Tag Archives: dos attacks

Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

What would you do if your company was hit with a DDoS attack that lasted 11 days? Perhaps a large organization could withstand that kind of outage, but it could be devastating to the SMB, especially if it relies on web traffic for business transactions. That 11-day – 277 hours to be more exact – attack did happen in the second quarter of 2017. Kaspersky Lab said it was longest attack of the year, and 131 percent longer than the longest attack in the first quarter. And unfortunately, the company’s latest DDoS intelligence report said we should expect to see these long attacks more frequently, as they are coming back into fashion. This is not the news businesses want to hear. Enduring DDoS attacks isn’t new. Igal Zeifman, senior manager at Imperva for the Incapsula product line, told me in an email comment that in 2016, the company tracked a network layer attack that lasted more than 29 days and an application layer assault that persisted for 69 days straight. However, Zeifman argued against the Kaspersky finding, saying that it doesn’t mesh with what his company has seen, despite those extended attacks from last year: For the past four quarters we continued to see a persistent decline in the average attack duration, driven by an increased number of short attack burst of 30 minutes or less. These bursts accounted for over 58 percent of all network layer attacks and more than 90 percent of all assault layer attacks in the first quarter of the year. Interesting to see such disparate results in the length of DDoS attacks . Whether days long or short bursts, one thing is certain – those initiating the attacks have very definite reasons for doing so. As the Kaspersky Lab report stated, financial extortion was a top reason for the attacks in the second quarter: This approach was dubbed “ransom DDoS”, or “RDoS”. Cybercriminals send a message to a victim company demanding a ransom of 5 to 200 bitcoins. In case of nonpayment, they promise to organize a DDoS attack on an essential web resource of the victim. Such messages are often accompanied by short-term attacks which serve as demonstration of the attacker’s power. The victim is chosen carefully. Usually, the victim is a company which would suffer substantial losses if their resources are unavailable. Political hacktivists are hard at work, too, going after news organizations, elections and, in the U.S., the FCC, likely in retaliation for wanting to abolish net neutrality. The FCC has acknowledged the attack, but reports are the agency is making its cybersecurity efforts secret . I’ll be following up more on that story later this week. Source: http://www.itbusinessedge.com/blogs/data-security/second-quarter-reported-ddos-attacks-lasting-days-not-minutes.html

Original post:
Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDoS Attack

You might recall that when John Oliver did his latest piece on net neutrality, the FCC’s comment system ground to a halt under the load of viewers pissed to realize that the FCC is trying to kill popular consumer protections protecting them from buffoonery by the likes of Comcast. But the FCC then did something odd: it claimed that a DDoS attack, not HBO’s hit show, resulted in the website’s issues. A statement issued by the FCC proclaimed that extensive “analysis” by the FCC had led the agency to conclude that it had suffered the attack at roughly the same time Oliver’s program had ended: “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.” The problem: security experts saw no evidence that claim was true in publicly available logs, and saw none of the usual indicators preceding such an attack. And the FCC ever since has been bizarrely cagey, refusing to provide any evidence whatsoever supporting its claim. The FCC was subsequently prodded by several Senators as to the nature of the attack, but the FCC still refused to share any real data, despite agency boss Ajit Pai repeatedly, breathlessly insisting he would be a stalwart defender of transparency at the agency. And when Gizmodo recently filed a FOIA request for anything regarding the nature of the attack, the FCC first released seventeen pages of nonsense, before admitting it had no documented “analysis” proving an attack as previously claimed. When additional websites began to point out that the FCC’s behavior here was a little odd, the agency sent out a strangely-punchy press release lambasting news outlets for being “irresponsible.” So what’s really happening here? The unsubstantiated journalist guess du jour is that the FCC bizarrely made up a DDoS attack in a feeble attempt to downplay the “John Oliver effect” in the media. “We weren’t inundated by millions of people angry that we’re killing popular consumer protections solely to the benefit of Comcast,” this narrative suggests, “we were unfairly attacked!” The fact that there never actually was a DDoS attack would go a long way toward explaining the Trump FCC’s subsequent inability to provide any evidence supporting the claim, even under pressure from Congress. Hoping to flesh this theory out a bit, journalist Kevin Collier last week filed a lawsuit against the FCC (pdf) not only demanding more data on the agency’s supposed DDoS attack, but also urging the FCC to provide some insight on what it’s doing to address the wave of bogus, bot-produced anti-net neutrality comments flooding the agency’s website in recent months: “Collier said his records request was prompted by the FCC’s “weird and cagey” inclination to obscure details about the incident. “The fact that they gave Gizmodo such a runaround in its own request for internal ‘analysis’ of the attack just goes to show this,” he said. “I want to know the full story.” Sen. Ron Wyden, Democrat of Oregon, told Gizmodo last week the FCC’s actions raised “legitimate questions about whether the agency is being truthful when it claims a DDoS attack knocked its commenting system offline.” Again, the refusal to address fraudulent anti-net neutrality comments being made at the FCC website (like the one made in my name), combined with the FCC’s bizarre, phantom DDoS attack, has many believing the FCC is actively engaged in an intentional, amateurish attempt to downplay the massive backlash to their assault on net neutrality. And while it’s entirely possible the FCC is just being non-transparent and generically stupid here, if it can be proved the agency actively lied about a DDoS attack then covered it up simply to downplay the immense unpopularity of its policies, the inevitable lawsuits against the agency in the wake of its final vote to kill the rules could get very interesting. Source: https://www.techdirt.com/articles/20170803/13582337915/journalist-sues-fcc-hiding-details-about-alleged-phantom-ddos-attack.shtml

DDoS Attacks on the Rise—Here’s What Companies Need to Do

Distributed denial-of-service (DDoS) attacks have been going on for years. But in recent months they seem to have gained much more attention, in part because of high-profile incidents that affected millions of users. For instance, in late October 2016 a massive DDoS assault on Domain Name System (DNS) service provider Dyn temporarily shut down some of the biggest sites on the Internet. The incident affected users in much of the East Coast of the United States as well as data centers in Texas, Washington, and California. Dyn said in statements that tens of millions of IP addresses hit its infrastructure during the attack. Just how much attention DDoS is getting these days is indicated by a recent blog post by the Software Engineering Institute (SEI) at Carnegie Mellon University. The post, entitled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” became SEI’s most visited of the year after just two days, said a spokesman for the institute. To help defend against such attacks, organizations need to understand that this is not just an IT concern. “While DDoS attack prevention is partly a technical issue, it is also largely a business issue,” said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by CMU, and author of the DDoS post. Fortunately there are steps organizations can take to better protect themselves against DDoS attacks, and Kartch describes these in the post. In general, organizations should begin planning for attacks in advance, because it’s much more difficult to respond after an attack is already under way. “While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive,” Kartch noted. To fortify IT resources against a DDoS attack, it’s vital to make the architecture as resilient as possible. Fortifying network architecture is an important step not just in DDoS network defense, Kartch said, but in ensuring business continuity and protecting the organization from any kind of outage. To help disperse organizational assets and avoid presenting a single rich target to an attacker. organizations should locate servers in different data centers; ensure that data centers are located on different networks; ensure that data centers have diverse paths, and ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure. For those organizations that depend on servers and Internet presence, it’s important to make sure resources are geographically dispersed and not located in a single data center, Kartch said. “If resources are already geographically dispersed, it is important to view each data center as having more than one pipe to [the] Internet, and ensure that not all data centers are connected to the same Internet provider,” she said. While these are best practices for general business continuity and disaster recovery, they will also help ensure organizational resiliency in response to a DDoS attack. The post also describes other practices for defending against DDoS. One is to deploy appropriate hardware that can handle known attack types and use the options in the hardware that can protect network resources. While bolstering resources will not prevent a DDoS attack from happening, Kartch said, doing so will lessen the impact of an attack. Certain types of DDoS attacks have existed for a long time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against protocol attacks and application-layer attacks, Kartch said. Specialty DDoS mitigation appliances also can protect against these attacks. Another good practice is to scale up network bandwidth. “For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary,” Kartch said. “That said, volumetric attacks are something of an arms race, and many organizations won’t be able or willing to pay for the network bandwidth needed to handle some of the very large attacks we have recently seen. This is primarily an option for very large organizations and service providers.” It’s likely that DDoS attacks will continue to be a major issue for organizations. A 2016 study by content delivery network provider Akamai said these types of incidents are rising in number as well as in severity and duration. The company reported a 125% increase in DDoS attacks year over year and a 35% rise in the average attack duration. Cyber security executives need to make it a top priority to protect their organizations against DDoS. Source: http://www.itbestofbreed.com/sponsors/bitdefender/best-tech/ddos-attacks-rise-here-s-what-companies-need-do

Originally posted here:
DDoS Attacks on the Rise—Here’s What Companies Need to Do

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online

ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

Healthcare, financial, and energy are the top three sectors facing the highest risk of a DDoS attack, a recent ICIT report found. With its high dependency on digital records, network connectivity, accessible information, and real-time communication, healthcare is one of the sectors at greatest risk for a DDoS attack, the Institute for Critical Infrastructure Technology (ICIT) explained in a recent publication. The financial industry and energy sector are also at high risk for such attacks, ICIT said in “Rise of the Machines: The Dyn Attack Was Just a Practice Run. “Obstructions to even an email server could cause delays in treatment, while widespread attacks that holistically render a critical service unavailable, such as an IoT DDoS attack, would pose a serious risk to patient and staff safety,” wrote ICIT Senior Fellow James Scott and ICIT Researcher Drew Spaniel. Citing research from a previous ICIT brief, the duo explained that healthcare is incorporating, and interacting with connected devices that are often designed without necessary security measures. Previously, this has led to instances such as MRI machines or pacemakers being infected with ransomware. “While there is no indication that healthcare devices have been incorporated into DDoS botnets, it may be only a matter of time before an adversary adapt an IoT malware such as Mirai, to harness the computational resources of medical devices because many lack basic access controls such as multi-factor authentication (or any authentication whatsoever),” the authors maintained. There is also the potential danger of an IoT malware or a worm that would “brick” or kill “infected medical devices in order to cause panic, extort a ransom, or as part of a multi-tiered attack.” Overall, Scott and Spaniel stated that a “perfect storm” is brewing across the nation with regard to private critical infrastructures facing cybersecurity threats. More organizations are utilizing the internet and IoT devices, but device manufacturers will sometimes “negligently avoid incorporating security-by-design into their systems.” This happens because the manufacturers have not been properly incentivized, and instead pass the potential risk onto the end-user. “As the adversarial landscape of nation state and mercenary APTs, hacktivists, cyber-criminal gangs, script kiddies, cyber caliphate actors, and hail-mary threat actors continues to hyperevolve, America’s treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted, while an organizational culture of ‘Participation Trophy Winners” managed by tech neophyte executives continue to lose one battle after the next.” A key area of concern is the Mirai malware, which “offers malicious cyber actors an asymmetric quantum leap in capability.” Specifically, Mirai has a strong development platform “that can be optimized and customized according to the desired outcome of a layered attack by an unsophisticated adversary.” While Mirai has forced different industries to review devices that lack security by design and other IoT device vulnerabilities, the authors noted that it “will not forever remain the favorite tool of unsophisticated malicious threat actors.” DDoS attacks on the healthcare industry were addressed earlier this month in the Office for Civil Rights (OCR) latest newsletter. OCR reiterated that healthcare often uses IoT in several ways, such as allowing healthcare facilities to monitor medical devices, patients, and personnel. This can open organizations up to certain cybersecurity threats. “An attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRI, EKGs, infusion pumps, etc.),” OCR stated, citing data from US-CERT. For preventing such attacks, OCR advised that organizations continuously monitor and scan for vulnerable and comprised IoT devices on their networks. Entities should also adhere to the necessary remediation actions. “Password management policies and procedures for devices and their users should also be implemented and adhered to. All default passwords need to be switched to strong passwords,” OCR said, adding that default usernames and passwords for most devices can be found online. Source: http://healthitsecurity.com/news/icit-finds-healthcare-sector-at-great-risk-for-ddos-attacks

Read the article:
ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

Group that attacked Tumblr threatens to DDoS Xbox for Christmas

A new hacking group is taking credit for a distributed denial-of-service (DDoS) attack that took down Tumblr this week. But so far, little is known about R.I.U. Star Patrol other than its motive of attacking for fun. Tumblr went down for more than two hours Wednesday afternoon and R.I.U. Star Patrol contacted Mashable to explain its reason for attacking: “There is no sinister motive,” the group told Mashable.”It’s all for light hearted fun.” The site was first reported offline shortly after 3:15pm ET. The service said on Twitter that some users were experiencing “latency”. Mashable reported that the site was back up for a few minutes around 3:52pm ET but went back down, returning at around 4:22pm ET. Full service was restored around 5:45pm ET. The Mirai connection Some in the security community believe the group carried out the attack using Mirai, malware tied to a record 620Gpbs attack on the website of noted journalist Brian Krebs and the coordinated assault against DNS hosting provider Dyn last fall. That DDoS crippled such major sites as Twitter, Paypal, Netflix and Reddit and shifted the world’s attention to threats against the so-called Internet of Things (IoT) – everyday devices and appliances connected to the web. What happened to Tumblr was a more typical DDoS, but it demonstrates how easy it has become to launch attacks since the source code for Mirai was openly published. In such attacks, a hacker attempts to overload or shut down a service so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for an organization. The most common type of DoS attack involves sending more traffic to a computer than it can handle. There are a variety of methods for DoS attacks, but the simplest and most common is to have a botnet flood a web server with requests. This is called a distributed denial-of-service attack (DDoS). What we know about R.I.U. Star Patrol so far A scouring of the internet produced few details about this hacking group. From what we can tell, its Twitter account (@StarPatrolling) came online on December 13 and that its self-described leader goes by the Twitter handle @ ANTIPEACESP . Gaming news site 7421Max conducted an interview with @StarPatrolling and published it on Youtube. Those interviewed said they plan to launch coordinated attacks against Xbox on Christmas day. Asked about their motive, the hackers said, “We do it because we can.” They claim they are not motivated by money. “We have not been paid a single dollar for what we do,” one of the hackers said. On December 19, 7421Max reported that the group had taken down League of Legends and Warframe servers, and warned in a follow-up tweet that R.I.U. Star Patrol plans to knock down PSN and Xbox Live for Christmas 2016. The group confirmed this in the Youtube video: The threat is going to sting for users who remember the Christmas 2014 DDoS blockage of PlayStation and Xbox systems. Parents of kids who hope to play their new Christmas presents on Sunday might want to brace themselves for some tears. Source: https://nakedsecurity.sophos.com/2016/12/23/group-that-attacked-tumblr-threatens-to-ddos-xbox-for-christmas/

Excerpt from:
Group that attacked Tumblr threatens to DDoS Xbox for Christmas

Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

The recently released Microsoft’s latest Security Intelligence Report states that cyber-criminals are compromising virtual machines in the cloud as a way to vastly increase the scale of Distributed Denial of Service Attacks (DDoS). Microsoft has warned of many new cyber risks faced by IT companies in the report. It says that hackers have learned how to use compromised virtual machines running in the cloud to launch massive cyber-attacks. The report says: “In the cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of a few virtual machines. The attacker can then use these virtual machines to attack, compromise, and control thousands of virtual machines—some within the same public cloud service provider as the initial attack, and others inside other public cloud service providers.” Attackers can easily issue commands to launch DDoS attacks that cripple online services and websites or flood the internet with spam. Microsoft’s cloud computing platform, Azure, has witnessed attempts to exploit the cloud to establish communications with malicious IP addresses and brute force RDP, the Remote Desktop Protocol used by Microsoft to allow users to access their desktops over a network, representing 41% and 25.5% of all outbound attacks, respectively. Spam followed at just over 20% and DDoS attempts made up 7.6% of attacks. The company is also warning IT administrators to be on the lookout for targeted threats aimed at taking control of an email account that has a high probability of containing credentials that can be used to gain access to the public cloud administrator portal. If successful, the threats may open both their on-premises and cloud infrastructures to attack. The attacker, after logging into the administrator portal, can gather information and make changes to gain access to other cloud-based resources, execute ransomware, or even pivot back to the on-premises environment. They are also keeping tabs on GitHub and other public code repositories, hoping that developers will accidentally publish secret keys that can potentially grant access to cloud accounts and services. Microsoft has further warned of “Man in the Cloud” (MitC) attacks wherein victims are tricked into downloading and installing malware, typically with an email containing a malicious link. Once active, the malware searches for a cloud storage folder and replaces the victim’s synchronisation token with that of the attacker’s. After this, whenever a user adds a file to their cloud storage accounts each time, a copy is delivered to the attacker. http://www.cloudcomputing-news.net/news/2016/dec/16/cyber-criminals-compromising-virtual-machines-cloud-increase-scale-ddos/ http://www.eweek.com/security/microsoft-report-says-hackers-weaponizing-cloud-virtual-machines.html Source: https://www.ddosattacks.net/wp-admin/post-new.php

Continue Reading:
Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Classified government records are believed to have been accessed by the hackers. Anonymous hackers have reportedly hit Thailand government websites with targeted DDoS attacks in retaliation for the passage of a bill which is feared to impose considerable restrictions on internet freedom. The bill introduced amendments to the country’s computer crime law and was unanimously passed by the military-appointed legislature on 16 December, according to reports. The new law allows Thai authorities to monitor and access private communications as well as censor online content without a court order. The DDoS attack knocked out Thailand’s defence ministry website. At the time of writing, the site remains inaccessible. Anonymous hackers also reportedly targeted the Thai Ministry of Digital Economy and Society, the Prime Minister’s Office and the Office of the National Security Council. A hacker, claiming to be part of the Anonymous campaign against the Thai government titled “Op Single Gateway”, going by the pseudonym “blackplans”, posted screenshots on Twitter of what he/she claimed were documents stolen from the compromised government sites. The Thai defence ministry said the attack accomplished little. “They couldn’t do anything because we have defence systems in place that are ready for such situations,” said Kongcheep Tantrawanich, a defence ministry spokesman,” ABC News reported. He warned that further attacks could lead to “destroying financial systems, banks, transportation systems, airports and can cause damage toward the population of an entire country”. The Thai government characterised the hackers as “thugs” bent upon “creating chaos” and “overstepping boundaries”. The government has also asked the public to come forward with information about the hackers. Thai cyber controls raise censorship and privacy concerns Privacy groups have raised concerns about Thailand’s new cyber laws, which are believed to infringe on human rights and freedom of expression. The UN Office of Human Rights said in a statement on Monday (19 December): “We are concerned by amendments to Thai legislation that could threaten online freedoms, and call on the government to ensure the country’s cyber laws comply with international human rights standards.” According to local reports, Amnesty International, in collaboration with the Thai Netizen Network, lodged a petition with the Thai National Legislative Assembly. The petition, which has also been endorsed by 300,000 internet users, calls for reconsideration of the amendments to the computer crime act. “The bill is very broad and open to interpretation and we will have to see how the government will implement these laws,” said Arthit Suriyawongkul of the Thai Netizen Network. “It’s not the law itself that is a rights violation, but the authorities’ extensive power when monitoring and censoring online content, which could raise privacy concerns.” Thai Prime Minister Prayuth Chan-ocha defended the amendments to the nation’s cyber laws. “This law is for when anyone posts something that is poisonous to society so that we know where it comes from,” Prayuth said, Reuters reported. “Don’t think this is a rights violation. This isn’t what we call a rights violation … this is what we call a law to be used against those who violate the law,” he said. Source: http://www.ibtimes.co.uk/hackers-hit-thai-government-ddos-attacks-protesting-against-restrictive-internet-law-1597339

Read this article:
Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Parliament website brought down by DDoS attack ‘just ten minutes’

House of Representatives Secretary General Surasak Pianwej Friday expressed confidence that the Parliament website has been effectively guarded against DDoS attack, saying the attack by angry Internet users brought down the site just ten minutes Thursday night. Surasak dismissed claimed by the group of “Citizens Against Single Gateway: Thailand Internet Firewall” that a DDoS attack organized by the group brought the down the webiste for an hour at 8:55 pm Thursday. “The system went down just 10 minutes and it resumed,” Surasak said. The group has urged Thai Internet users to join another DDoS attack at 2 pm Friday. Surasak said the officials will step up measures to prevent the attack. The group staged the attack after the National Legislative Assembly refused to abort the final reading of the new computer crime bill. Source: http://www.nationmultimedia.com/news/breakingnews/30302233

Read the original:
Parliament website brought down by DDoS attack ‘just ten minutes’

OpEdNews Attacked by DDoS Denial of Service Attack

OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. The attack came in the form of tens of thousands of emails bombarding our server. These took up all our bandwidth resources and caused the site to either shut down or run very slowly. We don’t know who initiated the attack, but it shut down our server several times yesterday and has caused some problems with our view tracking. Senior OEN editor Josh Mitteldorf observed, “We might start by asking whose lies are we undermining? What powers are we speaking truth to?” At the same time the DDoS attack was going on, we’ve been in the middle of transferring OpEdnews to a new, much better, faster, higher bandwidth server– shifting from two to 32 gigabytes of RAM, with a much faster processor and faster SSD hard drive. OpEdNews hope to have the transition to the new server finished by tomorrow, after which we’ll be able to better sort out the problem with article view tracking. There may be a brief time, during the transfer, when you can’t submit content– articles, comments. That will pass as soon as the DNS servers shift the site from the old server to the new server. This varies with your location. In simpler language, the pause in the ability to submit will last until the site domain name has been fully shifted to be pointed to the new server. Source: http://www.opednews.com/Diary/OpEdNews-Attacked-by-dDOS-by-Rob-Kall-Distributed-Denial-Of-Service-Attack-DDOS_OpEdNews-161215-445.html

View article:
OpEdNews Attacked by DDoS Denial of Service Attack