As seen on WHT. I was on my last day of holidays — driving 500km back home. I was at the beginning of the journey when I received the notification from Pingdom. At the beginning it was LowEndBox.com (hosted at QuickWeb), and a few hours later (after I left some messages on LET), LowEndTalk (hosted at eNetSouth) is down as well. I am now back home trying to clean up the mess.
- Roel from QuickWeb has offered me a new IP that’s not null routed by SoftLayer. I have updated DNS to reflect the changes. Moreover, I am putting CloudFlare in front of LowEndBox.com (as suggested on WHT) to see how it goes.
- Brandon from eNetSouth has suggested to move LowEndTalk from San Jose to Chicago with ColoCrossing with better DDoS mitigation facility. This is currently in progress.
I will keep this blog post updated.
Updated 16 July 21:45 UTC: Looks like LowEndBox.com was attacked again around 4 hours ago (~18:00 UTC), as commented by Roel here. 3.5Gbps peak, although from my Cacti graph the incoming packets was only burst for < 15 minutes — could have been blocked on the router by Cisco Guard. It could be null-routed any time…
Related Posts:
Should You Change Your Windows RDP Port? Yes.
You Don't Want to Start a Hosting Company: A Parallel From History
Gloo.top - a Cool LowEndTalk Member Link Shortener You Should Check Out!
Let's Check In: sh97's Network Benchmark Script has Plenty of New Developments!
Looking for a Cheap Domain and Don't Care About the TLD?
The Coolest Project Ever: bashvm
The original owner of LowEndBox known as "LowEndAdmin" or "LEA" for short founded LowEndBox in 2008 and created the concept of hosting applications on low resource "Low End Boxes". After creating the roots of the community that we know today, "LEA" stepped aside and allowed others to carry the torch forward.
Latest posts by LEA (see all)
- 5 Reasons Why You Want a Low End Box - May 26, 2021
- Dead Pool January 2012 - February 2, 2012
- exit(0); - January 19, 2012
Haters be Haters :)
Good to have you back from Vacations
Glad to see your back. CloudFlare is great, im sure you will love it.
Not great for dynamic sites.
I know Apache has a mod_security etc to mitigate smaller to medium scale DDoS, is there something in nginx that can do that?
Also I am interested in the origin of these DDoS! May be, we could trace our little bugger who hates LEB
I know apache also has mod_evasive.
No software will stop few gigabit attack on server :(
According to Brandon, the attach on LET are UDP based packets so not fake HTTP requests this time. Actually HTTP ones are relatively trivial to filter…
Yeah, fake HTTP ones bring down Apache, but not Nginx. UDP ones kill connection so there is no way to access the server. I think CloudFlare will do the job.
NGINX isn’t immune to a HTTP DDoS, but its far more durable then Apache.
mod_evasive with mod_security in apache can mitigate fake HTTP request, but there is no such anti-ddos tool for nginx.
We’ll see — if it works well I am happy to pay for it. However it still reveals what your real IP is so the attackers can bypass CloudFlare and bring the backend down.
how it reveals your real ip? i can’t find a way to get it.
@Birt
several ways, Portscanning being one of them.
I’m also interested how can you still show your original IP instead of CF’s IP.
whois…
Whois will eventually get updated and will show CloudFlare’s IP insted of QuickWeb’s IP.
WHOIS should already show CloudFlare’s NS.
This site seems to pretty up to date but shows the SoftLayer IP.
http://who.is/whois/lowendbox.com/
Some of the reason is, if we see the dns info from intodns, our ip still exist there.
Reverse MX A records (PTR)
Sure let us know how CF turns out for you. I’ve been reading few threads on WHT but a little skeptical about it still.
It blocked a 2.5gbps udp attack for me
When a DDOS occurs, CloudFlare will protect itself. CloudFlare primary not a ddos guard service! In the same situation, CF redirects all requests directly to your server, the results will be the same – your IP will be routed to blackhole :(
And when you log in into CF, the following message will be waiting:
“CloudFlare has been temporarily disabled due to a system issue. To ensure there is no performance degradation to your website, we are temporarily routing all traffic directly to your server. Once peak performance is back, we will automatically re-enable CloudFlare.”
Be careful with CF, it will protect itself, not LEB :(
it’s not easy to figure out which site causes a udp attack when there is 100s of sites sharing IPs.
@dmmcintyre3,
yes, it is.
BTW, cant find the reason for such attacks to LEB.
Also does CloudFlare use geoip for its DNS resolution or are they on anycast? With geoip, different zombie PC in the part of ddos botnet might be resolving the target to a different IP, which then dilute the attack…
Still trying to work out how this cloudflare thingy works.
CF is on anycast. They mentioned it on the plans page, and I found it on their blog (http://blog.cloudflare.com/1-billion-served-every-day) as well.
Good luck with getting the site back in working order!
Any stats we can see?
Nope. Nothing this time — my 5 minute rrdtools shows *nothing* strange and I only know that it’s a DDoS when I saw someone asked QuickWeb Roel about the situation on LowEndTalk (before it went down).
Damn! Who on earth would do that with a site that provides valuable information on how you can get more for less in relation with servers? :(
LET is still down for me :(
what a humor!
Yes, I still can not open it.
So, where is the humour?
I’d like to say what humor the attackers do. What did they do for?
I use CloudFlare on all my sites, it’s great and I see no reason not to use it when they offer free DDOS protection hosted offsite.
Does CF really offer free DDOS protection?
It’s not the same protection as hardware or even commercial software, but DNS protection.
I’m not 100% sure how they do this, but from my logic if they see constant garbage being sent to the server their system blacklists the senders IP for some time and this way DDOS at least gets leveraged.
that, and it’s anycasted, so instead of a botnet hitting a single host, they’re ending up hitting thousands making it that much less effective
They don’t call it a DDoS solution, but yes CF can withstand some small scale attacks.
http://www.webhostingtalk.com/showpost.php?p=7535993&postcount=14
http://support.cloudflare.com/discussions/problems/9050-good-ddos-protection
I can’t use it, $21 for SSL is too much.
dmmcintyre3: not sure if your SSL is configured correctly on freevps though…
it’s the ads
I see, make sense then.
I have noticed this when i wake up this “morning” (12 PM :P ) thanks to WHT someone open new thread for LEB (and LET).
btw glad to see you back to your “office” LEA.
Hope after this occasion, LEA would share some experiences to us.
Agree..!
First thing I woke up this morning was to check on iphone to see LEB is back online, and gladly found so!
And to DDOSers: LEB is here to stay, an attack from you means nothing more than you are a childish and foolish kid :)
http://isitmyinter.net/?domain=lowendbox.com
:P
http://isitmyinter.net/?domain=lowendtalk.com
yeah we know. everyone cry :P any news from Brandon eNetSouth?
Nice attempt to advertise your website. :|
@Daniel: http://goo.gl/lLc3J
Yeh I spent 2 hours coding it, Ill strip HTML in next release.
security first, code later :|
Its HTML code. Hardly as if its a MySQL hole or similar. It will be patched in the next few hours
I must be tired. Just took me five minutes to figure out what you are all looking at.
Keep the You Fail girl in there. Looks cute. :)
@Vlad Hahaha yeah xD That’s what I wanted to say :P
dan m8, if you forget most basic thing of sanitisation, what about everything else.. eventually you’ll lapse and not have someone to point it out…
sure it’s not mysql.. but you can have your domain used for malicious malware driveby, redirects, peddling spam, etc..
Dont worry, Ill make it so if you post WebHostingTalk.com in there it comes up with the fail girl.
I fixed it.
Plus, http://isitmyinter.net/?domain=failgirl.com if it makes you happy.
@Daniel: http://goo.gl/swr2w
Fail.
Patched, forgot to add it to $port
Wow, there actually is a failgirl domain.
http://whois.domaintools.com/failgirl.com
Blocked from here so it may be NSFW.
My bad, I didn’t notice that, seems the few hours that had the attack, where exactly adjusted with my LEB visiting schedule! But I still can’t thank the hacker though!
Keep it going LEB you are doing great stuff! :)
What kind of pathetic scumbag would DDoS LEB/LET…
I can think of a couple folks who would take a shot at it.
LEA has been posting a lot more ‘gameserver’ companies, namely ones doing minecraft and have a past in runescape. I know runescape is jam packed with DDOS skiddies and minecraft seems to be getting their bunch too (could very well be the same users).
Francisco
Haha yes. My own perception of gameserver-type — teenage boys need more dosh so resell part of their gaming clan’s hardware as virtual servers. At the same time I also want to acknowledge that it’s how many legitimate hosting companies got started in the first place, so I posted their “deals” anyway.
*sigh* I remember runescape. Gave it a try a few months ago and couldn’t stand their new intro adventure. Never went past it.
Wouldn’t Minecraft be promoted more because that’s what the “in” thing is currently with us techie types? I still haven’t played it.
If you are not running any UDP service, I suggest you filter UDP packages to REJECT by iptables.
Not going to help if the attack is bigger than the server’s port speed. I have not seen ANY lowendbox with a 10gbps port.
Sorry, sir, but my 15$ year is dedicatedly connected to Level3 with OC-192. It also comes with a /8 of IPv4 so whenever the attacker attacks several IP I can simply null route them.
(I’m sure this are to be removed – help!)
Who is the provider? I am hoping they charge you separately for the network or else I’d wish they would not be in deadpool soon :)
Show me where, so I can buy one.
You have a /8? I looked at some OC-192’s but all they would give me with them was class C’s. (I can never remember what /# is which. I do remember though that a /8 is a Class A set of Ip addresses.)
c /24 iirc
Doing this (filtering UDP packets with REJECT target) is a very good way to help the attacker totally kill your server. Better use DROP instead of REJECT. And watch out to not filter the responses from your resolvers.
Udp should have been dropped by default on my iptables rules. However it’s the size of the attack that’s bigger than upstream. I got automatically null routed even before the packets have a chance to land on my box.
Nice. I’ve got someone slandering me over there on WHT. And folks wonder why I don’t spend any time over there.
I think he was joking.
So glad some folks think accusing people committing a felony funny.
You really are Dr. Sensitive.
This is not the first time I catch you with no humor ;)
I only saw your name mentioned once but it wasn’t serious at all. I would contact a WHT staff member though if you truly felt the user was trying to be malicious.
Already did. Got lied to three times by a “Community Liaison”, reminded that I was harassing them when I was trying to find out why I had been banned a few years back, got pointed out that I had created a dupe account to file the report which was a nono, (I created the account to make the report and was in fact honest that I stated it was a dupe when I did make the report.) and yet the post is still there.
Oh, that sucks. Sorry to hear that.
http://helpdesk.webhostingtalk.com/
I don’t think you need a dupe to file a report there.
That WHT post is kinda harmless though.
drmike has his own views which he is completely entitled to… even though he has been wrong before (like when he went off on me for being a staff member of WHT when I never have been).
@KuJoe, well that was my view about that post :) like you say everyone has their own views, and IMHO it’s always better to not feed the troll.
@circus I agree, it looks completely harmless to me too. But if it bothers drmike they should remove it.
KuJoe, you stated on LET that you were a member of WHT. I’d give a link but the site is still down of course.
LEB will be getting better after each accident.
BTW LEA if I were you I would rather not to update the DNS with dnsmadeeasy. I wouldn’t be brave enough to let attackers in again.
Is there any efficient way to prevent the DDos attack? Especially for the vps with tiny memory.
Nothing to do with memory size I think. They simply jammed the pipe.
I am not sure what can be done in the case of ddos. Hiding behind some fat pipe reverse proxy seems to be the easy way out.
I’ve seen some awesome documentation on putting some Squid proxies in front of your servers to mitigate DDOS attacks but you’re still looking at additional server costs and paying for the bandwidth. I’ve read awesome things on WHT about DDOSDefend.com and they are really cheap also. Of course I’ve also read that LEA is adamant about not “hiding” his IP information.
$65 monthly isn’t really cheap compared to the LowEndVPS that LEA is using to host the site at the moment.
I think CF is the best option here.
I meant cheap in regards to all of the other DDOS mitigation options out there. As previously mentioned CF is not a DDOS mitigation service so while it might do well for very small attacks, it doesn’t take much for an attacker to get past their limits.
Besides that attacks aren’t really a big thing here – LEA was on holiday which is probably why the attack lasted so long as he was unable to intervene. It’s the first attack in a while. I think DDoS solutions aren’t needed at this stage.
I was actually replying to Timothy’s comment and not LEA’s reply. ;)
@Timothy
“Dismantling botnets in advance” might be the best way to prevent DDoS attacks. As a matter of fact, being DDoS attacked is a golden opportunity to collect the IP addresses of infected computers, if they haven’t been tampered with by the attacker. ISP should have dropped network packets with forged IPs in the first place.
If you’re using cloudflare set it up so your server only allows connections via it since as far as I know it acts as a proxy you can set it up so that your webserver only recieves requests through it and doesn’t allow direct access.
Hope this helps.
Hey LEA
I feel like most here, I was eager to see LEB back online. Well, as we all know we cannot do anything about those DDoS bitches, we could still offer you our help. I’d really love to provide a LEB mirror, and I think others might be too. BTW, why would someone attack such an awesome site such as LEB?
Don’t know how true it is but was at a hosting IRC and I said does anyone here use LEB.
About 5 minutes later someone said yeah , so i asked him is it down.
He said yeah and went onto say that he heard a kid called Jason had got mad with the community and admins.
Again i don’t know how true this is but the ‘informant’ is quite well known in this particular IRC.
That would be right. Jason is a little cry baby who starts up VPS business, takes the money and runs.
Jason from that sky news article? AKA JSCL?
If it really is then he had stooped even lower than I thought he’d ever go – Not that he’s a reputable person anyway.
He is simply a bully and doesn’t like it when he gets his own way.
He threatened me with legal action a week or two ago – Haven’t received no ‘letter on my doorstep’. Shows how pathetic he is.
I would say that’s just a speculation heard from an anonymous on IRC. There has been some disgruntled users on LET and it could be done by pretty much anyone.
I shall focus on rebuilding lowendtalk in the next couple of days, ie moving away from OSQA as suggested, than coming up with more speculations.
Try XenForo , vBulletin or IPB. They are my favorites :)
Paid solutions? lol. I find the ‘free’ ones to work a lot nicer and have better ‘usability’
heh Just remembered about the wiki. That’s still up. :)
The wiki is the same as LEB right?
I believe so.
Been trying to find a decent DNS provider. Been going down that list on the wiki of them.
Welcome back admin.
I noticed it was down a couple of hours ago, when I checked my site that has LEB feed.
So welcome back from holiday and website recovery :)
Still can’t access LET – Any reason why?
You sound like if you were the LEA’s boss ¬_¬
Reason why?
“Brandon from eNetSouth has suggested to move LowEndTalk from San Jose to Chicago with ColoCrossing with better DDoS mitigation facility. This is currently in progress.”
I hope this answers…
I am also glad too see this site back. Opening those pages became somehow part of my daily routine.
Yeah I am not too sure about the status. Maybe you guys can have a nice weekend at the beach, than trolling each other on the LowEndTalk community :)
I think that’s why I slept so good yesterday. :P
Great to see that LEB is back again. :)
@LEA At ydgh we have suffered a few DDOS in the past week as well. I feel they may be connected with yours.
Ahem. Sorry I don’t want to accept that association. I don’t want to see everyone getting DDoS’ed coming here whining “my site got denial of service attack because it was connected to LowEndBox!!!”
I highly doubt that it would be connected.
I don’t think it is an uncommon think for VPS providers to be getting DDoS attacks. I don’t think it has to do with the attack on lowendbox, but sure everything is possible.
@LEA,
I found at least two traces to your “real” IP. Will be emailing you soon:)
I know the real IP too, I found it the same way I found LEA’s personal blog.
Thanks. It’s actually not hard to work out with *any* CloudFlare site, if you know that hard coded hostname CloudFlare exposed via its DNS, which I have no idea how to disable…
@dmmcintyre3 — yeah I know that you knows about my personal blog + added me on Twitter, etc. Being online for so long it’s actually quite hard to be anonymised. However I chose to use LowEndAdmin alias here just to keep this part of my life separated. Getting DDoS is one thing. Having a mad man ringing your phone with death threats, stalking you online everywhere — to a point that I need to get police to issue a restraint order — that’s something else. It happened to me once over that mediocre startup I ran, and I do prefer having less of that. So, pssst, don’t paste my blog address everywhere.
dmm is an stalker :| damn… xD
What? the domain was the from address in his old comment subscription emails.
Nope I wasn’t implying dmm was stalking. He has been pasting my blog address here before so I was just asking him not to do it anymore, as I do prefer to keep this part of my life separated.
Yes I am just kidding you know :P
And folks wonder why I won’t list the company I work for. What LEA covers pretty much happens to me. I have a few restraining orders out there.
Against you? :P
Nope, not a one. My ex tried to get one against me when she came back to Charlotte but the judge wouldn’t allow it after we documented her outstanding warrants as well as her mental instability bother when we were together and afterwards. (She never showed up in court. Would have solved lots of the current issues with the business if we had.)
There’s a fairly popular developer who shall remain nameless who can’t come to Charlotte because of threats, both legal and physical, made to me over the net.
Which part applies to you? Which end of death threat phone calls was it? :)
Nah, she skipped over the phone calls and went straight to the drive by’s. Twice.
When you comment on a post from the blog address with the IP rather than the domain – You also give the IP link address to any one subscribed ;)
You can use direct-connect.domain.com with CF to access the site directly.
Yeah. That hostname applies to all CloudFlare sites when you need to find the actual IP address. I don’t think CF was designed to conceal the real IP of the servers in the first place.
You can remove the direct-connect in the dns manager, no?
Nope. If anyone knows how please tell me :)
It’s just another record, delete it or rename it.
Try going in to https://www.cloudflare.com/dns-settings.html?z=lowendbox.com – there should be an entry for direct-connect
I always just rename the record to something completely random.
Nope. No direct-connect there. It was offering to have a “direct.lowendbox.com” A record before which I removed, but there does not seem to be a way to change the direct-connect record. Maybe I shall click on that Help link to see whether it can be done.
Hold on. That was not true. Mine is NOT resolving – not just not appearing.
so LET still down? glad the attacks already stopped… anyway things like this will make lowendbox.com stronger —looking at the bright side of things :)
Yes, it is. Takes a little time when you are bringing a permanent solution rather than circumventing a DC’s null route. ;)
Glad to see LEB back as well.
Still down for me. Time out error for me.
11:31 AM US Eastern time. 3:31pm UTC time Saturday
I second that, Roel :)
Great! DDOS was stopped, Lowendbox is back :)
Interestingly accessing the site from the IP loads the page faster than going through the domain and CF.
IP: 2.9 seconds
Domain: 3.8 seconds
Tested from Pingdom.
direct’s always gonna be faster than proxied, but check an image (cf-cache-status: hit) or w/e
The site was down again for a while. Was getting the CloudFlare error page saying that the server was down.
LEB is behind Cisco Guard at the moment looks like it is under attack but now able to hold up a bit, attack is at 3.5G
WTF 3.5G what kind of low-life would do such a thing?
it “might” possibly get null routed again if it continue i’m afraid
Where are the main offenders coming from? Because 3.5G is huge for a DDoS aint it.. Almost like its a Server Attack.
it is from all over the place of course.
i said main not Offenders in general :)
@Daniel — when you have a 3.5Gbps DDoS flooding your link, it’s not likely to be generated from a single ADSL link in someone’s basement.
I don’t recall offending any Russian mafia on this site before (although I could be very wrong), so being able to send such a payload would be from leased botnets. I guess it could be hard to find out who the main offender is by just analysing the traffic.
Actually we will never know how many of those unprofitable hosts with nice template but lack of company info, lack of support, etc… (which means unserious hosting business) from all over the world featured here aren’t anything else than money laundering.
@Spirit I wash my money everyday… is so dirty
LOL
Dr Mike?
http://www.youtube.com/watch?v=mIrw5vwe2ag
Yup, looks like him all right ;)
Nope – this is him
Oh yeah, I recognize the smile.
Is that true? in my imagination Dr.Mike more look like Fat Mike (NOFX). no offense Dr.Mike. :)
waiting LEA photo now.. :P
Pfft, not posting LEA’s photo – he can do it himself if he wishes
Actually this is me:
http://drmikessteakdinner.com/about.html
And Youtube is blocked on this network so I can;t comment on that.
Is that really you @drmike? wow, you don’t look 40 to me. Is it Photoshop’d :D?
@Asim don’t forget this “nearly 40 year” and with “2007 shirt” :D but yeah, mostly +++ image editor. :P
@drmike since when you put your own photo in drmikessteakdinner?? never seen that before.
any news from LET (Brandon or someone) ?? i’m worrying my karma :D and maybe create new “question” – share your pics/photos!! – with some hope LEA could join in also. hehehe
I don’t think so. They would kick him out of a library if he would talk that loud!
looks like there is Dr Mike fan club here aye?
wondering why :D
I am almost thinking to set up a FB fan page called something like: “Screw you LEB DDOSers” :) Anyone with me on that?
Do it, but think that is just following their kiddie game… (I don’t know how to say the phrase in english xD)
Yeah, less fuss around, better. Kids like attention… so who cares.
That is true, sigh, hopefully one day someone will find a way to resolve of the DDOS cr@p, very unlikely though…
i’m not. :D
1. i’m getting (small) DDoS too after i WRITE my comment here. so you must put me too in your fb fan page. :D
2. i don’t have account in facebook. :(
but still screw you LEB/LET DDoSers!!!
LOL, and screw CPS DDOSers too :)
Hi;
It’s a shame to see that someone would DDOS such an excellent resource like Lowendbox. Hopefully it won’t happen again, Cloud Flare is great and it handles small to medium attacks pretty good in my personal testing. :)
Best,
Kevin
There must be a way to completely remove the direct-connect.domain.com thingy since LulzSec can apparently remove theirs.
I did a dig “any record” query on LEB and Lulzsec domains.
Maybe the non free service
What I want to emphasize is that, none of my protected domains does have that “direct-connect” record and I’m using their free service.
So, then share how you did it.
I’m just telling that it was not “hard-coded” or whatever. Believe me or not, it’s your decision. I’m not going to prove it to anyone.
I will play around with some setting later today. I suspect it might to do with other DNS entries depending on the direct connect. I will see removing those would hide the direct connect entry.
“We added a subdomain that allows you to access your server directly without passing through the CloudFlare network. You should use this domain to access services like SSH, FTP, and Telnet. You can change the default name of the subdomain to something other than direct for enhanced security.”
So, maybe you can delete it or just rename to something unguessable.
Just check 3/10 of my domains on CF, there is indeed no such record hardcoded in the DNS.
Alright. Worked out how to remove direct-connect. If there is no other reference to @ in other DNS records, CloudFlare would automatically remove direct-connect hostname. Actually it should be the other way around — if there is any reference to @ in DNS records other than the ones CloudFlare knows how to handle, it would be converted to direct-connect.example.com.
For example,
would become
direct-connect.lowendbox.comshould be removed now as I cleaned up the records. Still, the IP would still leak on email subscriptions.What about using something like google apps in the meantime to send out smtp email?
(You also may want to get a 3rd and final IP change)
FYI, nowadays GMail (or at least my GApps) is also including the X-Originating-IP header.
Just checked, it does.. :/. I wonder if there is another solution in the mean time
Maybe use a SMTP relay?
http://www.garmanonline.com/smtp-relay/
Sure, but just not from GarmanOnline :P
Just purchase a cPanel account from somewhere and use that to send email via SMTP. I have a shared hosting with HostGator – if LEA want’s a email account on there for sending mail threw he’s more than welcome ;)
Be careful of those abuse-controling headers. If I were you I would rather rent(or request!) another LEB just for sending out mails which you would be able to fully control everything. (Besure to remove the from: field though!)
Most SMTP servers also log incoming IP address in the Received: header so it’s a bit pointless using a 3rd party SMTP server.
With that solution I can see the mail box getting attacked and mail not working – Which would be a shame as I use the mail notification of this blog a lot.
Atleast using some big shared host such as HostGator, Site5 etc will put the responsibility to deal with attacks on them.
I guess I remembered the wrong field name sorry:P
@LEA – Surely there would be ways to remove that?
Before I said that Google pointed me to http://goo.gl/oS9EH but I’ve not much time to got my swimming suite ready so sorry if I was mis-leading others.
I think that we can live without email subcriptions and they can be easy atleast temporary removed. That’s little sacrifice in order too see this site online.
My Google Apps has an option to hide the X-Originating-IP. Look for it een panel.
But still with GApps you’ll be showing your quering IP on the Received: field as long as it sent with SMTP.
Those Kids running DDoS on LEB are f*cking annoying… No life…
Where would a kid get hold of 3.5Gbps of traffic?
rented botnets
For me, seems to be a scripting kiddie with a botnet… I haven’t any clue which “enemies” LEB might have.
@Ixape
A ridiculous amount of traffic though which doesn’t come cheap – Which is why I ask how a kid would get hold of money needed to buy this kind of stuff.
Hmm… I remember seeing something like 1000 bots for USD 50 per day or so in a forum.
I prefer to get a PS3 or an Xbox with that money xD
LEA: for the mail header’s revealing the real IP, you could ssh tunnel to another LEB and then connect to a SMTP server which could be running on the second LEB.
Or use Gmail n_n
I thought the real IP was still in mail headers with gmail/etc
Gmail still has the header when sending mail via SMTP – When it doesn’t have the header is when you send via the webmail interface.
Also – I think LEB may hit some outgoing Gmail limits. I know a company I’ve worked for before hit limits when sending out mailing lists via Gmail and can imagine that LEB sends quite a few emails on a daily basis.
Yeah good idea. Some kind of tunnelling to a remote host before dispatching the mails to SMTP.
@Yomero — yes Gmail would still leak your originating IP address.
Hmmm, so sad =( I didn’t thought about that
Hi;
Any ETA as to when Lowendbox Forums (Lowendtalk) will be back online? Kinda looking forward to checking out the forums :)
Best,
Kevin
Looking up http://www.lowendtalk.com
Making HTTP connection to http://www.lowendtalk.com
Alert!: Unable to connect to remote host.
Almost tempted to rack you your own server but I don’t have any spare blocks of addresses.
People seem to get distracted and got off-topic here. I am closing commenting now. If you want to continue to discuss LowEndBox/LowEndTalk DDoS related issues, talk about it on the you-know-where.