

@randvegeta said:

@Billyham07 said:
Cost is 0 --Mjj

You would know. Wouldn't you?

"mjj" has many botnets in his hands, so the cost of their attack is 0.

its420somewhere

Mjj = scum of internet

vbloods

ddos attacks everywhere .

randvegeta

@its420somewhere said:
Mjj = scum of internet

Mjj = @Billyham07

MGarbis

I would recommend to report the ips to the abuseipdb and/or similar places. Not just to the ISPs.