The forums are being DDoS'd (Distributed denial of service attack). I am not sure who is doing it or why, but I currently have a large portion of the Internet blocked in order to attempt to let everyone else use them.

Once yahoo removes the trojan script from their site and enough of the unwitting attackers close their browser windows, then I will be able to unblock 1/4 of the Internet.

Untill then, we have what we have.

Also, let me be the first to mention how I truly hate people that do this. It is the most immature, stupid method of taking out aggressions. What is the complaint with the forums? Someone didn't give this person the answer they wanted? Maybe they felt slighted by someone in here? What's wrong with posting an answer, or even better, go away and find the answer on your own? Why would you spend the time to setup and execute a ploy to "take it down"?

Point in fact, why be destructive in the first place? It takes 10 times the talent to create rather than destroy. You want to show the world how neat you are and what a cool person you are? MAKE something rather than tear it down. Have the strength of character to improve the world rather than being yet anouther of the unwashed masses who must destroy to make themselves feel bigger.

Ok. Getting off my soapbox. I just get annoyed when I have to spend a good part of my saturday morning dealing with stupidity rather than playing with my kids.

Oh, and if whomever did this feels I am insulting them and that they should retaliate, just don't. I am not getting into a pissing contest, and do not wish you to prove my points above. I just want the community to be able to use this service and everyone to get along.

Probably some silly little script-idiot lots of these scripts freely availabe now, did you suspend anyones account recently???

Ha Ha got promoted, and maybe they think you are part of Blue security Blue frog they got really dDOs'ed.

Sorry about the wasted time not spent with your kids. I could have lived with this forum being down for a day. It's not critical and if anyone needed real help they could go through the ticketing system. But not everyone shares this opinion.

Once yahoo removes the trojan script from their site and enough of the unwitting attackers close their browser windows, then I will be able to unblock 1/4 of the Internet.


Out of curiosity, what browsers are droning the attacks? Whichever it is *coughIEcough*, it should be preventing this with all the immature script kiddies out there.

Can you tell schools are letting out now? :o

What is this forum about?

What is this forum about?

Generally, these forums are for customers and users to help each other, with the staff occatuionally checking in on their off time to answer questions that the users may not know.

If you have a problem that is in line with support, those questions should be sent to the support group (support@bluehost.com). These forums are for help with things that are not really support issues, but are still nice to discuss with other customers (aka, coding, custom web pages, etc).

This particular forum is for Bluehost employees to start threads abouth topics of interest. Customers can post to threads, but only employees and moderators can create the threads.

The rest of the forums are for anyone registered to start threads and post. Please remember to search the forums before creating a new thread, as many of the common questions have already been asked several times and answered.

Oh ok thanks.

DDoS's aren't that hard to do as Im told, alot of sites just say that using the command line and issuing 10 lines of code is enough to bring down most websites in an hour. Although Im pretty sure its a rumor, its still scary

DDoS's aren't that hard to do as Im told, alot of sites just say that using the command line and issuing 10 lines of code is enough to bring down most websites in an hour. Although Im pretty sure its a rumor, its still scary

a DoS from a single IP address is fairly easy to stop at the firewall, and often will get caught by automated services. A DDoS, or distributed denial of service, is a lot harder to setup and a lot harder to stop.

The most common is a zombie network, where 10,000+ home computers get a virus (many ways that can happen) that will then listen to a IRC channel, etc, and run an attack against any IP they are told to. Generally, every computer will only send a few attacks to that IP, but so many are trying that the victim machine gets swamped, and the firewall cannot easily block thousands of addresses.

Actually an easier way to do a REALLY bad ddos is just with the command prompt on windows and some batch files (like 1000 batch files). Id rather not post it but lets just say it has something to do with pings :)

Now my homepage is down and I just started to promote it.:(

The server status is:
httpd (1.3.36 (Unix)) failed

:(

[Edit]: a few hours later "httpd (1.3.36 (Unix))" seems to be up and down frequently, but more down as it seems.
Two hours ago I used the contact form in the help section, but my ticket does not show up in "my ticket history".
What's going on at Bluehost?
:confused:

That just means that Apache got hung on the server, and usually gets restarted within a few minutes. But, sending in a support ticket is the best place for that sort of report, these forums do not get checked frequently by the support staff as does our support system.

Thanks for your quick reply Dustin.
My Blog www.japan-photo.info is running again, albeit working with it (loading the Wordpress WYSIWG editor for example) is very slow...

Have there been any DDoS attacks since this past weekend? I haven't noticed any issues, other than the short lapse, this afternoon.

I had the same outage around 5

What are DDos attacks? Is this why our sites were down this afternoon?

What are DDos attacks? Is this why our sites were down this afternoon?Google for distributed denial of service. Edit - apparently, that was precisely the cause of today's outage. See the "mass down" thread in General Questions.

I moved to Bluehost from Inspire because they were down for days.

.................................................. ...............
To all our valued customers of Inspire Networks,

As I am sure you know, the services provided by Inspire Networks have been unavailable for the past 6 days. I would like to offer a sincere an apology to all our customers who have experienced grief during this period.

For the past 6 days, the servers at Inspire Networks have been under a cripling DDOS attack that have caused nearly all of our customer sites and email to be completely offline. We have spent the past 6 days trying to resolve the issue with our data center (IWEB) and our technical support personnel but have been unsuccessful in our attempts, as the 500 Mbps DDOS attack has proven to be crippling to our companyand our servers. We received notification from IWEB this morning that they have ceased their attempts to recitfy the problem and the servers have been
completetly taken offline indefinately. At this time we at Inspire Networks have no choice but
to cease our operations as a business as we feel this attack is capable of going on for indefinate period of time and we do not want to keep any of our customers waiting for a resolution. We are tremendously disturbed by the events of the past 6 days and we are tremendously disappointed with the response from our major carrier and data center provider, IWeb We are currently in the prrocess of enabling a server that contains backups of your files. Should need a copy please reply to this email and provide the follwing:

Your Name
Your Domain Name
Your Username for the Server

Again, we are very sorry at the events of the past week and we wish you the best of luck with your
website in the future.

Wow! I just hope the 2 backbones that bluehost are connected to have enough separation to prevent something like this. Or are they even separate backbones. It was mentioned that bluehost uses 2 carriers or whatever it's called.. :eek:

I think it's time someone from bluehost addresses these issues. It's been carrying on long enough.

When I signed up a long time ago they only had one carrier but may have two now. I would hope so but knowing how bluehost operates I highly doubt they have more than one.

Ugh... I had a whole disortation to post, but the forum reset my login and I lost it all.

Well, the synopsis of what I wanted to say is this:

1. Web Hosting Providers typically have more than one backbone, as it's the industry standard.

2. There are a couple of things you need to be sure of, when choosing a webhost provider. First, do they run their own NOC (network operating center)? From what I can tell from their info pages, the forum and the CEO's blog, BlueHost does. This allows for a few things: they con monitor their servers in real-time. They can deal with issues as soon as they appear and don't have to wait for a 3rd party response (which can be painful). If there's a hardware problem, it can be solved immediately. If a client has an issue with their account, they can see, directly, what the issue is.

Another thing to be sure of is their internet presense. Many hosting providers can be found on IRC (Internet Relay Chat). If there is a presense on IRC, you can be assured that DoS and DDoS attacks will be quick to follow. You're more likely to attract a negative audience by offering or advertising there.

Customer service is a big issue for web hosting providers, as well. When a client needs something done for their web site, it should be taken seriously and resolved immediately. Any amount of downtime can mean any number of things. Decrease in client-base, loss of money, etc.

From what I can tell, BlueHost has its own NOC, does not exist on IRC and I know that their customer service is exceptional.

3. DDoS and DoS attacks come with the territory, more so for some other companies, but they're prevalent for all providers.

4. So long as there are ignorant, immature or malicious people in the world, there will be spamming, hacking and the exploiting of software/hardware.

5. It's sad to see altruism fail, in the case that it did with Blue Security. I was a member and it was a pleasure to be a part of a community taking action against spamming. I was highly displeased with the actions taken against them.

6. My advice? Stick it out with BlueHost. You're not going to find a better price for the services you receive with them. They have outstanding customer service, phenominal tech support, fast servers, highspeed internet connectivity and a plethora of amenities (which have just increased in the last month or so). You're going to run into the same issues you already do, with other companies. Everyone has to deal with spam, DoS, and DDoS attacks. Sure, you could pay more money to host with a backbone, such as Verizon or Comcast, but they have their own problems. You're not going to find a better deal than what you already have. I know, because I've searched and I've dealt with plenty of providers.

I guess this still turned into a pretty long disortation. Sorry about my long-windedness. ;)

Thanks for the info. I like it short and direct to the point but being long winded isn't so bad as long as you stay coherent. :) -incoherence is growing in these threads as we speak. :confused:

I urge a bluehost technical staff or Matt himself to issue this directly in the announcement area. thanks!

I hope no one is thinking about jumping ship!

Bluehost is a breath of fresh air from my last host. A DDOS is an eventuality for most hosts, especially as they become more famous. Bluehost has handled this well and I am even more comitted to them after seeing what most companies would consider a raw post by alligosh. Keep keeping it real and continue to keep us informed regardless of the news.

As to the bastard who generated this, I dare you to try this on my other site: Apple.com

Seth

As to the bastard who generated this, I dare you to try this on my other site: Apple.com

Seth

I wouldn't even want to think about the bashing that would ensue on an apple.com forum. =X

If you had such a mission critical operation/website that couldnt survive an outage here or there, then you have to seriously reconsider why your site(s) are hosted on virtual servers such as Bluehosts.

Bluehost provides a great service, but you cant expect that service to be 100% secure. You are innevitably part of a community of website owners that host on Bluehosts virtual servers; you take the (limited) risk that one other website host might piss off a spammer, causing them to retaliate, which in turn could down your services.

if you cant handle this, which is an inherent part of virtual hosting, you'd better get ready to pay much much much more than the meagre $7 p/m you are now.

you cant expect 100% uptime, 100% security, and flawless services for pennies. Be realistic.

If anyone jumps ship because of this, they dont honestly know what their doing here in the first place.

* just my 2c

As to the bastard who generated this, I dare you to try this on my other site: Apple.com


That's one thing I don't get about all this? Why target hosting companies, big or small? I'm not trying to encourage these attacks but there are so many better targets out there? Is it because they are easier targets?

And please, whoever is doing this don't attack my favorite site of all... microsoft.com ;)

Because people who use these exploits are out to prove some kind of point. Attacking a hosting company that houses a number of domains/web sites is a big win for their ego.

Its a very sad ego that has to hide behind a screen and keyboard. They just don't have the mustard to go after something else and leave thier mark. That being said schools out and the kiddies are at play I would guess.

I had no idea that this was causing the problem. It gets me so mad because you know it was probably done for some VERY stupid reason. Bluehost is my first hosting company and I've been very happy with them aside from this, but it was beyond their control. I just hope they are able to prevent it as much as possible for the future.

Yes, their customer service IS exceptional!!! I must agree with that!

Can anyone see this from the viewpoint of a popular auto commercial - the one where these folks have these really nice cars and are shouting out the real ego reason they bought their cars.. "daddy didn't hug me.."

uh huh..tryin to get some attention.
well, I guess it's just a boring day for some brilliant person with little direction and personal commitment to their own growth, and professional toolbox. "Yawnnn how boring..
not getting paid for doing fantastique work.." :confused:

hey ddoser..can I interest you in a vowel,, "I:,,"

Kisses,

BrownBlondie in Trenchtown

Its a very sad ego that has to hide behind a screen and keyboard. They just don't have the mustard to go after something else and leave thier mark. That being said schools out and the kiddies are at play I would guess.

if ddos is so easy to do, how do the big guns protect themselves from it, i.e yahoo, google , microsoft etc? Also there must be a some way to better track down the source of these attacks, no? the government should make impose severe penalties for these hackers. that should deter some of them.

Been with BH for six months now and this is my first outage of any significance. It was a nice customer service touch to receive an email letting me know of the outage.

I moved my site from another hosting company where DDoS attacks seemed like a daily occurrence along with any other number of outages. Many, many database server outages that drove me nuts. So far BH rocks and the DDoS outage doesn't phase this happy loyal customer.

Good job BH

if ddos is so easy to do, how do the big guns protect themselves from it, i.e yahoo, google , microsoft etc? Also there must be a some way to better track down the source of these attacks, no? the government should make impose severe penalties for these hackers. that should deter some of them.

I actually do remember, a few years back, when either Yahoo or Google were attacked with a DDoS and was taken down for a number of hours. The big guns deal with this type of thing all the time. Unfortunately, there're a lot of big egos on the internet. I've met quite a few over the last 13 years, especially on IRC. That's a huge community of egotistical and immature people for you, right there. Most of the time, attacks are spawned from IRC.

DoS and DDoS are attacks, which utilize exploitations in operating systems (and other software). There are holes in the code, much like the holes in codes that cause memory leaks, etc which bog down the servers at times. Unfortunately, these holes are usually unnoticeable until hacked by a malicious user. When this is done, hackers/crackers/script kiddies can compromise a system by taking control of it (as root) and run various utilities.

A lot of times, these malicious users will "root kit" a server/box which will allow them access to it at all times, without being noticed.

Anyway, there are plenty of hole-filled and unprotected servers on the net. These servers are usually documented and distributed to underground groupies (malicious users) for later use.

When someone runs a malicious script to call for the DDoS attack (depending on the exploit it takes advantage of), the script will call for every server in the documented list to take the same action.

For instance, a script could call for every exploited server to send an ICMP ECHO to one particular IP address. The list of servers can number in the 10s, 100s, 1000s, 10,000s, etc... It just depends on the user's access to these servers.

That's one of a number of different actions that could take place.

This is a problem and very difficult to trace, because the server that's being attacked is seeing incoming packets from a plethora of IP addresses. Usually it cannot be pinpointed to a specific person, unless that person isn't being very careful.

A lot of times, users will use telnet/ssh to another server, or a proxy server to utilize the command, to further mask their information from prying eyes.

DoS/DDoS attacks are very difficult to deal with and it is, in fact, a serious crime in the United States. There are plenty of laws forbidding these acts and if the person is pinpointed, the FBI will certainly take some serious measures. I've seen it happen (not personally), but people on the net, known to be malicious have disappeared. Then a little while later, you'll hear something in the news about an attack or hack attempt, etc.

I wish it were simple to detect the culprits, but that's just not the case. There are way too many means to mask your identity. So... the best way to deal with these bozos? Make sure you keep your servers updated with the latest operating system patches, software patches, etc. Make sure you don't utilize software that is known for it's numerous bugs (*ahem* internet explorer *cough*cough*). Use a firewall or numerous firewalls, monitor your servers 24/7 and have admins on call. Make sure you verify clients and keep tabs on who has access to your server via ftp/ssh/telnet/etc. Disable many ports and potentially flawed applications and daemons. Filtering software needs to be utilized, as well.

If you think about it, BlueHost has a lot to think about, a lot to deal with and they're really doing a phenominal job, like a lot of webhosting companies.

Why can Yahoo, Google and Microsoft survive these attacks? They pretty much have unlimited bandwidth and seemingly endless cash flow. They are their own backbones and have NOCs all over the country (and world). You're talking about huge companies, here. Their backbones are more-than-likely bundled OC-192 lines (which transfer data at speeds of up to 9953.28 Mbps).

i remember reading about IRC in the 90's but am surprised people still use it today. i suppose many of these hackers dont realize the hardship they are causing by doing this. i think more publicized imprisonments and hefty fines are the way to get the message to these people that they are a real menace to society.

i remember reading about IRC in the 90's but am surprised people still use it today. i suppose many of these hackers dont realize the hardship they are causing by doing this. i think more publicized imprisonments and hefty fines are the way to get the message to these people that they are a real menace to society.

IRC is still around and thriving. I use it to keep in-touch with my buddies around the US. It's mainly being used as a warez distribution vehicle, though. It's always been that way and still is. I don't think the chatting factor takes precedence at all.

On your other note, I couldn't agree more.

I actually do remember, a few years back, when either Yahoo or Google were attacked with a DDoS and was taken down for a number of hours. The big guns deal with this type of thing all the time. Unfortunately, there're a lot of big egos on the internet. I've met quite a few over the last 13 years, especially on IRC. That's a huge community of egotistical and immature people for you, right there. Most of the time, attacks are spawned from IRC... (continued)

I believe that you're referring to mafiaboy, a Canadian hacker who DDoSed ebay.com, microsoft.com, and even yahoo.com.

Yes, Denial of Service attacks are generally very hard -- if not impossible to trace; since in order for them to be effective they need a number of other launchpads for their attack. (The hackers infect other servers and make them "zombies", and then they can use them to direct traffic to other servers, such as bluehost.)

Since there are so many different servers attacking at once, and since the hacker is probably hiding behind a high anonymity proxy server to infect these servers in the first place, it is very difficult to trace the attacks.

I congratulate BH for withstanding these attacks, though -- and I certainly appreciated the e-mail from Matthew that offered us some peace-of-mind. :)

I believe that you're referring to mafiaboy, a Canadian hacker who DDoSed ebay.com, microsoft.com, and even yahoo.com.

Yes, Denial of Service attacks are generally very hard -- if not impossible to trace; since in order for them to be effective they need a number of other launchpads for their attack. (The hackers infect other servers and make them "zombies", and then they can use them to direct traffic to other servers, such as bluehost.)

Since there are so many different servers attacking at once, and since the hacker is probably hiding behind a high anonymity proxy server to infect these servers in the first place, it is very difficult to trace the attacks.

I congratulate BH for withstanding these attacks, though -- and I certainly appreciated the e-mail from Matthew that offered us some peace-of-mind. :)

I'm surprised that someone here is familiar with mafiaboy. He was a regular anamoly on IRC's EFnet. I was very familiar with he and his "group," as I've mentioned that I've been on there for about 13+ years.

I couldn't agree more that BlueHost is doing a phenominal job at combatting these... annoyances and I, too, appreciated the E-Mail from Matt. Excellent service. That's partially the reason I've been so active on the forum today. I can't stand it when people trash a service provider that's doing their job and doing it well, without even knowing the facts.

I'm surprised that someone here is familiar with mafiaboy. He was a regular anamoly on IRC's EFnet. I was very familiar with he and his "group," as I've mentioned that I've been on there for about 13+ years.

I couldn't agree more that BlueHost is doing a phenominal job at combatting these... annoyances and I, too, appreciated the E-Mail from Matt. Excellent service. That's partially the reason I've been so active on the forum today. I can't stand it when people trash a service provider that's doing their job and doing it well, without even knowing the facts.
Haha, well, mafiaboy is pretty much a part of hacker history, I guess -- at least one of the most famous DDoS attackers as of late, with the spree he did with those huge web sites...

And yes, BH definately was not lying when they said that they "specialize in customer satisfaction". I appreciate being kept in touch with what's going on, and I've finally found a host that accommodates this.

Here's what I think is a fascinating read about how one extortion-oriented attack was handled:

http://www.prolexic.com/news/20050501-csomagazine.php

Also, read about how Gibson Research was attacked using IRC:

www.grc.com/dos/grcdos.htm

Dave

I can't stand it when people trash a service provider that's doing their job and doing it well, without even knowing the facts.

Same here. There are instances where people would throw fits not having a clue but still the admins here go above and beyond to make them happy. I can't stand unreasonable people and I don't think most of them should be getting help. Breeds this type of behavior and that whole idea of "the customer's always right" is just a mantra. You can only take it so far... :rolleyes:

Here's what I think is a fascinating read about how one extortion-oriented attack was handled:

http://www.prolexic.com/news/20050501-csomagazine.php

Also, read about how Gibson Research was attacked using IRC:

www.grc.com/dos/grcdos.htm

Dave

Wow... that first article was pretty intense. Thanks for the post. I really find this stuff interesting... sometimes, I wish I went into the IS field. :eek:

One thing i liked, is that bluehost send me 2 email(i have 2 accounts) with the ddos attack notice. (although i didn't notice the downtime)
I think BH should be applauded for that, because lots of people have no clue what it means that a server can be crippled like that. they just know "I paid, but my site is not showing" and getting pissed.
I remember someone mentioned somewhere in this forum that it would be a good idea that BH notifies its customers of problems like these.

And at that,
are any of the hosting servers being DDOSed?

Do any of them have protection?

Holy hell you guys werent being ddos's you were being drdos'd OMG...

http://www.grc.com/dos/drdos.htm

From the sounds of it, someone said you had to block most of the internet to get back online, thats what a Distributed Reflection DOS attack is, it uses half or more of the internet to attack a server. :eek:

Man people really need to update their virus protection or something.

Holy hell you guys werent being ddos's you were being drdos'd OMG...

http://www.grc.com/dos/drdos.htm

From the sounds of it, someone said you had to block most of the internet to get back online, thats what a Distributed Reflection DOS attack is, it uses half or more of the internet to attack a server. :eek:

Man people really need to update their virus protection or something.
A lot of times it's hard to distinguish the difference; since both DDoS and DrDoS attack a server with an enormous amount of traffic. Also, viruses don't have anything to do with security vulnerabilities... well, I guess they kind of do, since viruses generally use a security vulnerability to spread -- although really, a firewall would do the job.

Well, mrsystem admin were any of the ips that i hoped you logged from sites like nasa.gov or rr.com? Cause if they were you better block some ports RIGHT now.

It's 2:20pm PST. It appears BH was down. Was it a DOS or DDOS attack again?

I am experiencing problems with my web site also. www.giverny.net.
I cannot access it regularly. SOmetimes I can access the home page, but none of the links from the home page work.

Is the DOS affecting hosted web sites as well as the Forum site.

I am experiencing problems with my web site also.
I cannot access it regularly. SOmetimes I can access the home page, but none of the links from the home page work.

Is the DOS affecting hosted web sites as well as the Forum site.

The DoS attack mentioned in this thread was only for a few days, and that several months ago. They do occationaly happen, but generally not as bad as the one in this thread.

If you are experiencing current issues, please go ahead and contact support, and they can either help track down the issue, or make sure it is excalated if it is a BlueHost problem.

re-reading this again... imho it might be a good idea to close this thread

there might be (a lot? of) performance related problems but not all are related to the ddos attack mentioned here

if needed, a new thread with general performance related problems could be opened

re-reading this again... imho it might be a good idea to close this thread ... if needed, a new thread with general performance related problems could be opened


Works for me. Thread closed.