September 14, 2013 Server Downtime = Chinese hackers
#1
We apologize for the downtime today. I was enjoying a weekend outing with limited access to the server and someone in China decided today would be the day they unleash a new attack against us.

I have blocked the hostile IP address and will continue to monitor.
Reply
#2
There seemed to be some downtime on Tuesday the 24th around midnight (British Summer Time) as well. I checked Down for everyone? & apparently I wasn't the only one.
Reply
#3
I'm now pretty sure most of our issues have been due to brute force attacks on the blogs. The occasional attacks on server admin services can be brutal but apparently not as taxing.
Reply
#4
I wonder what these hackers are trying to achieve? I suppose could be spammers, some forums suffer terribly from them.
Reply
#5
Nightspore Wrote:I wonder what these hackers are trying to achieve? I suppose could be spammers, some forums suffer terribly from them.

Sorry for taking so long to get back to you. It's different (groups of) people trying to achieve different things.

The people trying to break into the server itself (attacking the email, FTP, and telnet services) may be looking for information to steal and exploit (perhaps sell to the highest bidder). This crowd may cater to the international intelligence community but perhaps are only interested in looking for personal financial info that can be used for fraud: credit card data, bank account data, passwords, etc. There is darned little to be had here but they don't know that.

Some email spammers also try to hack servers in the hope that they can find vulnerabilities to exploit so they can relay email through those servers.

The people who run software to create forum profiles are trying to build links for Websites because they believe that search engines will treat those as "votes" for their Websites. Sometimes that works for a while.

The people who run software to leave comments on the blogs are doing much the same thing.

And then there are the hackers who just "count coup" on Websites. They deface them, plant messages on them, and then submit those hacked sites to special reporting sites that track the hackers' activity. Criminals and intelligence agencies sometimes recruit those people to work for them.

Finally, there are the automated hacking botnets that try to add more computers to their collectives. These botnets are controlled by people who either use them to launch attacks on important Websites or they rent out their services to the highest bidder. Many botnet customers use the compromised machines for link dropping, crawling Websites, and creating fake traffic to YouTube and other popular services.
Reply
#6
Michael Wrote:Sorry for taking so long to get back to you. It's different (groups of) people trying to achieve different things.

The people trying to break into the server itself (attacking the email, FTP, and telnet services) may be looking for information to steal and exploit (perhaps sell to the highest bidder). This crowd may cater to the international intelligence community but perhaps are only interested in looking for personal financial info that can be used for fraud: credit card data, bank account data, passwords, etc. There is darned little to be had here but they don't know that.

Some email spammers also try to hack servers in the hope that they can find vulnerabilities to exploit so they can relay email through those servers.

The people who run software to create forum profiles are trying to build links for Websites because they believe that search engines will treat those as "votes" for their Websites. Sometimes that works for a while.

The people who run software to leave comments on the blogs are doing much the same thing.

And then there are the hackers who just "count coup" on Websites. They deface them, plant messages on them, and then submit those hacked sites to special reporting sites that track the hackers' activity. Criminals and intelligence agencies sometimes recruit those people to work for them.

Finally, there are the automated hacking botnets that try to add more computers to their collectives. These botnets are controlled by people who either use them to launch attacks on important Websites or they rent out their services to the highest bidder. Many botnet customers use the compromised machines for link dropping, crawling Websites, and creating fake traffic to YouTube and other popular services.

OK thanks. I've heard about botnets & the like. It's a jungle out there in cyberspace!
Reply

MYCode Guide

Possibly Related Threads...
Thread Author Replies Views Last Post
  Server Performance Issues Michael 0 592 September 25th, 2014, 01:37 AM
Last Post: Michael
  Apology for August 29, 2013 Server Outages BoardAdmin 0 518 August 30th, 2013, 01:20 AM
Last Post: BoardAdmin
  Regarding the April 2013 Server Downtime Michael 0 731 May 4th, 2013, 04:52 AM
Last Post: Michael
  January 2013 IP Address Changes Michael 1 717 February 12th, 2013, 12:13 PM
Last Post: Michael
  About the Server Outages BoardAdmin 2 777 January 14th, 2013, 01:05 PM
Last Post: Michael
  PLEASE READ: Chinese Hackers Continually Attacking Our Server Michael 0 757 September 9th, 2012, 01:45 AM
Last Post: Michael
  Forum downtime BoardAdmin 1 783 September 7th, 2012, 04:42 AM
Last Post: Michael
  HEADS UP - Planning Regular Server Outages Michael 0 673 June 26th, 2012, 03:25 PM
Last Post: Michael
  March 3-4 weekend server outages Michael 0 667 March 5th, 2012, 01:23 PM
Last Post: Michael
  Server Time Has Been Reset Michael 0 596 December 19th, 2011, 01:10 AM
Last Post: Michael

Forum Jump: