Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Thank Jebus Bhrist.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Thank Jebus Bhrist.

LET is finally up.

I missed shit posting.

«13

Comments

  • DPDP Administrator, The Domain Guy
    edited July 2021

    We need more deals to keep them packets away!

  • Thanked by 1SirFoxy
  • @thedp said:
    We need more deals!

    For @FAT32 sake such a pure person/admin, he deserves better.

    Thanked by 1FAT32
  • @dahartigan said:

    luv u aussy boi missed u

  • dahartigandahartigan Member
    edited July 2021

    @SirFoxy said:

    @dahartigan said:

    luv u aussy boi missed u

    Me too my sexc yankee-doodle

    Ps buy shit on my aff garden

    Thanked by 1SirFoxy
  • The attack was mjj gaybois sent by china, according to an anonymous source..

  • @dahartigan said:
    The attack was mjj gaybois sent by china, according to an anonymous source..

    Shit, I sent @jbiloh a message, we can get LET protected if he explains the situation & wants to pay for it.

  • They were running it on involucrated servers, luckily they had backup

  • @ps20090 said:
    They were running it on involucrated servers, luckily they had backup

    Yessir, sure.

  • jbilohjbiloh Administrator, Veteran

    I fell asleep last night and then an attack got through CF. Ugh!

  • @jbiloh said:
    I fell asleep last night and then an attack got through CF. Ugh!

    Are people that mad because you unbanned @cociu ?

  • jbilohjbiloh Administrator, Veteran

    @ben47955 said:

    @jbiloh said:
    I fell asleep last night and then an attack got through CF. Ugh!

    Are people that mad because you unbanned @cociu ?

    No, this attack was because someone was banned from discord.

  • @jbiloh said:

    @ben47955 said:

    @jbiloh said:
    I fell asleep last night and then an attack got through CF. Ugh!

    Are people that mad because you unbanned @cociu ?

    No, this attack was because someone was banned from discord.

    I wasn't expecting this How do you know the source ?

  • jbilohjbiloh Administrator, Veteran

    @ben47955 said:

    @jbiloh said:

    @ben47955 said:

    @jbiloh said:
    I fell asleep last night and then an attack got through CF. Ugh!

    Are people that mad because you unbanned @cociu ?

    No, this attack was because someone was banned from discord.

    I wasn't expecting this How do you know the source ?

    Because I was alerted to it by a discord admin and the attacks began a few moments after the ban occurred.

  • defaultdefault Veteran

    @jbiloh said:

    @ben47955 said:

    @jbiloh said:

    @ben47955 said:

    @jbiloh said:
    I fell asleep last night and then an attack got through CF. Ugh!

    Are people that mad because you unbanned @cociu ?

    No, this attack was because someone was banned from discord.

    I wasn't expecting this How do you know the source ?

    Because I was alerted to it by a discord admin and the attacks began a few moments after the ban occurred.

    Thanked by 1bulbasaur
  • @jbiloh said:
    Because I was alerted to it by a discord admin and the attacks began a few moments after the ban occurred.

    How you gonna punish them? Should put a warning on website, DDOS attackers will be prosecuted, survivors will be prostituted involucrated.

  • jbilohjbiloh Administrator, Veteran

    @ps20090 said:

    @jbiloh said:
    Because I was alerted to it by a discord admin and the attacks began a few moments after the ban occurred.

    How you gonna punish them? Should put a warning on website, DDOS attackers will be prosecuted, survivors will be prostituted involucrated.

    Some people just stink.

  • edited July 2021

    @SirFoxy said:
    Thank Jebus Bhrist.

  • JesusJesus Member

    @NobodyInteresting said:

    @SirFoxy said:
    Thank Jebus Bhrist.

    And you are who exactly?

    Hugs & Kisses
    Jesus

    Thanked by 1NobodyInteresting
  • @Jesus said:
    And you are who exactly?

    Hugs & Kisses
    Jesus

    Holy, he got summoned

  • Jesus ddos'd the site again.. chinese jesus?

  • AbdAbd Member, Patron Provider

    Un-usable atm.

  • DPDP Administrator, The Domain Guy

    @jbiloh - What's the size of the attack?

  • @jbiloh I believe the MJJs have found out your origin. Use a firewall and DDOS-protected VPS to secure it, and on Cloudflare you have the usual IUAM.

  • jbilohjbiloh Administrator, Veteran

    Doing the best we can.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited July 2021

    @stevewatson301 said:
    @jbiloh I believe the MJJs have found out your origin. Use a firewall and DDOS-protected VPS to secure it, and on Cloudflare you have the usual IUAM.

    MJJs were talking about attacking website behind Cloudflare yesterday.

    当查到 对方用 Cloudflare 后, 下一步是什么呢?
    After finding the target is using Cloudflare, what's next?

    当然是直接ddos cloudflare了,限他三日内交出源站否则干到他全球瘫痪
    You can certainly DDoS Cloudflare, ask them to tell you the origin IP within 3 days, or you'll attack them until a global outage occurs.

    一个是查域名历史解析记录,如果这个网站一开始没有套 CDN,就会发现源服务器 IP。
    一个是查域名邮箱(MX 记录),域名邮箱是不走 CDN 的,所以可以查到发件服务器 IP。
    一个是全球扫 IP 碰运气,如果对方没有特殊处理(比如给 IP 自签证书),那么直接访问 IP 就会泄露其他虚拟主机的证书信息。
    You can query domain resolution history records. If the website did not use CDN in the past, the records would reveal origin IP.
    You can query MX records, because it doesn't go though CDN, so that you can see sending IP.
    You can take chances by scanning global IP addresses. If the target website did not perform special treatment (such as giving a different certificate to the IP address), directly accessing the IP would leak the certificate of available virtual hosts.


    Their three attack strategies are all valid to some extent.
    Countermeasures below.

    Domain resolution history: use CDN since the first deployment.

    Mail server leak: send and receive mail via MXroute. The headers won't include the web server IP.

    Scanning global IPv4 space: use only IPv6 as your origin.
    It is infeasible to scan global IPv6 space.
    This is one more reason why 👉 every provider should offer IPv6.

    The so-called "giving a different certificate to the IP address" is actually useless, because ClientHello could have included the target domain, and the server would return the domain's certificate if it has one.

    It is possible to configure firewall to only allow Cloudflare IP Ranges, but this would require periodical updates so that it's more complex than using a random IPv6 that nobody could guess.

    Thanked by 3dosai TimboJones lentro
  • DPDP Administrator, The Domain Guy
    edited July 2021

    And all of this is supposedly because of a ban on Discord? :D

  • dosaidosai Member

    @thedp said:
    And all of this is supposedly because of a ban on Discord? :D

    Do we know who?

  • scookescooke Member

    Hang in there.

  • bulbasaurbulbasaur Member
    edited July 2021

    @yoursunny said: directly accessing the IP would leak the certificate of available virtual hosts.

    You could also use a webserver like caddy which only presents certificates if the ServerName in ClientHello matches one of the configured certificates, and sends a TLS alert otherwise.

    @yoursunny said: It is possible to configure firewall to only allow Cloudflare IP Ranges, but this would require periodical updates so that it's more complex than using a random IPv6 that nobody could guess.

    If the DDOS has already reached the origin, it's difficult to handle it using a firewall as it would now compete for CPU with the rest of the kernel and applications. You could consider filtering IPs in the PREROUTING tables though so that the packets get dropped without conntrack being invoked.

    Thanked by 1AlwaysSkint
Sign In or Register to comment.