[Jump]

Hopefully you do now. Welcome to the world of "people that hate." I guess some folks have nothing better to do on Christmas than initiate Denial of service attacks on folks websites. The techs are working overtime at Internap and Fluidhosting to fend off this attack, instead of enjoying their families. I sure do appreciate them. But I wish these idiots would find a world where they are thrown in jail for these useless crimes. Smart kids with stupid parents mostly.

sigh


Merry Christmas

Jump

[Jump]

Looks like they are taking care of the problem for now. I also have blocked certain perl scripts from accessing my sites. For those that know what it is, the santy.A virus has evolved into a new form that goes after any php script now, not just phpbb. It attacks any GET values in url strings to attempt to gain admin access and compromise the site. Make sure you are upgraded to php 4.3.10.

[Jump]

For those of you that were busy enjoying Christmas this morning. You may not know what I am talking about. All my sites where unavailable do to a DDoS attack for the whole morning. Looks like a variant of the santy.A virus compromised another server at our host and had commenced an outbound DDoS attack. While at the same time we were getting constantly hit by outside servers searching our sites for poorly coded PHP scripts to compromise and gain control of this server.

They were not successful in their attempts. Not neccesarily because I write great code. But because they cannot access my code without forum membership. Now you know the main reason I require membership to use my scripts. It makes it much harder for script kiddies to find weaknesses as they can't even get to the scripts.

Anyway, thanks to the wonderful folks at Fluid Hosting, who had a miserable Christmas morning, all is well again.

[GrimGriz]

Hmmm, and I thought it was just a coincidence everytime I mention JSR I can't get to it anymore.

[Jump]

Well, you just mentioned it, and your here.

[GrimGriz]

I meant in game. Once I asked Toph to come register, then logged off and checked...couldn't get to the site. Then yesterday just prior to all this nonsense, I was talking up pilot stats and the other funkeh tools.

[Jump]

Well, generally, if you can't get here, it's most likely something along your net path to get here. Best thing to do is a tracert and see where the problem is. But yesterday, it was because of an attack. I knew it was bad when I was here in the morning and I could see a bunch of spurious activity by unkown perl scripts searching the site. Then before I could even block them I couldn't load the site anymore. A tracert revealed the problem to be within the host, past the NOC switches.

Basically, once they were able to compromise that other server, they used up all the bandwitdth. Along with all the constant hit's to ours and other sites. That server has been shut down (I feel for them). Many of the IP's they where coming from are dead sites and some seem to have been shut down by their respective hosts. But still, it's a worm and it's out there replicating.

And if your on shared hosting your in even greater danger. As someone elses crappy code, on their own sites on the shared server, could screw your sites.

Another Jumpgate site recently got hit. Most likely because of someone else on a shared server. They got lucky though, there was minimal damage. If any of you are out there using the PJG market lister on your sites. You really need to update it so that it does not use register globals. It's very easy for this worm to compromise it using the unprotected variables in the query string. You should always check user supplied data in your scripts also.

Anyway, all seems well now.

[QrazyKermi]

You know, if you'd voted for Bush, this wouldn't be happening.