DOS attack, help please

[Penguinfan]

Most of you know I work with/for a handicapping site, well it has beed down since Saturday because of a DOS attack, we were told that by sitching nameservers it would solve the problem, did this yesterday and still no luck, site is still down? Is there anything to do besides wait till the attackers give up? Will they give up or is this something that is controlled by a computer and goes on forever?

Thanks
Penguinfan

 

[KMA]

It is not switching nameservers, unless it is the nameserver itself that is under attack. You would need (at least temporarily) to change your domain name.

 

[RAYMOND]

. It is now evident that the cause of the outage is a DDOS Attack (Distributed Denial of Service) from an unknown person (cyber terrorist).

The way a DDOS attack works is that a cyber terrorist launches a worm on the Internet (like a virus). This worm goes from router to router inserting 'zombies' that simply lie in waiting. Once the cyber terrorist has thousands of these zombies planted, he will give them a command to attack a site, IP, or server. When the command is received by the zombie, the zombie comes alive and has the router on which it is sitting start sending thousands of page requests at the target site, IP, or server. Thousands of zombies act in unison with millions or billions of page requests until they flood your server and crash it. After the cyber terrorist has shown his
intent, he will then send a ransom note ("pay me or I will put you out of business...").

DDOS attacks are the new vogue in cyber terrorism (for further information, simply go to your favorite search engine and read). Companies hit to date include: Don Best, Stat Fox, The Prescription, Yahoo!, Google, Amazon, most porn sites, and every sportsbook in existence (basically any company that is reliant on their website being up to make money). The ransom letters received by Don Best, The Prescription, and MVP ranged from $30,000 to $80,000. We have not yet received the ransom note for the current attack - but, I can promise you that it will be for more money than we are willing to pay

 

[Penguinfan]

KMA---That would be a gigantic pain in the ass, not to mention the fact that the client list, both paid and former are stored on the web-site.

Appreciate any help.

 

[Penguinfan]

Raymond,

Thanks for the info, we actually fall under the MVP group of sites so we are affected indirectly, but nonethelss affected. From what I am told by our contacts there it is a DOS attack and I have no reason to believe they would lie to us. So we personally have not recieved a ransom note but like I said, I have no reason to believe MVP would lie to us.

Thanks
Penguinfan

 

[KMA]

Do you have direct control over the firewall/routers/nameservers??? It can take a while, but eventually you would be able to direct the firewall to drop attack packets without responding, but it requires that you yourself be able to look at the logs to see what to block.
If your site is third-party hosted, then you have to talk with your host about the problem.

 

[Penguinfan]

Site is back up, apparently changing the nameserver (At MVP's request) did the job, it just took a while, I guess.

Apparently there is no way to avoid this or guard against it happening again huh?

Thanks guys

Penguinfan

 

[KMA]

A DDoS attack rarely qualifies as an 'intrusion'. You will need full control of your network in order to deflect a DDoS attack. If you don't, and depend on a third party for yout FastE or GigE connection, then you will need to get your upstream provider involved.
If your main responsibility is Web Development, then you will need to engage your network engineers. It is not advisable to try doing the work of someone else, there are too many directions for you to follow, and it will eventually become too unweildy for you to handle the situation all by yourself.

Network engineers usually work on a 24-7 schedule even if there is not someone present on premises, there will definitely be some one on call.

Glad it worked out for you!!!