Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Downtime & Migrations
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Downtime & Migrations

ChiefChief Member
edited March 2012 in General

Welcome Back!
I'm going to keep this fairly non-detailed until we are ready to release more information.

We received a CC of an email sent to Linode's service desk demanding LowEndBox is taken offline. The email was not sent to us, we were CC in on the email that was sent to Linode. The "bright spark's" demands that we were taken offline were then posted on the Linode forum and here on LET.

Shortly after we received a large inbound DDOS at which Linode null-routed the IP. We accepted this, then waited a while and followed up with a call to Linode. To say that they were less than helpful, and less than forthcoming with information is a complete understatement. Let me put this in to perspective, Linode is our host and wouldn't give us information, LiquidWeb is not our host and was far more helpful and forthcoming than Linode. Were we grateful whilst pissed that we were getting more information and help from LiquidWeb than Linode? You bet!

Yes there were more than 2000 IPs in the botnet, and yes we have a complete list of IPs that were hitting both WHT and LEB. To my understanding there is a number of providers who have been hit by this botnet over the past month, and are now collectively contacting upstream providers.

We spent yesterday getting quotes from companies like Staminus, Gigenet, Awknet etc. They either didn't have capacity, or for the size of the incoming floods wanted between $5000/month and $9000/month for DDOS mitigation. Simply not an option at this point.

However, we then received a very generous offer from a large provider with some very extensive resources who is happy to do their best to keep us online and have techs available if we receive another DDOS. At this point we are waiting for the server to be setup as we need, and slowly we will migrate over. We have brought the sites back up on Linode for now purely so people do not have to wait until we have everything sorted out.

We will release more on the new host, and more information after the migration has taken place. At this point both them and us just want some space to finish sorting out the best setup for LEB and LET. Contact Emails will come back online from tomorrow, we had to drop them purely due to the copious amounts of incoming mail.

It's 5:15am, after 2 mornings in a row of canvassing providers and trying to find a reliable solution whilst having a miniature human in hospital I'm off to get some rest.

If there's another DDOS and it's null routed, just wait patiently as we migrate.
We will post updates if this occurs on http://twitter.com/LebAlerts

Regards,

Chief

«13

Comments

  • Willing to bet we won't see Constantinos cranking up a new pump-n-dump company anytime soon :P

    Thanked by 1DeletedUser
  • Woohoo!

    @Chief: Thanks for everything!

  • It's good for this place to be back.

    @Aldryic I'm sure he will be back. He will just try to hide.

  • I guess the next selling point for any hosting provider is "Are you man enough to host LEB? are you man enough, punk?"

  • @cleonard - perhaps. But the attacks were very much illegal, and I highly doubt an entity as corporate as WHT will just turn the other cheek and forget about them :P

    Constantinos is indeed pulling another runner. Only this time it's likely the law on his heels rather than disgruntled clients :3

  • Thank You.

    @Aldryic what if he's done a runner?

  • innyainnya Member

    Well done on sorting out to bring them back.

  • IvraatiemsIvraatiems Member
    edited March 2012

    I think I'm unclear... what makes people think that Constantinos is the person behind these attacks?

    Or am I simply misreading?

    Also, surprised to hear Linode was so unresponsive. Unfortunate.

  • @DotVPS said: It's his 3rd runner from online business anyway , I don't think his home address has changed.

    Might of fled the country.

  • AmfyAmfy Member

    If someone is interested in some screenshot of his twitter account http://lowendtalk.ftp.sh/index.php?p=/discussion/5/screenshot-of-anonymoushacker039s-twitter

    Thanked by 1Ivraatiems
  • It shall be interesting, from the posts on WHT, the Liquidweb/WHT people were pretty mad about the attack, I'm sure WHT will take legal action if it's feasible.

  • @Ivraatiems said: I think I'm unclear... what makes people think that Constantinos is the person behind these attacks?

    The tl;dr-

    1 - The threats/attacks started near immediately after Constantinos was exposed for starting another company (SturdyVPS)

    2 - The LET attack thread on WHT was started by one of Constantinos' aliases (he was soon banned again for this as well)

    3 - One of the originating controls for the botnet traced to a residential ISP in Constantinos' home city

    4 - An RDNS oversight linked the 'anonymoushackers' alias to SturdyVPS's nameserver.

    5 - The attacks and all activity completely ceased after point 4 was publicly exposed.

    If it's not him, then someone staged a very elaborate gig to put suspicion on him. If that were the case, however, he would've likely made announcements claiming innocence, etc. Instead, blackout from his companies.

  • Interesting... I've been reading through the WHT threds as well; pretty convincing. Thanks for the summary :)

  • AnthonySmithAnthonySmith Member, Patron Provider

    Whole thing is just ridiculous, I am still not even entirely sure what their motives were?

    Ok if the above is true then I guess that's the motive but that would have never been the supposed motive as that would have given the game away immediately, did he even give a public motive for the attacks?

    Thanked by 1Amfy
  • Thanks for all the effort.

  • AnthonySmithAnthonySmith Member, Patron Provider

    Ok thanks, I read most of what was going on via the various forums I thought maybe I missed something.

  • @liam said: @Chief Have you contacted the company who's proxy he was using to find evidence of the ip?

    See point 3 in my post above; we were able to track down a residential connection from one of the compromised bots. I've passed what info I found up to WHT... they're not going to ignore the attacks, and they're in the best position to finance legal action :P

  • u4iau4ia Member

    Thank you @Chief for handling this as you did. Even with other things going on in your life, you still took care of LEB/LET. Way to show your leadership skills :)

  • @AnthonySmith said: did he even give a public motive for the attacks?

    He actually tried to disguise himself as an "afghanistan branch of anonymous". Actual motive is pretty easy to figure out if you know his history; the guy is blacklisted from pretty much every hosting-based community for his repeated scams, and being exposed yet again (SturdyVPS) got his new company tagged.

  • u4iau4ia Member

    @Aldryic I've heard you say it before, nobody hides from Pony!

  • AnthonySmithAnthonySmith Member, Patron Provider

    @Aldryic Thanks yeah I can see the motivation for sure, I just wondered if I had missed something that he announced publicly like... because chief kicked my dog.

  • I think it's hilarious that anyone could think "let me just DDOS their site, they'll be offline forever"... at least that's the way he made it sound. Truth be told today it's a lot harder to pull off a long lasting DDOS (thank god) or all of the 15 year old Constantinos in the world would be blasting people :P

  • @Aldryic said: He actually tried to disguise himself as an "afghanistan branch of anonymous".

    I loved this part, those damn Afghanistan hackers out to attack low end VPS hosting!

    How come secure dragon's website is still down?

  • AmfyAmfy Member

    @Kairus I think he also got attacked, and maybe his IP is still nullrouted...

  • u4iau4ia Member

    @Kairus said: How come secure dragon's website is still down?

    I think it was originally a preemptive strike on KuJoe's part. Not sure why it still is...

  • KairusKairus Member
    edited March 2012

    @u4ia said: I think it was originally a preemptive strike on KuJoe's part. Not sure why it still is...

    Yeah, I read that on WHT, but that was 12+ hours ago? Hope he didn't forget!

  • u4iau4ia Member

    From his twitter:

    I want to apologize for the extended downtime of our website. We are in the process of building a high availability cluster so no ETA.
  • @Kairus said: How come secure dragon's website is still down?

    Basically, he's in the process of setting up his sites for better DoS protection against future issues like this. It'll be back online shortly :P

    Thanked by 1DeletedUser
  • @u4ia said: @Aldryic I've heard you say it before, nobody hides from Pony!

    LOL, this.

  • @Chief said: It's 5:15am, after 2 mornings in a row of canvassing providers and trying to find a reliable solution whilst having a miniature human in hospital I'm off to get some rest.

    Thank you @Chief

Sign In or Register to comment.