Locked out of VBulletin.com by IP

Yes, we understand the confusion and frustration these measures have against our existing customers. However it isn't a hacker that the problem is. If it was a single machine causing the attack on our servers, it would be over and done with. However it is a repeated attack from 10's of thousands of machines from a wide range of IP addresses. The only way to alleviate the problems these cause is to ban large ranges of IPs and then slowly allow legitimate users back in as we become aware of the situation. During an ongoing DDOS attack there is no way to differentiate between an attacking computer and one with a valid reason to try and access the site.

We have also provided an alternate means of connection as you know for those who are affected so you won't be affected by future attacks while we continue to try and work with upline providers for a lasting solution. As for how long it is, we can't say. We are doing our best to support you especially with setting up alternative access means but if you still want a refund then you can send an email to [email protected] and we will process it as soon as possible.

Unfortunately, they cannot just block the hacker, because although the hacker "initiates" the attacks, the attacks are actually coming from unsecured, everyday, normal as you and me people's machines. There are always ways that hackers are finding of compromising other people's computers and using them to do the dirty work. This is why you should always keep your computer up-to-date...

While it is unlikely that your particular computer was one of the ones compromised and used against vbulletin.com, it is very likely (since your IP range was banned) that someone's computer on your ISP was compromised. I, too, was IP banned, being a Comcast customer (one of the ISPs with several compromised "zombie" computers), but (minus the initial delay of not realizing I was IP banned and thinking it was down because of an attack) I haven't felt put out at all... In fact, I am on these forums for hours at a time trying to update my lists...

I am sorry that this situation has caused you to want to revert to an otherwise undesired (or atleast that is what I got from your post) product... I hope that you change your mind...

** edit ** - Dang it... Too slow again!!! What he said...

I apologize if there are other posts regarding this before I posted it. Navigating is a bit difficult with all my links and subscriptions pointing to the wrong place.

Banning IP's isn't the answer. Your Web Admin should know that most of these hackers mask their IP address anyway. The worst is Rogers Cable out of Canada and complaints to them go unanswered. Hackers love using their IP's through masking to attack even though they can't be tracked back through the cable company. A strong O/S (Windows 2003 Server running IIS) and hardware based firewall system keeps them out of my systems.

And yes Princess, I update my O/S, Anti-Virus and other software every day on every server, workstation and wireless laptop. I know it's unnecessary to do it every day, but it has become a habit and makes me sleep better. I made it a script to update all of them at Noon or start-up so it's really no effort.

I just hope this mess is resolved soon.

It isn't a hack attempt... It is a series of Distributed Denial of Service attacks using thousands of machines all around the world to create 250 Megabytes of Apache requests a second.

The only way to withstand a Distributed Denial of Service attack is to wait it out at which point, no one would be able to access the server. Or start banning IP addresses at the router level upstream so some bandwidth can reach the server in question.

250MB?

OMG!!!

I thought it was only 250Mb.

That's some serious DDOSing

Oh they are running Apache? I didn't realize that, but it explains the problem they are having. I don't care for Microsoft as a corporation but the 2003 server software they make is the most logical choice for corporate security. If a user sends more than 60 requests per minute, my servers block the IP automatically. Bye bye DDOS attacks.

What if you have 10000 zombie machines accessing 30 times a minute?

Install some software that detects this and THEN block the IP at the router. Maybe there is a pattern to the requests you can detect?

scott mention mod_dosevasive, so preumbably you are doing this.

Good question. I use software to limit each IP to 100kb/sec. and maximum 100 users online at one time. Works great! I know you would probably need 1,000 users at a time though.

While I don't like it either (and I'm sure nobody does), I do think that people have to just bear with Jelsoft as they try to deal with this. I've been a critic of certain things here but they really are doing what they can and will make sure that you can access the server. Within four minutes of telling them I couldn't access the site (literally four minutes, according to the support logs), Steve had given me access.

I don't know if there are better ways, and I hope one is found or the attacks stop. But I think Jelsoft's actions are somewhat validated by the fact that the server is fast (at least for me) and people, with a simple email, will be able to access the site.

Obviously the circumstances aren't ideal, but it works.

The fact of the matter vbulletin you were reactionary in your approach and that is in my mind bad ethics, no emails were sent to legimate licence holders to say why you had been down.

I am personally having to browse this board with proxies and find that disgraceful.
As a checkpoint instructor and 10 year Security Pro I find your actions and answers in these threads somewhat negative and reactive.

Q. As a board that is targeted by hackers and such like to use, you never thought this situation arise? especially with people like NukePirates? I dont condone what has been done, but a forward thinking viewpoint would of helped your backup ideas, its called being proactive.

Q. 5 days, 5 days I couldnt get on here, I know its not life and death but 5 days no emails no nothing to say you knew what was going on and you were tackling the problem. You are a customer facing company and one that should treat and respect those that make you that company.

Q. Yes people can deflective and stop DDOS if they couldnt the whole the NET would be down. Please dont hide behind the "We got DDOSed" thats not fair to the intelligence of the customer.

Please if you can have the time, send emails out and speak to your customers and show what you intend to do in the future. Can we think that this DDOS can happen again? We need to know that information.
Regards

Jelsoft know the person who is doing it, but no authority figures wan't to help them.

For all we know the person doing it could be a licence holder. So are Jelsoft going to tip him off that they are using a new url?

Qteam does have a point.

DDOS's CAN be defeated. Jelfsoft is not the first company to be DDOS'ed. It just seems (to me anyway) that Jelsoft are hoping the guy will just stop, instead of finding a long term solution.

Agreed Raz. I run several websites on IIS 6 and it might slow down during a DDOS attack but I never go offline. Hey Jelsoft, if you're using Apache dump it already. It's time to grow up and use adult web servers!