It's holiday/DDoS season

[Dark0ne]

Over the past 24 hours the Nexus sites have gone down 3 times, sometimes for as much as an hour. It's school holiday season which means it's also DDoS season, typically a time when an abnormally high amount of DDoS attacks happen (logical conclusion is...?). We're told by our hosts that we are not the target but unfortunately we're being taken down due to the attacks happening against our host's and main data centre's infrastructure. It's nice to know we're not the target, at least, but obviously it still sucks.

 

If you're wondering why we don't just "do something" about it. We do. We pay a lot of money (right now about $3200 a month and growing) to help against DDoS attacks, but DDoS mitigation is a bit like

where Jim Gordon is talking to batman and he's talking about escalation. "We start carrying semi-automatics, they buy automatics. We start wearing kevlar, they buy armour piercing rounds. And you're wearing a mask...". You can buy a ridiculously expensive firewall that can scrub 20GB/s of malicious traffic on your upstream, then you'll just get attacked by a bigger botnet that attacks you with 50GB/s of malicious traffic. You buy a firewall that can handle 75GB/s, they attack you with 100GB/s. And so on and so forth. And each time it gets more and more expensive to combat against. And it can get really, really expensive after a certain point.

 

We and our hosts continue to react to the DDoS attacks as and when they happen. If they happen while I'm at my computer then I'm updating the Nexus Twitter account to let people know about the down-time and that we're aware of it. So if you like to be kept in the loop while the sites are down then you can follow us on Twitter. We don't really use that account for anything else right now so you won't get spammed about crap you don't care about!

 

While the techheads work to sort this out for all of us (and this DDoS is affecting thousands of sites, so we're not the only victims) please sit tight and be patient. At the end of the day, this is one person ruining it or all of us. Well, one person, and hundreds of thousands of computer illiterate people who haven't secured their PC's/routers/Internet of Things hardware against people using their hardware as botnets. So by all means, take this time to review your own system security!

[MotoSxorpio]

Thanks for the heads-up. Maybe school should be full-time, keep the kiddies off the keyboard.

[RoyBatterian]

They think it's funny to cause other people grief. Sadly they attack the wrong things for the wrong reasons.

[Kalell]

I know how to keep my PC clean, but how do I check my router? I have a security code for it so people can't use my network without permission, but is that not enough?

I'm pretty sure I don't have any bots using my network though. My connection is really slow and if anything at all was using bandwidth I would know (especially with videos).

 

Edit: I did some research and it turns out the firmware in a router can be infected by viruses but it's pretty rare. Usually the viruses are targeted towards specific brands with vulnerabilities. Most routers, as long as they have a good password, updated firmware, and the correct settings, should be safe.

Edited July 22, 2015 by Kalell

[Brigand231]

Ah, was wondering why stuff was going so slow today. We'll weather the storm as usual.

[Lara11]

Thank you for sharing your thoughts about this topic!

Wish you all the best. Keep up the good work!

[FurAfterDark]

Who would DDoS a modding community? isn't that kinda an oxymoron move? o.o

[Madcat221]

In response to post #27187839.

FurAfterDark wrote: Who would DDoS a modding community? isn't that kinda an oxymoron move? o.o

Petulant little twerps do it. Particularly ones who wanted to turn this place into their own personal playground but were denied.

If you run across anyone elsewhere on the 'Net that claims they were banned from the Nexus network "for no reason", ask their handle and search that forum to see the "no reason". Edited July 22, 2015 by Madcat221

[Thaiauxn]

If you have that kind of tech power and use it to suppress bad people, you're a hero. If you do it for s#*! - what does that make you? When we find you, what should we do to you?

 

I think Ddos attacks and the like are a very good example of why it's bad to let your disenfranchised youth go completely without any direction or available social services. You have to have a moderate income to sustain a botnet. Even just a laptop will do, but it takes time and patience. Anybody willing to go through that level of work would be awesome if they had some direction and a job that needs solving. Find them. Put them to work. Inspire them. Give them a reason to wake up in the morning.

[Skyrabbit]

In response to post #27188304.

Thaiauxn wrote:

If you have that kind of tech power and use it to suppress bad people, you're a hero. If you do it for s#*! - what does that make you? When we find you, what should we do to you?

 

I think Ddos attacks and the like are a very good example of why it's bad to let your disenfranchised youth go completely without any direction or available social services. You have to have a moderate income to sustain a botnet. Even just a laptop will do, but it takes time and patience. Anybody willing to go through that level of work would be awesome if they had some direction and a job that needs solving. Find them. Put them to work. Inspire them. Give them a reason to wake up in the morning.

Good point, well made.