T2W under fire

Sharky said:
In theory it's a good idea. But the problem is the ips are coming from countries all over the world. Since we added DDoS protection last week, there have been some 23,021 threats detected. So given the little resources we have, the sheer scale of the attack makes impractical to really do anything more than try to protect ourselves. Sucks doesn't it!
Click to expand...

Just a thought - as no computer tech guy - but is it worth checking out say all new members who have joined in last 28 days - or even last 14 days - and then split them into countries etc and ask them not to sign in or say 1 or 2 hrs on certain times during this next 7 days - ie trying to break it down by deduction etc

I have no clue how many new members you get every month - but says its under 300 or 500 - then this might be all achievable etc.

If then any new member fails to adhere to your request - and the attacks continue during their time windows etc - you might be able to narrow it down to say less than 50 or 100 IP addresses etc.

By being able to narrow it down - you might see then some connection with an anti T2W group etc .

Also if you think the culprits are continually taking new memberships every day - or a s guests - ban all guests for say 7 days etc - ie shake them out some way

Only ideas - but I am always looking at ways to solve problems etc - and I am sure there as got to be a way of overcoming this rather than just staying on the "back foot" and being under their control etc

Meanwhile good luck and don't let the bar stewards get you down

Regards

F
 
DDoS does not work like that. You don't need to be a member to generate enough http requests to flood the web server, app server or take advantage of limited connection pools on a database to bring a site down.

@Sharky, do you know what type of ddos it is? Can you see from the Apache logs what the incoming request looks like?
 
Last edited:
gut feel for me is a group just having "fun" and simply targeting T2Win..........to see what havoc they can cause ..............

otherwise........ some disgruntled newbie(s) who are obviously better at hacking than trading ?

N
 
Sharky said:
In theory it's a good idea. But the problem is the ips are coming from countries all over the world. Since we added DDoS protection last week, there have been some 23,021 threats detected. So given the little resources we have, the sheer scale of the attack makes impractical to really do anything more than try to protect ourselves. Sucks doesn't it!
Click to expand...


Have you contacted competitors to ask if they have been targeted or had requests or threats made to them? ie We can do this sort of thing to your site too if you don't pay us...

Just thinking the motive is key - as it takes a lot of effort to setup and carry something like this out as well as when the BOTs detected and malware removed, hackers lose assets?

Time zones significant too.

Morning time seems to be significant. Either T2W is the target or the guinea-pig for something bigger - with due respect.
 
Atilla said:
Have you contacted competitors to ask if they have been targeted or had requests or threats made to them? ie We can do this sort of thing to your site too if you don't pay us...
Click to expand...
My first thought was the DDoS protection providers themselves.
In order to provide a service, you need the threat there in the first place. I wonder how many of them there are, and could it be a ring.:idea:
 
Atilla said:
... it takes a lot of effort to setup and carry something like this out as well as when the BOTs detected and malware removed, hackers lose assets?

....
Click to expand...

It really doesnt take much effort. I joked it was outsourced to India, but I have seen web pages from Germans who will do this kind of thing for between 200 and 500 euro's.
14 year old 'script kiddies' can do this kind of stuff.
 
postman said:
It really doesnt take much effort. I joked it was outsourced to India, but I have seen web pages from Germans who will do this kind of thing for between 200 and 500 euro's.
14 year old 'script kiddies' can do this kind of stuff.
Click to expand...

Is it possible to find some "script kiddy clever so and so" who might be able to source it via some method - and then re direct it to attack some minor stuff at the "white house" or the "pentagon etc - ie their pay roll programs etc - so that they then end up on the CIA's most wanted list - and then with a bit of luck on "death row" lol

Ok - I am joking - but I am sure there is always some smart ass who can out trump another lesser one ;)
 
You can buy ddos attacks very easily on the undernet/tor network sites such as silk road. I'd start with users who use the tor network to connect to this site
 
ffsear said:
You can buy ddos attacks very easily on the undernet/tor network sites such as silk road. I'd start with users who use the tor network to connect to this site
Click to expand...

sadly you are spot on ffsear. I was recently completing some research on insider trading using the darkweb. Amongst many of the dubious services on offer were hackers for hire who will anonymously do this sort of work. :(
 
robster970 said:
@Sharky, do you know what type of ddos it is? Can you see from the Apache logs what the incoming request looks like?
Click to expand...

Probably best not to discuss on here the type of attacks, but we know exactly what they are, and the DDoS protection service along with our own server/network monitoring gives us lots of information about what's going.

Atilla said:
Have you contacted competitors to ask if they have been targeted or had requests or threats made to them? ie We can do this sort of thing to your site too if you don't pay us...
Click to expand...

No I haven't, but I've kept an eye out on other forums, and not seen anything that makes suspect others are being targeted.

Atilla said:
Morning time seems to be significant. Either T2W is the target or the guinea-pig for something bigger - with due respect.
Click to expand...

I think morning is significant only so far as there's likely to be anyone around to deal with it. It means getting people out of bed, and that's only if you've got alert monitoring set up and you're not a heavy sleeper!

Like Postman, ffsear and SpreadDocter said, these day's it's not hard to do and probably not that expensive. My first instinct was the same as NVP, some random targeting of the site. But given the amount of time that's passed and the on-going nature, AND the number of enemies the site has attracted over the years, it would not surprise me if someone with a grudge against the site was behind it.
 
Atilla said:
Time zones significant too.
Click to expand...

ha ha ha really, sherlock? its a website attack by plethora (can be thousands) of computers hitting t2w site at same time to bring it down, yet.........the timezone when it occurs is significant, SIGH......

fyi your pc prob has a scheduler - you can schedule it to do stuff when you are asleep......eg perhaps you shld get it to think for you, asleep or awake.

you can buy ddos kits online, as prev mentioned, for FA.

rgds,
watson.
 
rsh01 said:
ha ha ha really, sherlock? its a website attack by plethora (can be thousands) of computers hitting t2w site at same time to bring it down, yet.........the timezone when it occurs is significant, SIGH......

fyi your pc prob has a scheduler - you can schedule it to do stuff when you are asleep......eg perhaps you shld get it to think for you, asleep or awake.

you can buy ddos kits online, as prev mentioned, for FA.

rgds,
watson.
Click to expand...

Well computers have to be on to carry the attack out and someone somewhere must think about when to launch it right?

I wouldn't know how to engineer something like this but if you guys say one can buy the kit or the service then the question still remains why the attacks don't take place over bed-time GMT.

If it is scheduled for SOD UK and stops with COB UK then outage seems to impact the UK/EU visitors.

If it is some random script kiddies experimenting in Asia it would be out of hours for UK.

It's possible it's someone in the US coding into midnight but PCs/bots likely to get turned off.

Fact it starts early in the morning over last few days displays deliberate calculated intention or habit???


And thanks once again as I had no idea there was a scheduler on the PC and computers could do that??? (y)
 
10 10 am Wednesday am UK time

Touch wood - no real problems on posting on thread this morning - and I have done many as FX markets been busy - again :)

Keeping my fingers crossed that T2W defence's are working

Good Trading to all members

F
 
Yeah the defences appear to be working for now. I ramped up the protection last night and despite another attack this morning, about the same time as yesterday, the site held up just fine.
 
Weekend was clear, although we came under fire this morning, so you might have experienced some slowdown for a short period. I'm continuing to monitor and make adjustments.
 
You must log in or register to reply here.

Similar threads

P
T2W and the Arab Spring
Replies
12
Views
2K
the_coumiester
T
B
Tracing viruses - help needed
Replies
4
Views
3K
oatman
O
Sharky
Share Attack by Malcolm Stacey - Free Review Copy Offer
Replies
15
Views
6K
Jason101
J
Sharky
New T2W Website
Replies
3
Views
3K
Sharky
Sharky
Sharky
Follow us on Twitter!
Replies
13
Views
3K
arabianights
arabianights
Top