Come from Peg Tech in San Jose
Possibly quite a few of our readers are running their own website or they even work as webdevelopers or even in hosting companies and they have to cope with the same issues like us. In this case we'd like to share some experience we had to make ocaholic, while growing. In the past we've been target of DDoS attacks quite a few times. At the beginning these attacks triggered a 404 error, meaning in the end, that the site went down until the new Apache restart. Since we have a firewall in place which, upon other things, can take care of F5 attacks, the situation is a bit better.
But very unfortunately, yesterday we had to witness that our firewall still offers room for improvement, since it couldn't withstand a so called farmed attack. We were observing, that there were thousands of brute force login attemps coming from about 100 different IP addresses. They even tried SQL injections, which, luckily, didn't work. After some time, we've seen that most of the attacks were coming from two b blocks: 198.200.xxx.xxx and 192.2.xxx.xxx. After a quick Whois lookup, we saw that these addresses are being taken care of by an American company in San Jose, namely Peg Tech. After entering some of the IP addresses into Google, we found a thread over at Webhostingtalk.com showing that several websites suffer from the same attacks coming from Peg Tech. Apparently it looks like they are hosting an entire darknet, knowingly or unknowingly.
Usually we try to find counter measures for attacks where our readers can't possibly be affected. But in this case, we couldn't come up with a quick solution to take care of these attacks in a subtle way, which means that the option that remained, was to block these two b blocks.
Should you run a website yourself, which sometimes becomes ridiculously slow or starts to just show 404 messages, then you should try to find out if your a victim of DDoS attacks. Apart from that we recommend you to stop by at Webhostingtalk-Forum as well as StopForumSpam. Both these website contain lots of information on what you can do if your website is under attack.
Source: Own (unfortunately)
But very unfortunately, yesterday we had to witness that our firewall still offers room for improvement, since it couldn't withstand a so called farmed attack. We were observing, that there were thousands of brute force login attemps coming from about 100 different IP addresses. They even tried SQL injections, which, luckily, didn't work. After some time, we've seen that most of the attacks were coming from two b blocks: 198.200.xxx.xxx and 192.2.xxx.xxx. After a quick Whois lookup, we saw that these addresses are being taken care of by an American company in San Jose, namely Peg Tech. After entering some of the IP addresses into Google, we found a thread over at Webhostingtalk.com showing that several websites suffer from the same attacks coming from Peg Tech. Apparently it looks like they are hosting an entire darknet, knowingly or unknowingly.
Usually we try to find counter measures for attacks where our readers can't possibly be affected. But in this case, we couldn't come up with a quick solution to take care of these attacks in a subtle way, which means that the option that remained, was to block these two b blocks.
Should you run a website yourself, which sometimes becomes ridiculously slow or starts to just show 404 messages, then you should try to find out if your a victim of DDoS attacks. Apart from that we recommend you to stop by at Webhostingtalk-Forum as well as StopForumSpam. Both these website contain lots of information on what you can do if your website is under attack.
Source: Own (unfortunately)
News by Luca Rocchi and Marc Büchel - German Translation by Paul Görnhardt - Italian Translation by Francesco Daghini
Previous article - Next article
comments powered by Disqus
comments powered by Disqus