All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HAZI.ro - new unclaimed DDoS attacks | Is your provider here too?
FlorinMarian
Member, Host Rep
Good evening!
Because there was a lot of silence, someone thought to restart the DDoS attacks on our website and again, there was no dispute with anyone before the start of this attack, so we have no idea who is attacking and why, but it is irrelevant.
What I want to share with you (both my clients and potential clients) is the fact that we will not be beaten and moreover last Monday my research topic was approved for my bachelor's degree at the Faculty of Computer Science where I study in the last year and refers exactly to protection methods against Layer4 and Layer7 attacks, the most common attack methods today.
Until I come with news on the research side, I leave below the list of IP addresses that were blocked because they are with 100% accuracy sources of attacks. The list is created by analyzing the access log, but overnight we also had CloudFlare and although it did not assure us that the website runs without problems, it blocked no less than 700 million requests in only 8 hours.
https://pastebin.com/nbkNu4Xf
Comments
1 push-up per IP address.
You'll be safe from DDoS, guaranteed.
Pull the plug off. For a week or few. Tell clients that this is for their own good. You will save electricity too.
Weren't you protected by diamwall?
@FlorinMarian @dosai
Yeah, Hi Florin! What's happening with @MiguelM and diamwall.com?
https://lowendtalk.com/profile/MiguelM says: "Last Active July 18"
Hello!
I had a discussion with Miguel today and he told me that the project has evolved, now they have a dashboard through which clients can add their own domains and pay their bills.
Unfortunately, I can't afford to be their client because at the moment the project is in the BETA phase, the CDN for a personal website costs 20 euros per month and in the case of a small business the price is 200 euros per month . I received a 50% discount on the condition that I promote them in certain predetermined ways, but I refused because the price is much higher than what I am willing to offer.
I want to thank him anyway, he saved my skin a few months ago without a doubt.
Gen 12 bots entered the game
Mentally strong people deploy enough capacity to serve all requests, regardless of whether they come from human or bots.
We have 4U server with 8 PCIe x16 slots.
Each slot fits a ConnectX-5 dual-port 100 Gbps Ethernet adapter.
That's 1.6 Tbps network capacity per server.
Sounds more like “walletly thick” people
The same people shop at balenciaga. They all brag.
Maybe one of those faculty thought “oh this guy owns a hosting company let’s see if he has implemented those ‘protection methods’ himself “
Forgive me for the question, this is not intended to shame you so please LET members do not use this for creating unnecessary drama. Is it that the cost of diamwall after discount 100 EUR per month (50 pedcent of 200 eur)? Or is the price more than this? Just wanted to make sure because the assumption can be easily made that 1. Diamwall is able to block the attack and 2. It's 100EUR per month which is a lot but not out of the reach of many providers for the level of protection if it will stop the attacks.
If this is the case, how drastic would your prices increase to make use of this option? If not drastic then there is your short term answer.
I'm not up to date on this, so forgive me if I'm wrong, but can't you just use Cloudflare and run a captcha all rule? Or is this targeting your subnets?
Not really, it is very easy to bypass that.
@FlorinMarian It is Tiny, he attacking you because you terminated his VPS. Just apologize to him and the attacks will end.
@FlorinMarian Why not copy kiwi farms with L7 protection? https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS
Seems to work for them lol.
In the last DDoS wave series, Florin tried CF and probably all those within budget but the attacks still continued and then someone called Diamwall appeared explaining that the attacks are coming from some Gen 3 (or 4? can’t remember) bots which mimic human activity pattern closely thus traditional mitigation methods are infective. He claimed his own DDoS mitigation service can prevent such attacks and Florin was given a free trial or something which was found effective.
Properly configured CF is unbeatable in compare to rivals. Rough guide to basic CF security implementation:
These are only basic steps. Highly doubt that clueless admin™ done even 3 of those steps.
Once you lack in knowledge, you must hire specialists or go with managed services, which costs a lot.
I only did 2,4 & 5 and layer 7 attacks stopped soon after, also had to ensure image uploads via editor are proxied through a proxy server so potential bad actors can't get your server ip. Maybe if i get hit by those "new gen bots" i will upgrade to pro & utilise waf.
The ConnectX-5 is $1200 each.
They can last many years.
I checked Balenciaga.
They sell hoodies for $1150 each.
I can get the same from Target for $30 each.
I often play in the mud and that ruins hoodies over time.
Thus, I only get the cheapest ones.
Depends on how much time and efforts you are willing to spend. (and how critical are issues)
By trying to resolve issues on your own you automatically getting more and more of knowledge
Its not like explosion but slow learning curve
Getting attacked and trying to mitigate those issues are good starting points. (not necessary when you are host provider)
Why are they using OVH services directly without their own firewall? Do they really support IPv6? If you choose diamwall, why don't you just use OVH's Anti-DDoS and WAF service?
I can't remember the discussion too well, but have some recollection there was speculation at that time that he might also have been behind the attack in order to promote his service. If that was true, it wouldn't be an amazing coincidence if the attacks started up again not long after you cancel the service.
What does your bachelor's have to do with DDoS and how is that relevant at all?
And, "research topic"? Do you mean normal classwork?
Or you meant to write Master's / Ph.D.?
I just saw your video about the mud. What the actuql f was that. So creepy but cool. Grown ass man with clothes goes to the mud and submerges. Complete silence. That's how you fight ddos
he's actually getting probiotics and improving his immunity system.
maybe that's helping him do more push ups.
@yourmuddy
Mentally strong people enter mud butt naked and goes in all the way.
And stay there
Would be interesting to know some stats on rate/contribution of some of those addresses. Many of them are Tor nodes. Also, what if any similarities in the request details that were part of the attack.
I don't know how it works where he is in Romania, but in the UK you do an undergraduate dissertation where you research a topic independently and write 8-15k words about it.
This can be on existing work (usually unlike PhD)- or novel work as would be done on a PhD, but obviously a PhD expectations are higher.