All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Our data recovery forums are under attack ?
PostPosted: November 5th, 2018, 14:25 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
This is not normal at all :

Attachment:
1.jpg
1.jpg [ 39.48 KiB | Viewed 760 times ]


Attachment:
2.jpg
2.jpg [ 28.12 KiB | Viewed 760 times ]


Yesterday i did notice that my "Most users ever online" did increase from something like 40 to 300 ... Today it was over 460 ...

Someone did for a very short period of time access my site using multiple "guest" accounts.

On my access log statistics i can see a IP range from CHINA having a huge amount of hits today and yesterday at the same time the event did happen.

Cloudflare doesn't apear to be working as expected as well. I can now access to the oracle and to the hddguru forum without having to solve a captcha when under TOR and cloudflare used to prevent that .... Making things harder for attackers ....

I might take my site down for a while now while i do block some possible attackers at firewall level.

Looks to me that someone is trying to consume server resources. Not funny.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 5th, 2018, 15:54 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
Ace forum ...

Attachment:
1.jpg
1.jpg [ 22.16 KiB | Viewed 745 times ]


Looks like that on the past few days data recovery had became way more popular than ever before !!!!

For all the existence of the forums we did never had so much "activity" at the same time ...

What are the chances that for some "normal" reason people would access ACE forum, HDD Guru and HDD Oracle at the same time ? That is a amount of users like we have never seen before ?

No way that all of that people would buy PC-3000 at the same time !!!

No doubt about this, looks like some sort of attack ...

Even if the forums were to be announced in some public media like the TV and people were to check the forums out of curiosity it would make sense for example an increase of visitors on HDD Guru or even on HDD Oracle (less likely unless somoene posted something about the site) but on ACE ... ? Doesn't make sense. Looks like an attack to me.

I will investigate.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 5th, 2018, 18:16 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
I will end up blocking China after all ....

I do have more access / executions today from China IP range than i do have for ALL the other visitors during 30 days ... No way this is legit. If this goes on i will end up blocking China from accessing the oracle for a while ...

Attachment:
1.jpg
1.jpg [ 32.29 KiB | Viewed 724 times ]

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 5th, 2018, 18:38 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
WOW !!!

I did spot the "attack" live right now ...

Very cool ....

It does look like at a precise moment a huge amount of "guests" will read the index page of my site (index.php) executing it.

ALL IPs for those guests start at 220.243.

Majority are on the range of 220.243.136 .

China IPs ....

I will block 220.243. subnet right away !

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 5th, 2018, 18:43 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
RRsssssss :twisted: :twisted: :twisted:

Attachment:
2.jpg
2.jpg [ 15.67 KiB | Viewed 719 times ]


Let's see if i can get rid of this attacker ....

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 6th, 2018, 17:26 
Offline
User avatar

Joined: August 15th, 2006, 3:01
Posts: 2537
Location: CDRLabs @ Chandigarh [ India ]
Spildit ,
He Might be reading your thread :mrgreen:

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 6th, 2018, 17:44 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
I did block 3 China IP ranges (ISPs) and the problem is solved....

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 7th, 2018, 10:57 
Offline
User avatar

Joined: February 9th, 2009, 16:13
Posts: 2090
Location: Ontario, Canada
I've been noticing a regular spike of activity on my site every data or so for about 10-20 minutes. Based on my research, it seems as though it is Google indexing my site. Perhaps they changed how they are doing things.

_________________
Luke
RAID Data Recovery


Top
 Profile  
 
 Post subject: Re: Our data recovery forums are under attack ?
PostPosted: November 7th, 2018, 15:31 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9828
Location: Portugal
lcoughey wrote:
I've been noticing a regular spike of activity on my site every data or so for about 10-20 minutes. Based on my research, it seems as though it is Google indexing my site. Perhaps they changed how they are doing things.


On my case it was some sort of China attack ... IPs are known as well as spammers.

I did block 5 more today ... entire sub-net all Chinese origin.

And looks like ACE site did normalize now as well (from 300+ visitors to 20)

Also ... Most users ever online was 615 on Tue Nov 06, 2018 10:47 pm

No way that 615 users would visit ACE site at the same time when the normal value is 20 users at a time ... No doubt it was an attack and not google related.

Also that sort of search engine indexing is displayed by phpbb as BOTs and not guests ...

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group