Downtime & Migrations
Welcome Back!
I'm going to keep this fairly non-detailed until we are ready to release more information.
We received a CC of an email sent to Linode's service desk demanding LowEndBox is taken offline. The email was not sent to us, we were CC in on the email that was sent to Linode. The "bright spark's" demands that we were taken offline were then posted on the Linode forum and here on LET.
Shortly after we received a large inbound DDOS at which Linode null-routed the IP. We accepted this, then waited a while and followed up with a call to Linode. To say that they were less than helpful, and less than forthcoming with information is a complete understatement. Let me put this in to perspective, Linode is our host and wouldn't give us information, LiquidWeb is not our host and was far more helpful and forthcoming than Linode. Were we grateful whilst pissed that we were getting more information and help from LiquidWeb than Linode? You bet!
Yes there were more than 2000 IPs in the botnet, and yes we have a complete list of IPs that were hitting both WHT and LEB. To my understanding there is a number of providers who have been hit by this botnet over the past month, and are now collectively contacting upstream providers.
We spent yesterday getting quotes from companies like Staminus, Gigenet, Awknet etc. They either didn't have capacity, or for the size of the incoming floods wanted between $5000/month and $9000/month for DDOS mitigation. Simply not an option at this point.
However, we then received a very generous offer from a large provider with some very extensive resources who is happy to do their best to keep us online and have techs available if we receive another DDOS. At this point we are waiting for the server to be setup as we need, and slowly we will migrate over. We have brought the sites back up on Linode for now purely so people do not have to wait until we have everything sorted out.
We will release more on the new host, and more information after the migration has taken place. At this point both them and us just want some space to finish sorting out the best setup for LEB and LET. Contact Emails will come back online from tomorrow, we had to drop them purely due to the copious amounts of incoming mail.
It's 5:15am, after 2 mornings in a row of canvassing providers and trying to find a reliable solution whilst having a miniature human in hospital I'm off to get some rest.
If there's another DDOS and it's null routed, just wait patiently as we migrate. We will post updates if this occurs on http://twitter.com/LebAlerts
Regards,
Chief
Comments
Willing to bet we won't see Constantinos cranking up a new pump-n-dump company anytime soon :P
@Chief Well Done even with other important things in your life you still managed to get LET/LEB back up.
Woohoo!
@Chief: Thanks for everything!
It's good for this place to be back.
@Aldryic I'm sure he will be back. He will just try to hide.
I guess the next selling point for any hosting provider is "Are you man enough to host LEB? are you man enough, punk?"
Prometeus - Rock Solid KVM | Xen | OpenVZ Digital Ocean
@cleonard - perhaps. But the attacks were very much illegal, and I highly doubt an entity as corporate as WHT will just turn the other cheek and forget about them :P
Constantinos is indeed pulling another runner. Only this time it's likely the law on his heels rather than disgruntled clients :3
Thank You.
@Aldryic what if he's done a runner?
The Original Daniel.
It's his 3rd runner from online business anyway , I don't think his home address has changed.
Well done on sorting out to bring them back.
I think I'm unclear... what makes people think that Constantinos is the person behind these attacks?
Or am I simply misreading?
Also, surprised to hear Linode was so unresponsive. Unfortunate.
Might of fled the country.
The Original Daniel.
Look on WHT there's about 5 pieces of proof.
If someone is interested in some screenshot of his twitter account http://lowendtalk.ftp.sh/index.php?p=/discussion/5/screenshot-of-anonymoushacker039s-twitter
It shall be interesting, from the posts on WHT, the Liquidweb/WHT people were pretty mad about the attack, I'm sure WHT will take legal action if it's feasible.
The tl;dr-
1 - The threats/attacks started near immediately after Constantinos was exposed for starting another company (SturdyVPS)
2 - The LET attack thread on WHT was started by one of Constantinos' aliases (he was soon banned again for this as well)
3 - One of the originating controls for the botnet traced to a residential ISP in Constantinos' home city
4 - An RDNS oversight linked the 'anonymoushackers' alias to SturdyVPS's nameserver.
5 - The attacks and all activity completely ceased after point 4 was publicly exposed.
If it's not him, then someone staged a very elaborate gig to put suspicion on him. If that were the case, however, he would've likely made announcements claiming innocence, etc. Instead, blackout from his companies.
Interesting... I've been reading through the WHT threds as well; pretty convincing. Thanks for the summary :)
Whole thing is just ridiculous, I am still not even entirely sure what their motives were?
Ok if the above is true then I guess that's the motive but that would have never been the supposed motive as that would have given the game away immediately, did he even give a public motive for the attacks?
LittleHappyCloud NL KVM with 1TB BW for €3.00 p/½Year | LowEndSpirit 12 Locations - OpenVZ for €3.00 p/Year | Inception Hosting Xen PV+HVM Services UK/NL/USA
I don't think he had a "Reason".
Thanks for all the effort.
Ok thanks, I read most of what was going on via the various forums I thought maybe I missed something.
LittleHappyCloud NL KVM with 1TB BW for €3.00 p/½Year | LowEndSpirit 12 Locations - OpenVZ for €3.00 p/Year | Inception Hosting Xen PV+HVM Services UK/NL/USA
See point 3 in my post above; we were able to track down a residential connection from one of the compromised bots. I've passed what info I found up to WHT... they're not going to ignore the attacks, and they're in the best position to finance legal action :P
Thank you @Chief for handling this as you did. Even with other things going on in your life, you still took care of LEB/LET. Way to show your leadership skills :)
He actually tried to disguise himself as an "afghanistan branch of anonymous". Actual motive is pretty easy to figure out if you know his history; the guy is blacklisted from pretty much every hosting-based community for his repeated scams, and being exposed yet again (SturdyVPS) got his new company tagged.
@Aldryic I've heard you say it before, nobody hides from Pony!
@Aldryic Thanks yeah I can see the motivation for sure, I just wondered if I had missed something that he announced publicly like... because chief kicked my dog.
LittleHappyCloud NL KVM with 1TB BW for €3.00 p/½Year | LowEndSpirit 12 Locations - OpenVZ for €3.00 p/Year | Inception Hosting Xen PV+HVM Services UK/NL/USA
I think it's hilarious that anyone could think "let me just DDOS their site, they'll be offline forever"... at least that's the way he made it sound. Truth be told today it's a lot harder to pull off a long lasting DDOS (thank god) or all of the 15 year old Constantinos in the world would be blasting people :P
I loved this part, those damn Afghanistan hackers out to attack low end VPS hosting!
How come secure dragon's website is still down?
@Kairus I think he also got attacked, and maybe his IP is still nullrouted...
I think it was originally a preemptive strike on KuJoe's part. Not sure why it still is...
Yeah, I read that on WHT, but that was 12+ hours ago? Hope he didn't forget!
From his twitter:
Thought of reporting his domain? for invalid who.is ?
Basically, he's in the process of setting up his sites for better DoS protection against future issues like this. It'll be back online shortly :P
LOL, this.
Repositories: Debian: EU US TR - Ubuntu: Openlitespeed & Personal PPA ~ Opensource projects: GitHub
Support my repositories or my projects: Bitcoin 17G7A3ew6GSn4TJCm1vyshMiMcDZdBTU73 - Copy referral
Thank you @Chief
Repositories: Debian: EU US TR - Ubuntu: Openlitespeed & Personal PPA ~ Opensource projects: GitHub
Support my repositories or my projects: Bitcoin 17G7A3ew6GSn4TJCm1vyshMiMcDZdBTU73 - Copy referral
The pony knows all, the pony sees all...
I am quite amused that anyone would think a single DDoS episode is going to knock a website offline permanently - though it did certainly have an effect.
You all laughed at the threats, so when it actually happened, there's not much to say about it.
Ignorance is deadly, I suppose...
When you find that perfect VPS, KEEP IT.
@Zetta: Threats like this are a plea for attention. The only thing you can do is ignore them and keep going. Of course it actually happened; it's not an entirely difficult thing to do - the point is not to assign any credibility to this person that they don't deserve.
You all laughed for the threats, you're all still laughing including the WHT idiots. I don't care to prove anyone by talking, talking is cheap - you will see the next targets and attacks coming soon - WE WILL not define what soon means.
Translation: empty threats.
So you figured that the google translate wasn't working then?
@Chief , What was the size of attack? If it's under 10gbps maybe look at OVH or something for the site?
Constantinos, you are such a loser.
I learned a new term on one of the WHT threads. I got a good laugh and I think it's perfect.
Dorktard.
Seems like a good label to me.
I call people like this ragers.
"Dickholes" :P
Not heard that one before :P
Happy to see you're back :)
@dotvps cousin of butthurt
Locations: Miami (US) | Rotterdam (NL) | Stockholm (SE) | Atlanta (US) | Milan (IT)