TOR Temporarily Blocked Due to DDoS

No replies
RaT
RaT's picture
Online
SX High Council
Joined: 2008/03/12

Just giving people a heads up that we have temporarily blocked TOR due to a continuous DDoS coming from various TOR exit nodes. The DDoS was not strong enough to shut down the site, but it was making pages load slightly slower. Overall, it only reduced bandwidth by about 1 mb/s, but we figured it was better to block TOR for the time being so that the lamers can't adjust their tactics and potentially eventually bring the site down (probably not possible for them, but you never know).

Currently all signs point to plex0r aka Daniel Raban of danielraban.com. I tried to talk directly with the guy, but he more or less just mouthed off (as all script kiddies do). Much like with VB and TheFixer, it would appear that Daniel has pissed off some of the SX IRC members - so I expect lulz to follow.

I'll let everybody know when TOR is unblocked, but he'll most likely be watching this thread to resume attacks when that happens. Interestingly enough, he tried the same lame GET DDoS as many others. His latest attempt seems to be to frame ChannelZeroYT, after I watched the plex0r account read up on ChannelZeroYT Tongue Not very bright, but they never are.

Log snippet

108.61.53.230 - - [29/May/2014:21:43:39 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:40 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:41 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:41 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:41 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:41 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"
108.61.53.230 - - [29/May/2014:21:43:41 -0400] "GET /hdb/ChannelZeroYT HTTP/1.0" 302 470 "-" "Mozilla/3.0 (compatible)"

He's probably hoping to get in the HDB, but it's not going to happen. We're done putting DDoS skids in the HDB with the exception of the ones that make the news of a major source.