i figured out the reason that things here are so slow. some idiot has an ip address of ***.178.26.99 and he is attempting to log in. he is trying at a rate of once a second. THAT is what is slowing things down.
Quote
ID deleted. thanks, guys, for the advise.
Allan,
If you have acess to your hosts ACL, blocking that IP will fix it, this sort of stuff is basically my job.
Ron
i don't know how to do that, but i will check. this guy really is an idiot.... :-\
he stopped trying to log in. things have sped up for me. what about you guys?
Seems better,
But I switched computers so it's impossible to give a definitive answer.
Ron
It does seem a little faster.Waswondering what was up.
This should be a hanging offence
This is why some forum registrations require squiggly letters. By the script he was performing a brute force attack. If you want you r ego stroked a little Alan, this normally happens when a sight gets big enough to warrant the attention.
Ron
Spotty performance this morning, again. :-\
it's sped up quite a bit for me.
Quote from: noyb72 on October 23, 2012, 11:31:32 PM
Allan,
If you have acess to your hosts ACL, blocking that IP will fix it, this sort of stuff is basically my job.
Ron
Blocking an IP via ACL or any other means for that matter will not necessarily resolve the real issue. Even if the attack is coming from a static IP, its simple to change IPs, tap off another IP, or even obfuscate your source IP. Understanding/becoming the attacker as well as protecting against it is basically my job ;)
Posting the source IP of the attack may not always be the best thing to do. The owner of the IP may not even be aware that their system has been compromised, which is the case in the good majority of instances. Furthermore, posting the IP may cause curiosity on behalf of forum members to attempt to navigate to or even worse, attempt to retaliate against this IP. Both these situations could be bad because if the attacker has setup some form of malware hosted on the IP, it could easily infect those accessing the page. This is not an uncommon technique to drive unsuspecting people to an infected host. I can go on and on, but I what I am saying is that I strongly suggest that you dont attempt to connect to the IP let alone PING it, port scan it, etc. Alright, I'll take off the Information Security Evangelist hat and put back on my fisherman hat :)
Sorry guys if it sounds like I am lecturing, I am really trying more to educate. Sending you a PM Alan!
I wholeheartedly agree with everything ReefMonsta said. What I recomended is still my (and the Navy's) first step in reducing issues, but if we're dealing with something more than an idiot, things get harder fast. Good on you Alan, in a major way, for reviewing your logs and identifying the issue. Log reviews are the most uninteresting thing to do in the world, and probably the most important in the terms of a computer system.
Ron
Very slow here in the UK again this morning.
thanks for the advise, guys. and yeah, it's slow again...... >:(
... and I was blaming the trans-pacific connection until I remembered my web site is hosted in the US and it is performing flawlessly!
Quote from: Jerseymic on October 25, 2012, 06:20:01 AM
Very slow here in the UK again this morning.
Me too :-\
Slow in Oz as well
What is there gain from attacking a "critical" site like this?
guess it's just what they do..... :-\
I can come up with things I'd like to do to them.
Does't seem to bad here, now.
It is just what they do, but it might be more than you realize.
If this isn't just some kid being an idiot, this could be only the beginning. Getting access to the sight is the first step. That opens the door to more attacks and data collection that gives data about users and administrative access. This allows them to find all sorts of data and maybe, unfortunately, spam the sight with advertising and all other garbage we don't want here.
Why would they do this here? Have you goggled Alan Tani lately? Their are lots of individuals in the know that refer to him concerning all things reel. But it gets better; search for Keta and find out about his stainless dogs, or Dawn at Smooth Drag or or or ... All of these people come here and all are significant parts of the large cottage industry of reel repair. Can you imagine if one of their spams caught Alan's attention and he acquired the product and then liked it and gave it his blessing here? How many here have a tube of Blue Yamaha marine grease because it is what Alan Tani uses? Lots of people spend lots of money trying to make this happen, and it happens every day. I spent 3 years teaching sailors how to protect Naval networks from this crap.
So, just a little enlightenment about the seedy, horrible dark world of hacking. All in all..
I"D RATHER BE FISHING!!
Ron
ron, i know you're right, but i would think that the lack of advertising here would make this place much less a target. there is no money being passed around here, and certainly no launch codes. the guys that are popping up and guys that tried to register and are then banned. they go onto a banned list. (i think) the software does not even allow them to look at the site at all. and yet keep on trying to ping the site. each time they come up on the error board to indicate that they were blocked. so i'm guessing that the software is working the way it's supposed to, but the site is still slowing way down. i dunno...... :-\
I would think that a Go Daddy block list would not effect this sight. Have you contacted them yet? They would have more info.
Ron
stephen is my go to web guy and he is checking. i was thinking about going to a dedicated server, but the costs would be prohibitive.
well, there have been 690 attempts to view the site from this same guy from 1:59pm to 3:14pm. if nothing else, he is persistant.
I just jumped on and it happened at Warp 10! Go figure. Did the idiot finally give up?
i must be getting old cause i was falling asleep waiting.
Slow for me again this morning.
Very slooooow here in the NE and the storm didn't hit yet :-\
Quote from: alantani on October 23, 2012, 10:56:18 PM
i figured out the reason that things here are so slow. some idiot has an ip address of ***.178.26.99 and he is attempting to log in. he is trying at a rate of once a second. THAT is what is slowing things down.
Quote
ID deleted. thanks, guys, for the advise.
this guy is still trying and is being blocked, but it's an overload on our systems. Will look into alternate methods.
It has gone fast for me in the UK tonight, it's been a while since it has been this quick.
he's gone (for now). back up to speed.
Wow! it's now going so fast, the mouse slipped out of my hands ;D
Quote from: alantani on October 27, 2012, 01:09:49 AM
he's gone (for now). back up to speed.
He was trying so hard, there must be a pretty good reward or bounty to hack the site. Should we feel honored or just ticked off? :-\ Too many out there that need a life.