Author Topic: Yet another DDoS  (Read 15794 times)

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 845
  • E-points: +44/-12
  • ¯\(°_o)/¯
    • View Profile
Re: Yet another DDoS
« Reply #20 on: October 17, 2014, 03:17:56 am »
Another go at using CloudFlare. Hopefully they can figure out how to set it up this time.

I wonder if they realize Cloudflare only helps prevent DDoSes when the attacker doesn't know what the IP of the actual server is. And that information is available from a variety of sources, from this very website to the ARIN database to sites set up especially for finding out how to bypass CloudFlare.

Can't wait for their internet to be turned back on and for Piche to make some self-congratulatory statement about being CLOUDFLARE HACKERPROOF before the attack starts right back up again.



JigsawJones

  • Posts: 21
  • E-points: +0/-0
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #21 on: October 17, 2014, 07:46:45 am »
Neer is hosting a frank and open discussion of the situation on Reddit

JigsawJones

  • Posts: 21
  • E-points: +0/-0
  • Uninitiated Rube
    • View Profile

GreenReaper

  • transphobic shitheel raccoon puppetmaster
  • **
  • Posts: 136
  • E-points: +12/-28
  • Rambling norn
    • View Profile
    • GreenReaper Studios
Re: Yet another DDoS
« Reply #23 on: October 17, 2014, 08:28:58 am »
I asked about the outbound-DDoS theory, and he said it was "just poor wording on their part". So, at least there's that.

JigsawJones

  • Posts: 21
  • E-points: +0/-0
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #24 on: October 17, 2014, 01:24:17 pm »
Well THAT didn't take long...

JTfurry

  • *
  • Posts: 48
  • E-points: +1/-8
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #25 on: October 17, 2014, 01:45:26 pm »
It is like it was planned from the start....

Over $1k now. Wont take long to get to $25k, people want their site back and Neer has them by the neck.
« Last Edit: October 17, 2014, 02:46:51 pm by JTfurry »

JigsawJones

  • Posts: 21
  • E-points: +0/-0
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #26 on: October 17, 2014, 01:53:45 pm »
But just LOOK at all that SWAG you get for Supporting!!!

The $2000.00 sponsor perks are especially funny...

ColonThree

  • **
  • Posts: 172
  • E-points: +18/-3
  • Not a cat
    • View Profile
Re: Yet another DDoS
« Reply #27 on: October 17, 2014, 02:06:59 pm »
Well THAT didn't take long...

Anyone figured out what this gofundme is actually for? It's yet another of neer's needlessly wordy yet overly vague pagevomits.

Quote from: Gofundme overview
Our underlying hardware is starting to age. With internet connections and resolutions sizes getting faster and larger, we need to retrofit our storage solution to allow for larger files. We want to upgrade our file storage servers to allow larger file sizes (removing the 10MB limit), allow users to upload video content, implement larger avatars (and files sizes) and to allow more room to grow.

We've been working on expanding our gear, improve the UI and work in a full site recode (Phoenix). While we've upgraded the database server, our storage needs still need improving. We'd also like to introduce off-site cloud backups to ensure stability and long term file protection.

So is it just for bigger hard drives and uploading backups to the cloud? Does that really cost $25k? Why can't they just get a tape backup if that's all the cloud space is for? Spoiler: We'll never find out.
~Witty quote~

JTfurry

  • *
  • Posts: 48
  • E-points: +1/-8
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #28 on: October 17, 2014, 02:07:54 pm »


Wait so this was set up 3 days ago.... So as soon as the site went down it was created?



So is it just for bigger hard drives and uploading backups to the cloud? Does that really cost $25k? Why can't they just get a tape backup if that's all the cloud space is for? Spoiler: We'll never find out.

He is moving it to the cloud apparently...

https://twitter.com/Dragoneer/status/523203737213337600

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 845
  • E-points: +44/-12
  • ¯\(°_o)/¯
    • View Profile
Re: Yet another DDoS
« Reply #29 on: October 17, 2014, 04:49:51 pm »
Can't wait for them to move everything into the cloud and find out that Amazon (or whoever) will be glad to charge you for the data transfer generated by a DDoS and not just turn you off.


Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 845
  • E-points: +44/-12
  • ¯\(°_o)/¯
    • View Profile
Re: Yet another DDoS
« Reply #30 on: October 17, 2014, 08:18:58 pm »
We will be donating 10% of the donations to SoFurry since they've suffered outages and attacks almost on par with FA. As a community, we feel it's our job to try to look out for one another.

$2,500 of the donations have been flushed down the toilet in, what, less than 12 hours?

So responsible!!

EDIT: Apparently FA:U (I'm assuming) has left them in the hole with the IRS to the tune of $10k.

Yeah, FA needs money. We've got a $10K tax bill that's been lingering, we need storage servers upgraded so we can allow larger file formats and to help invest in a better ticketing system. No conspiracy, just really shitty timing.

Yes... In reply to people wondering if this was all a conspiracy to get donations, he just dropped that they need $10K really badly but it's totally not what's going on here. Right.
« Last Edit: October 18, 2014, 04:57:58 am by Conan »

Lynx

  • Posts: 16
  • E-points: +2/-0
  • That one with the boring insight.
    • View Profile
Re: Yet another DDoS
« Reply #31 on: October 18, 2014, 04:01:15 pm »
Well that ended quickly.

winserv03fan

  • Dumbest Username Award - May 2012
  • *
  • Posts: 84
  • E-points: +6/-9
  • A Duck!
    • View Profile
Re: Yet another DDoS
« Reply #32 on: October 18, 2014, 05:45:15 pm »
They're apparently letting him keep the money, but Dragoneer says that there is now no record of who donated. Seems pretty convenient.

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 845
  • E-points: +44/-12
  • ¯\(°_o)/¯
    • View Profile
Re: Yet another DDoS
« Reply #33 on: October 20, 2014, 04:11:45 am »
As if "Oh we also owe $10k to the IRS" wasn't enough to make the timing of this donation drive suspicions, Dragoneer and Sciggles are buying a house.

http://www.furaffinity.net/journal/6172894/

Quote from: Sciggles
They accepted the offer on the house we wanted!!! We move November 11th! This is such a relief for us! I have been so drained emotionally and physically from house hunting and having one fall through already. But this one is the best of the best and we are so excited to start this phase of our life! I am so excited for Odin to have a yard to run in too <3

Convenient timing for a $20k cash injection into your unprofitable furry porn ego machine.

JTfurry

  • *
  • Posts: 48
  • E-points: +1/-8
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #34 on: October 20, 2014, 06:42:07 am »
Dude is either really bad at timing things or is a crock..

Have to say I am leading towards the latter... :P

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 845
  • E-points: +44/-12
  • ¯\(°_o)/¯
    • View Profile
Re: Yet another DDoS
« Reply #35 on: October 21, 2014, 02:44:38 am »
Something interesting I noticed through the whole donations campaign are some comments Dragoneer made apparently trying to convince people to donate. At least twice, he compared his donation drive to the one Kage conducted for Fernando's Cafe in Pittsburgh, but seems to be under the impression that Fernando's closed. It's not. In fact, they just had a health inspection on Thursday.


The money is going back into the site and I will be transparent about it. At least I'm not trying to raise 20K for a sandwich shop which is planning on closing anyway.
@sabledrakon And unlike Fernando's, we're not shutting down!


Of course, since this is Dragoneer, there's probably a time where he expressed the exact opposite feelings. Sure enough, back in 2012, donating to Fernando's was "fucking awesome":
For those bitching about donations for Fernando's... Furries are donating to save people's jobs. I'm sorry, but that's fucking awesome.


I can only guess that at the time, his hatred for Vivisector prompted him to take the exact opposite stance that we had, and over the course of two years that faded and his hatred of Kage overtook him.


It's probably also worth noting that since the DDoS, he has gone on a crusade both on Twitter and Reddit to vehemently deny all claims that this is some sort of scam, to the point that's almost all he's replying to. With defenses ranging from "Why would I keep my site down the longest!?!?" to complete nonsense, surely he would make Baghdad Bob proud.




Bonus computer nerd content: He is pretty convinced that WD Green drives are "enterprise grade".

PleadingTheYiff

  • *
  • Posts: 76
  • E-points: +4/-0
    • View Profile
Re: Yet another DDoS
« Reply #36 on: October 21, 2014, 07:29:27 am »
Something interesting I noticed through the whole donations campaign are some comments Dragoneer made apparently trying to convince people to donate. At least twice, he compared his donation drive to the one Kage conducted for Fernando's Cafe in Pittsburgh, but seems to be under the impression that Fernando's closed. It's not. In fact, they just had a health inspection on Thursday.

Pedantry inbound: It did close, kinda. The guy sold out to another downtown joint who now runs the place under the same name. Accidentally ate there last AC, it was terrible.

Quote
I can only guess that at the time, his hatred for Vivisector prompted him to take the exact opposite stance that we had, and over the course of two years that faded and his hatred of Kage overtook him.

The latter is a given with Piche.


Quote
Bonus computer nerd content: He is pretty convinced that WD Green drives are "enterprise grade".
Oh dear.
Ironic usernames R us.

mexxy

  • Posts: 12
  • E-points: +0/-20
  • Anthropomorphic middle finger
    • View Profile
Re: Yet another DDoS
« Reply #37 on: October 25, 2014, 11:07:36 pm »
True. But given how many old servers FA has hanging around in its rack, the chances of one of them being compromised and turned into a bot is far from zero. Would it really take this long to get FA back up if it one of the other servers on the block were responsible?

Granted, and this right here is what we call a Reasonable Deduction™. I don't particularly mean to sound condescending, but congratulations on showing capacity for logical reasoning.

That said, with intelligently implemented monitoring in place (and I'm talking using a TSDB and employing some form of hysteresis and the accompanying data analysis, not simply Nagios' "CRITICAL: oh, this is broken"), it's generally pretty easy to figure out where things are not right. Oh, wait, this is FA we're talking about here…

Lol. I like your posts.

Isn't there something though? I am not failiar with the stack but is it LAMP (I would imagine vBulletin is, too) and are they sharing the same resources? If not, why did they both go down? That's not an app exploit. If they are sharing the same resources, well... They should fix that. But like, Apache access logs? Was anyone looking at packets? ... anything?

Or if this was at an ISP/CDN (does FA use a CDN?) level that's aother story.

I don't think you're going to prevent stuff like SYN floods if eough iiots on /b/ have the time and resoures to run a shell script.
Confucius viewed woman as a thoroughly irrational creature often as difficult to deal with as servants.
- Max Weber

Saxxon

  • Posts: 4
  • E-points: +0/-0
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #38 on: November 01, 2014, 06:07:55 am »
For some reason, their CDN was accessible even when the site was not. I was able to retrieve direct image links without issue. So I'm thinking whatever's serving up images is separate.

JTfurry

  • *
  • Posts: 48
  • E-points: +1/-8
  • Uninitiated Rube
    • View Profile
Re: Yet another DDoS
« Reply #39 on: November 01, 2014, 12:54:00 pm »
For some reason, their CDN was accessible even when the site was not. I was able to retrieve direct image links without issue. So I'm thinking whatever's serving up images is separate.

As far as I remember their "CDN" is on the same network, even the same IP as the main site.

I can only guess you accessed cached images.