THR is down right now...again

[Jorg]

Quote:

I believe a hacker was brought in by someone from one of those agencies for a little payback. Either with the approval of the front office or an angry individual bringing in a cyber-hitman.

I would be willing to bet that if you walked into any of "those agencies" and asked everyone one on the staff, "What do you think of The High Road"?" you would get one of three possible answers:

A. "What?"
B. "I think we should take it!"
C. "You should take it and I'll take the low road and I'll be in Scotland afore ye."

While THR is a great board and a lot of good is accomplished there, it isn't that high up on anyone's radar. It may just be that someone found it was a server that could be easily taken down. Most of these things, be the DOS or defacements are down because the site vunerable, not because of the site's content.

[RNB65]

My guess is that it's personal and not related to gun politics at all. Someone who has a grudge against Oleg or some geek who got booted off of THR because he was trolling.

If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.

[Mike U.]

I really hope your right, txgho1911 and Jorg. Your reasoning sounds plausible so it may very well be the case.

I certainly hope they catch whoever is responsible.


RNB65,

I'd thought of that, but, the conspiracy theory sites I surf are starting to rub off on me. Does it show?

[MDC Champaign]

Molon Labe from THR here.

Where do we send donations?

[yhtomit]

I popped over here (my first time? probably have read indiv. threads here once in a while when google pointed me here) just to see if it was *me* who couldn't get to THR, or if the site was truly down.

And what the hey, my THR user name was available, so why not register? Glad to see so many familiar names here, even if I'm likely to use THR mostly (when it's back up) -- TFL seems like a nice board, but I need to limit my addictions.

As someone (or several) has pointed out, getting past a determined DoS / DDos attack is really tough; I used to work for a site that was attacked pretty much every day, and it took dedicated sysadmins (a job I couldn't do and wouldn't want), a good ISP, and some very smart coders constantly narrowing the gates to even keep things bearable.

timothy

[tydephan]

Quote:

Where do we send donations?

Derek Zeanah set up a paypal account for online donations. I have done such and encourage others to do the same, so maybe Oleg and company can move to a more secure host.

Send paypal to [email protected]. Make a note in the paypal description field that it is for THR maintenance (or APS maintenance, etc.) so he will know what the funds are allocated for.

Derek also made note of an address you could send a check if you wanted. But I didn't note it, as I preferred an online transaction. Maybe someone else here can provide that info. [ETA: See below for physical address at which you may send a check - Thank John for providing that info.]

Quote:

If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.

Actually there was one night a few weeks ago that THR, APS, GlockTalk and Arfcom all were down simultaneously. It lasted several hours, IIRC. TFL went down that same weekend as well I think, but not for very long.

That's when I began to think that maybe it was something more organized that just a pimple-nosed goober fooling around. But who knows...

[johnbt]

DEREK ZEANAH
470 Country Club Road
Statesboro GA 30458

Put a note on the check that it's for THR.

I have got to stop saving every little scrap of paper.

I sent my check last week.

John

[dionysusigma]

I tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too.

Also just finished looking up other DoS and DDoS attacks in the last month. There (as of yet) seems to be no pattern.

[StopTheGrays]

What would happen if the offending systems were a victim themselves of a DDOS attack? Would THR and APS come back up.

[ArfinGreebly]

Hear of "zombies" used for DDoS?

A compromised server or workstation is running a DoS bot (without the owner's knowledge).

It receives a command to attack a given server.

It launches its attack without further intervention from Doctor Evil.

The attacks don't track back to Dr. Evil, so nobody hits him.

If someone works out it's him and slams his server, it still doesn't kill the DDoS bot, which is running autonomously.

Kinda icky.

[Balog]

You can also specify a donation is for APS if you spend your time there rather than THR.

[dionysusigma]

Quote:

What would happen if the offending systems were a victim themselves of a DDOS attack? Would THR and APS come back up?

Not if it's a DDoS attack.

DDoS relies on "Zombie" machines that often don't even know what they're doing. Think of it like SkyNet from Terminator 3. It wasn't some evil super-Cray-computer located in one place, but rather a bug that cell phones, PCs, PDAs, campus networks, etc. had.

There's what, 270 million people in the United States? Now, not everyone has a PC, but several have at least one or two (and let's assume it balances out). If even .1% of them (270,000) sent a measly 1MB of data to THR, that's about 270GB of bandwidth, in one moment, that THR simply cannot (financially) contend with.

A counterattack on those machines responsible would require... let's see... a total of 72,900 Terabytes of information... and it wouldn't even be effective. It'd be easy to pick out another .1% to mount another attack on THR from.

Like dealing with weeds, you can't just clip the leaves. You gotta go for the root. And right now, we have no idea just where that root is.

Edit: ArfinGreebly explained it more simply...

[kirbythegunsmith]

I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.

A very simple "THR" (or whatever) initial log-in or check-in page would need very little capacity when compared to the normal page delivery- 200K vs. 1.5K, maybe, for example. Resistance to any number crunch program would entail a max. number of potential tries before that address should be placed in a "suspended" file, for at least a measure of time, maybe an hour or day, just like the way that bank password files should act.

That type of gateway would entail minimal inconvenience for users, but add an order of magnitude to the difficulty placed in front of "net" attacks.

[Cosmoline]

I like that idea. I've seen it in use elsewhere. How hard would it be to set up an initial screen, or to limit ANY access to THR to signed in members--as they've done with some other boards?

[ArfinGreebly]

The attacks are not "spam" attacks, where bots pretend to be people.

These attacks are at a lower level.

TCP/IP itself has some vulnerabilities that make it possible to attack using SYN floods and other tricks that force the receiving end to try to "make sense" out of deliberate nonsense.

Imagine your phone ringing every few seconds. The caller doesn't have to have a conversation with you, or even speak, but he can effectively tie up the phone (and you with it) and prevent you from using it for anything meaningful.

It's possible to achieve essentially the same thing on the 'net, by taking advantage of parts of the protocol that are intended to provide connection and reliability and abusing them to the point where nothing useful can happen along that line.

[foob]

Quote:

The problem is that the basic protocols upon which the Internet is built are flawed and very vulnerable to abuse.

There is nothing flawed about the protocols. More security means less performance and less anonymity (in this case). It is a tradeoff.

Quote:

The reason that DOS attacks are so hard to stop is because it's very difficult to tell where the packets are coming from. The source addresses on IP packets can be easily forged (one of the weaknesses in the IP protocols) and when the packet arrives at your router, there's no way to tell where it came from if the source address is fake. If you try to filter the packets based on source address, the attacker just changes the source address in the packets and they go right past your filter rules.

No it's easy to prevent forged source IP addresses. Routers just check the source IP of outgoing packets and if not within their subnet they drop them. Again, there is a tradeoff, less performance.

Quote:

There is no easy way to stop a determined DOS attack without spending BIG $$$.

It all depends on the type of attack.

Quote:

I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.

They are called CAPTCHAs. May or may not work here, depends on the type of attack. No details.


Finally just want to say, having a cooperative ISP that actually is around 24/7 to work with you will help greatly.

[skinnyguy]

All I know is I wish who-/what-ever is resoponsible for these attacks would find a more deserving place to attack. There are a LOT of them on the internet. Actually, I just wish they would grow up, change out of their diapers, and go away, but I know they won't.

Thanks to TFL for taking THR's wanderers!! It does make me wonder how many new members TFL has picked up this weekend.

[helpless]

All weekend without my HighRoad

[Working Man]

TFL, not just for firearms any more.

I have learned more about cyber attacks here than anywhere else, did not expect that.
It just goes to show you, an attack can be at any place, any time, and in any form.

[Werewolf13]

Quote:

tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too.

Oooo! Ooooo! It's the goobermint. The JBT's are taking down all the TRUE BELIEVER sites as a test. When the DAY comes they don't want them or us using the internet to organize ourselves to resist them.

[takes off TinFoil Hat]

Hell of a coincidence though...

[Mal H]

Quote:

Originally Posted by skinnyguy

It does make me wonder how many new members TFL has picked up this weekend.

Good question.

We have picked up 140 new members this weekend up to this point today.

Last weekend we picked up about 70 for the same number of days and partial days. (I say "about" because I can't break it down by the hour.)

So the rate of adding new members has just about doubled since THR went down.

[psssniper]

1919A4.com has also been down

[farscott]

It also appears that 1911forum.com is down although the site does respond to pings.

[tydephan]

Mal,

I'm genuinely curious as to how TFL seems to be missing the attacks here. Is it because the site isn't as "big" as some of the others the recent attacks have effected?

Or do you guys have that much better of a host than THR?

[Mal H]

tydephan - I have no clue on that aspect of TFL. Our local expert and sysadmin, tyme, should be along shortly to explain.