bergman on 9 Aug 2012 15:19:29 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] emerg web server repair


In the message dated: Thu, 09 Aug 2012 16:31:50 EDT,
The pithy ruminations from "Eric at Lucii.org" on 
<[PLUG] emerg web server repair> were:
=> -----BEGIN PGP SIGNED MESSAGE-----
=> Hash: SHA1
=> 
=> Working to recover a customer's hacked Joomla site.
=> Apparently, when the hack is removed it's possible that the hackers
=> will respond with a DDOS attack.
=> 
=> See:  http://muninn.net/blog/2012/06/a-tale-of-east-asian-history-british-loan-sharks-and-a-russ
=> ian-hacker.html
=> 

Great writeup!

=> That's the same hack.
=> 
=> Is there a "sink" somewhere where the domain can be pointed that
=> will simply absorb or ignore the DDOS attack?  Perhaps if there is

Hmmm...what about "example.com". See:
	http://www.ietf.org/rfc/rfc2606.txt

=> a DDOS attack we could just de-register the domain until the DDOS
=> stops?   Other ideas?

I would absolutely, without delay, contact the ISP/upstream provider in
advance. They are the probably the best place to re-route the attack
(blackhole BGP record?), and you want them on your customer's side, not
viewing your customer as a problem whose site should be shutdown.

Good luck, and tell us how it turns out.

Mark

=> 
=> We don't know if it's coming but think we should prepare for it.
=> 
=> TIA
=> Eric
=> 
=> PS: the WSO tool is amazing.  I'd think about using it as a
=> legitimate tool if I could be sure it wasn't phoning home :-)
=> - -- 
=> #  Eric Lucas
=> #
=> #                "Oh, I have slipped the surly bond of earth
=> #                 And danced the skies on laughter-silvered wings...
=> #                                        -- John Gillespie Magee Jr
=> -----BEGIN PGP SIGNATURE-----
=> Version: GnuPG v1.4.11 (GNU/Linux)
=> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
=> 
=> iEYEARECAAYFAlAkHjYACgkQ2sGpvXQrZ/5Q3QCgj/0r9naAjmyEIFtq+aIBwiAW
=> MhcAmwSR+vGpnJhq/m38emaOixYioMNn
=> =qFbg
=> -----END PGP SIGNATURE-----
=> ___________________________________________________________________________
=> Philadelphia Linux Users Group         --        http://www.phillylinux.org
=> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
=> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
=> 


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug