Author Topic: DDoS attack leads to 16 hours of Omnimaga downtime  (Read 27380 times)

0 Members and 1 Guest are viewing this topic.

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #60 on: April 16, 2012, 01:13:41 pm »
Looking at the graph clearly shows a huge spike of incomming data before each downtime.
To me this looks like a DDoS.

Offline ajanata

  • LV0 Newcomer (Next: 5)
  • Posts: 3
  • Rating: +0/-0
    • View Profile
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #61 on: April 16, 2012, 01:28:40 pm »
If 600 kbps is enough to knock his server offline, he has it configured wrongly. Also, a DDoS would be a LOT more than 600 kbps. I can manage 2mbps on my home connection. A DDoS by definition has multiple connections involved. It would be a lot higher.
« Last Edit: April 16, 2012, 01:29:47 pm by ajanata »

Offline Builderboy

  • Physics Guru
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5673
  • Rating: +613/-9
  • Would you kindly?
    • View Profile
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #62 on: April 16, 2012, 01:38:23 pm »
It does beg the question though, why *does* the incoming data spike before the crash?

Online DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #63 on: April 16, 2012, 02:32:49 pm »
Couldn't it just have been a DoS attack, as in coming from one single Internet connection, but spread across multiple IPs to make banning harder? Or maybe a small-scale DDoS attack from two or three people?

Shortly after Omni's downtimes, #omnimaga and #cemetech were hit by spam attacks. #omnimaga-fr and #omnimaga-radio were hit too, meaning the person or group of people who did it either knew the community rather well or was browsing netham45.org folders.
« Last Edit: April 16, 2012, 02:34:00 pm by DJ_O »

Offline aeTIos

  • Nonbinary computing specialist
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3915
  • Rating: +184/-32
    • View Profile
    • wank.party
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #64 on: April 16, 2012, 03:14:17 pm »
Hmm also what does the "totally purple not blue" mean? O.o
I'm not a nerd but I pretend:

Online DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #65 on: April 17, 2012, 04:38:41 pm »
Yeah I am unsure. Unless he means the site design being purple and Netham was saying it was blue or something.

In any case, however, site loads perfectly now for me and I have not gotten any downtimes ever since. It even loads faster than before the DoS/DDoS/whatever it was. It seems strange that immediately after the DDoS attack issue gets solved, that #omnimaga, #omnimaga-fr, #omnimaga-radio and #cemetech all get hit by massive spam attacks, though, and that the day after, we receive the visit of an unusually obnoxious new member on IRC that I will not name. This tells me someone could have been targetting Netham45 stuff and whatever he thought that was affiliated with him, someone taking revenge against a ban in one of the channels, or some Casio/HP fanboy/calc gaming hater wanting to have fun on TI websites.

Offline KermMartian

  • Editor
  • LV7 Elite (Next: 700)
  • *******
  • Posts: 500
  • Rating: +233/-20
    • View Profile
    • Cemetech
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #66 on: April 18, 2012, 03:24:36 pm »
People on #cemetech keep reporting the site being down a lot, is this supposed DDoS still occurring? Perhaps someone is exploiting a glitch in one of the site projects like OmnomicIRC? Cemetech has had no lag or downtime at all, other than the self-inflicted database load yesterday from me importing all the UnitedTI data.



Online DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #67 on: April 18, 2012, 03:28:12 pm »
Do they use Chrome?

I know there appears to be an issue accessing the site in Chrome since Netham45 added an anti-spam recently. In my case I had the problem and after a few page loads, it takes like 20-60 seconds for pages to load. In other browsers, such as IE9, Opera and Firefox we have absolutely zero problem accessing the site.

Offline Jonius7

  • python! Lua!
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1918
  • Rating: +82/-18
  • Still bringing new dimensions to the TI-nspire...
    • View Profile
    • TI Stadium
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #68 on: April 18, 2012, 11:46:47 pm »
People on #cemetech keep reporting the site being down a lot, is this supposed DDoS still occurring? Perhaps someone is exploiting a glitch in one of the site projects like OmnomicIRC? Cemetech has had no lag or downtime at all, other than the self-inflicted database load yesterday from me importing all the UnitedTI data.

I don't go on cemetech that often but every time it's always been up for me with no lag or downtime really at all.
Also the anti-spam is blocking out many ip addresses which means I have to type in a captcha D:
« Last Edit: April 18, 2012, 11:47:41 pm by Jonius7 »
Programmed some CASIO Basic in the past
DJ Omnimaga Music Discographist ;)
DJ Omnimaga Discography
My Own Music!
My Released Projects (Updated 2015/05/08)
TI-nspire BASIC
TI-nspire Hold 'em
Health Bar
Scissors Paper Rock
TI-nspire Lua
Numstrat
TI-nspire Hold 'em Lua
Transport Chooser
Secret Project (at v0.08.2 - 2015/05/08)
Spoiler For Extra To-Be-Sorted Clutter:

Spoiler For Relegated Projects:
TI-nspire BASIC
Battle of 16s (stalled) | sTIck RPG (stalled) | Monopoly (stalled) | Cosmic Legions (stalled)
Axe Parser
Doodle God (stalled while I go and learn some Axe)

Online DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #69 on: April 19, 2012, 12:17:38 am »
Oh Kerm meant people in #cemetech were saying Omnimaga seemed down a lot.

Also when do you have to type the captcha? Is it when posting or when logging in?

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #70 on: April 19, 2012, 11:07:58 pm »
I was getting 3Mbpsish bursts, and the networking on the host was dying. The stack on the client was fine, and it was simply reporting that no packets were going in/out of the server on the card. I moved the site that was getting DoS'd to a new box, and it works fine using an identical config to the current box, even after nightly DoS's since. I'm not sure what your experience with Windows Server is, but it's not exactly easy to drop the entire networking stack requiring a reboot with it. Also, assuming that 2Mbps of any sort of data provides an equal load is incorrect.

That's not even considering the frequent network outages on the datacenters side. It's commonly gone down for 4+ hours at a time, with frequent half-hour or so periods of downtime/high packet loss almost nightly.

Another issue is the frequent disk lag. I've had multiple days when I was unable to open a program or copy a file due to disk I/O taking seconds to respond.

All in all, your service was an unstable lag-infested piece of crap. I didn't really mind until I started trying to sell stuff off of my server, only to find people bashing my stuff after repeated downtimes due to your end.

As far as you posting graphs of my bandwidth usage, I consider that private data that you were out of line posting. You've even made comments to Barrett in the past about posting bandwidth statistics and information in #tcpa. Highly unprofessional.
« Last Edit: April 19, 2012, 11:09:18 pm by Netham45 »
Omnimaga Admin

Online DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #71 on: April 19, 2012, 11:17:32 pm »
What was the site by the way? I kinda suspected BBaS/BMaC or other HL2 stuff. That was sources of problems before.
As far as you posting graphs of my bandwidth usage, I consider that private data that you were out of line posting. You've even made comments to Barrett in the past about posting bandwidth statistics and information in #tcpa. Highly unprofessional.
Also Netham45 given who posted the graphs and which people are involved on one of the site they co-hosted (Omnimaga), I am not surprised <_< (no offense intended of course, but I do know Omni and some of us did not have a very good reputation among people involved with #tcpa/CalcGames/etc, which I can understand, though, considering the methods we have used to steal the #omnimaga channel from Nikky on May 18th 2008. :P)

« Last Edit: April 19, 2012, 11:18:01 pm by DJ_O »

Offline Barrett

  • LV0 Newcomer (Next: 5)
  • Posts: 4
  • Rating: +0/-0
    • View Profile
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #72 on: April 21, 2012, 01:36:17 pm »
The anti-spam measure to register is what ajanata was referring to when he said it's purple (not blue).

Anyway, I'm not going to sit here while you unjustifiably trash my service.

First of all--you contacted me once (not 3 times) about your network going down. I replied twice (after looking at graphs and logs that showed no evidence of a problem on our end) with troubleshooting questions/advice, and you never responded.

2.) You're in for a big surprise if you think you're paying a lot of money for a Windows VPS with the amount of RAM that you have.

3.) The fact that rebooting your VPS fixed your networking virtually proves that it was not something on the host side (this is ignoring the fact that no one else had problems).

4.) Even if it were something on the host side (which there is no evidence of), you can not blame the service for you getting DDoS'd. Shutting off your networking is a perfectly acceptable way to deal with a client getting attacked (even though we did no such thing).

5.) It has *never* gone down for "4+ hours." The longest datacenter outage was roughly an hour or an hour and a half, and this was because of a very serious hardware failure. The longest after that? Maybe 10 minutes (half-hour tops), and this only for people going through Level3. And that hasn't happened at all for about 6 or 8 months. It happens. They fixed it. Saying "It's commonly gone down for 4+ hours at a time" is a flat-out lie.

6.) No one else has had the disk lag problems that you've had, with the exception of one stretch of an hour or two. That should be telling. And what was I doing during that time? Troubleshooting. Helping you. Figuring out what was happening. Telling the client who was responsible (who pays way more than you) that he was causing problems for other people. Researching ways to limit disk I/O (which, by the way, would hurt you far more than anyone else).

7.) Ever heard the story of the boy who cried wolf? I can't count the number of times that you've assumed a problem on my end, only to have it be a problem on your end. It makes it very difficult for me to take things you say seriously--but I still do.

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #73 on: April 21, 2012, 01:56:47 pm »
Yeah, I always thought something was wrong and keeps being wrong in your configuration, Netham...

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline aeTIos

  • Nonbinary computing specialist
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3915
  • Rating: +184/-32
    • View Profile
    • wank.party
Re: DDoS attack leads to 16 hours of Omnimaga downtime
« Reply #74 on: April 21, 2012, 01:57:16 pm »
Could you please at least say what/who you are?
I'm not a nerd but I pretend: