The Firing Line Forums

Go Back   The Firing Line Forums > Forum Support > Site Questions and Tech Support (NO FIREARMS QUESTIONS)

Closed Thread
 
Thread Tools Search this Thread
Old May 28, 2007, 08:16 PM   #101
Jorg
Junior Member
 
Join Date: August 11, 2006
Posts: 3
Quote:
I believe a hacker was brought in by someone from one of those agencies for a little payback. Either with the approval of the front office or an angry individual bringing in a cyber-hitman.
I would be willing to bet that if you walked into any of "those agencies" and asked everyone one on the staff, "What do you think of The High Road"?" you would get one of three possible answers:

A. "What?"
B. "I think we should take it!"
C. "You should take it and I'll take the low road and I'll be in Scotland afore ye."

While THR is a great board and a lot of good is accomplished there, it isn't that high up on anyone's radar. It may just be that someone found it was a server that could be easily taken down. Most of these things, be the DOS or defacements are down because the site vunerable, not because of the site's content.
Jorg is offline  
Old May 28, 2007, 08:20 PM   #102
RNB65
Senior Member
 
Join Date: October 17, 2006
Location: Richmond, VA
Posts: 167
My guess is that it's personal and not related to gun politics at all. Someone who has a grudge against Oleg or some geek who got booted off of THR because he was trolling.

If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.

RNB65 is offline  
Old May 28, 2007, 08:26 PM   #103
Mike U.
Senior Member
 
Join Date: April 2, 2007
Location: In Oz, next door to the Lollipop Guild's HQ
Posts: 404
I really hope your right, txgho1911 and Jorg. Your reasoning sounds plausible so it may very well be the case.

I certainly hope they catch whoever is responsible.


RNB65,

I'd thought of that, but, the conspiracy theory sites I surf are starting to rub off on me. Does it show?
Mike U. is offline  
Old May 28, 2007, 08:27 PM   #104
MDC Champaign
Member
 
Join Date: June 29, 2002
Location: Saint Paris, Ohio
Posts: 21
Molon Labe from THR here.

Where do we send donations?
MDC Champaign is offline  
Old May 28, 2007, 08:32 PM   #105
yhtomit
Junior Member
 
Join Date: May 28, 2007
Posts: 10
THR DoS refugee checking in :)

I popped over here (my first time? probably have read indiv. threads here once in a while when google pointed me here) just to see if it was *me* who couldn't get to THR, or if the site was truly down.

And what the hey, my THR user name was available, so why not register? Glad to see so many familiar names here, even if I'm likely to use THR mostly (when it's back up) -- TFL seems like a nice board, but I need to limit my addictions.

As someone (or several) has pointed out, getting past a determined DoS / DDos attack is really tough; I used to work for a site that was attacked pretty much every day, and it took dedicated sysadmins (a job I couldn't do and wouldn't want), a good ISP, and some very smart coders constantly narrowing the gates to even keep things bearable.

timothy
yhtomit is offline  
Old May 28, 2007, 09:14 PM   #106
tydephan
Senior Member
 
Join Date: August 14, 2006
Location: Huntsville, AL
Posts: 437
Quote:
Where do we send donations?
Derek Zeanah set up a paypal account for online donations. I have done such and encourage others to do the same, so maybe Oleg and company can move to a more secure host.

Send paypal to [email protected]. Make a note in the paypal description field that it is for THR maintenance (or APS maintenance, etc.) so he will know what the funds are allocated for.

Derek also made note of an address you could send a check if you wanted. But I didn't note it, as I preferred an online transaction. Maybe someone else here can provide that info. [ETA: See below for physical address at which you may send a check - Thank John for providing that info.]

Quote:
If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.
Actually there was one night a few weeks ago that THR, APS, GlockTalk and Arfcom all were down simultaneously. It lasted several hours, IIRC. TFL went down that same weekend as well I think, but not for very long.

That's when I began to think that maybe it was something more organized that just a pimple-nosed goober fooling around. But who knows...

Last edited by tydephan; May 29, 2007 at 08:04 AM.
tydephan is offline  
Old May 28, 2007, 09:38 PM   #107
johnbt
Senior Member
 
Join Date: December 6, 1999
Location: Richmond, Virginia USA
Posts: 6,004
DEREK ZEANAH
470 Country Club Road
Statesboro GA 30458

Put a note on the check that it's for THR.

I have got to stop saving every little scrap of paper.

I sent my check last week.

John
johnbt is offline  
Old May 28, 2007, 09:46 PM   #108
dionysusigma
Member
 
Join Date: November 22, 2002
Posts: 31
I tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too.

Also just finished looking up other DoS and DDoS attacks in the last month. There (as of yet) seems to be no pattern.
dionysusigma is offline  
Old May 28, 2007, 10:13 PM   #109
StopTheGrays
Junior Member
 
Join Date: May 16, 2007
Location: Metro Milwaukee
Posts: 1
What would happen if the offending systems were a victim themselves of a DDOS attack? Would THR and APS come back up.
StopTheGrays is offline  
Old May 28, 2007, 10:26 PM   #110
ArfinGreebly
Member
 
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
Probably not

Hear of "zombies" used for DDoS?

A compromised server or workstation is running a DoS bot (without the owner's knowledge).

It receives a command to attack a given server.

It launches its attack without further intervention from Doctor Evil.

The attacks don't track back to Dr. Evil, so nobody hits him.

If someone works out it's him and slams his server, it still doesn't kill the DDoS bot, which is running autonomously.

Kinda icky.
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- [email protected]

"Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- [email protected]
ArfinGreebly is offline  
Old May 28, 2007, 10:33 PM   #111
Balog
Senior Member
 
Join Date: May 19, 2004
Posts: 259
You can also specify a donation is for APS if you spend your time there rather than THR.
Balog is offline  
Old May 28, 2007, 10:37 PM   #112
dionysusigma
Member
 
Join Date: November 22, 2002
Posts: 31
Quote:
What would happen if the offending systems were a victim themselves of a DDOS attack? Would THR and APS come back up?
Not if it's a DDoS attack.

DDoS relies on "Zombie" machines that often don't even know what they're doing. Think of it like SkyNet from Terminator 3. It wasn't some evil super-Cray-computer located in one place, but rather a bug that cell phones, PCs, PDAs, campus networks, etc. had.

There's what, 270 million people in the United States? Now, not everyone has a PC, but several have at least one or two (and let's assume it balances out). If even .1% of them (270,000) sent a measly 1MB of data to THR, that's about 270GB of bandwidth, in one moment, that THR simply cannot (financially) contend with.

A counterattack on those machines responsible would require... let's see... a total of 72,900 Terabytes of information... and it wouldn't even be effective. It'd be easy to pick out another .1% to mount another attack on THR from.

Like dealing with weeds, you can't just clip the leaves. You gotta go for the root. And right now, we have no idea just where that root is.

Edit: ArfinGreebly explained it more simply...

Last edited by dionysusigma; May 28, 2007 at 10:46 PM. Reason: AGH! People posted while I was doing long multiplication! *sigh* Ah well...
dionysusigma is offline  
Old May 29, 2007, 01:09 AM   #113
kirbythegunsmith
Member
 
Join Date: February 15, 2007
Posts: 75
Details

I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.

A very simple "THR" (or whatever) initial log-in or check-in page would need very little capacity when compared to the normal page delivery- 200K vs. 1.5K, maybe, for example. Resistance to any number crunch program would entail a max. number of potential tries before that address should be placed in a "suspended" file, for at least a measure of time, maybe an hour or day, just like the way that bank password files should act.

That type of gateway would entail minimal inconvenience for users, but add an order of magnitude to the difficulty placed in front of "net" attacks.
kirbythegunsmith is offline  
Old May 29, 2007, 01:30 AM   #114
Cosmoline
Senior Member
 
Join Date: March 11, 2000
Posts: 1,080
I like that idea. I've seen it in use elsewhere. How hard would it be to set up an initial screen, or to limit ANY access to THR to signed in members--as they've done with some other boards?
__________________
"Know that the pistol has no value, we practically don't use it. We need grenades, rifles, machine guns, and explosives."
Mordechai Anielewicz, April 23, 1943
Cosmoline is offline  
Old May 29, 2007, 01:32 AM   #115
ArfinGreebly
Member
 
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
Or Not

The attacks are not "spam" attacks, where bots pretend to be people.

These attacks are at a lower level.

TCP/IP itself has some vulnerabilities that make it possible to attack using SYN floods and other tricks that force the receiving end to try to "make sense" out of deliberate nonsense.

Imagine your phone ringing every few seconds. The caller doesn't have to have a conversation with you, or even speak, but he can effectively tie up the phone (and you with it) and prevent you from using it for anything meaningful.

It's possible to achieve essentially the same thing on the 'net, by taking advantage of parts of the protocol that are intended to provide connection and reliability and abusing them to the point where nothing useful can happen along that line.
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- [email protected]

"Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- [email protected]
ArfinGreebly is offline  
Old May 29, 2007, 01:35 AM   #116
foob
Member
 
Join Date: July 22, 2006
Posts: 99
Quote:
The problem is that the basic protocols upon which the Internet is built are flawed and very vulnerable to abuse.
There is nothing flawed about the protocols. More security means less performance and less anonymity (in this case). It is a tradeoff.

Quote:
The reason that DOS attacks are so hard to stop is because it's very difficult to tell where the packets are coming from. The source addresses on IP packets can be easily forged (one of the weaknesses in the IP protocols) and when the packet arrives at your router, there's no way to tell where it came from if the source address is fake. If you try to filter the packets based on source address, the attacker just changes the source address in the packets and they go right past your filter rules.
No it's easy to prevent forged source IP addresses. Routers just check the source IP of outgoing packets and if not within their subnet they drop them. Again, there is a tradeoff, less performance.

Quote:
There is no easy way to stop a determined DOS attack without spending BIG $$$.
It all depends on the type of attack.

Quote:
I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.
They are called CAPTCHAs. May or may not work here, depends on the type of attack. No details.


Finally just want to say, having a cooperative ISP that actually is around 24/7 to work with you will help greatly.
foob is offline  
Old May 29, 2007, 02:04 AM   #117
skinnyguy
Junior Member
 
Join Date: May 27, 2007
Posts: 13
All I know is I wish who-/what-ever is resoponsible for these attacks would find a more deserving place to attack. There are a LOT of them on the internet. Actually, I just wish they would grow up, change out of their diapers, and go away, but I know they won't.

Thanks to TFL for taking THR's wanderers!! It does make me wonder how many new members TFL has picked up this weekend.
skinnyguy is offline  
Old May 29, 2007, 03:53 AM   #118
helpless
Member
 
Join Date: March 8, 2007
Location: Gunshine State.
Posts: 15
All weekend without my HighRoad
helpless is offline  
Old May 29, 2007, 05:48 AM   #119
Working Man
Member
 
Join Date: May 28, 2007
Location: DFW, Tx
Posts: 17
TFL, not just for firearms any more.

I have learned more about cyber attacks here than anywhere else, did not expect that.
It just goes to show you, an attack can be at any place, any time, and in any form.
Working Man is offline  
Old May 29, 2007, 08:45 AM   #120
Werewolf13
Junior Member
 
Join Date: May 25, 2004
Posts: 12
Puts on TinFoil HAT!

Quote:
tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too.
Oooo! Ooooo! It's the goobermint. The JBT's are taking down all the TRUE BELIEVER sites as a test. When the DAY comes they don't want them or us using the internet to organize ourselves to resist them.

[takes off TinFoil Hat]

Hell of a coincidence though...
Werewolf13 is offline  
Old May 29, 2007, 08:56 AM   #121
Mal H
Staff
 
Join Date: March 20, 1999
Location: Somewhere in the woods of Northern Virginia
Posts: 16,085
Quote:
Originally Posted by skinnyguy
It does make me wonder how many new members TFL has picked up this weekend.
Good question.

We have picked up 140 new members this weekend up to this point today.

Last weekend we picked up about 70 for the same number of days and partial days. (I say "about" because I can't break it down by the hour.)

So the rate of adding new members has just about doubled since THR went down.
Mal H is offline  
Old May 29, 2007, 08:58 AM   #122
psssniper
Senior Member
 
Join Date: October 9, 2001
Posts: 186
1919A4.com has also been down
psssniper is offline  
Old May 29, 2007, 09:09 AM   #123
farscott
Member
 
Join Date: November 17, 2002
Location: Athens, AL, & Louisville, KY, USA
Posts: 18
It also appears that 1911forum.com is down although the site does respond to pings.
__________________
Scott
farscott is offline  
Old May 29, 2007, 09:13 AM   #124
tydephan
Senior Member
 
Join Date: August 14, 2006
Location: Huntsville, AL
Posts: 437
Mal,

I'm genuinely curious as to how TFL seems to be missing the attacks here. Is it because the site isn't as "big" as some of the others the recent attacks have effected?

Or do you guys have that much better of a host than THR?
tydephan is offline  
Old May 29, 2007, 09:17 AM   #125
Mal H
Staff
 
Join Date: March 20, 1999
Location: Somewhere in the woods of Northern Virginia
Posts: 16,085
tydephan - I have no clue on that aspect of TFL. Our local expert and sysadmin, tyme, should be along shortly to explain.
Mal H is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:54 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
This site and contents, including all posts, Copyright © 1998-2018 S.W.A.T. Magazine
Copyright Complaints: Please direct DMCA Takedown Notices to the registered agent: thefiringline.com
Contact Us
Page generated in 0.11573 seconds with 9 queries