Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > LowEndBox.com is offline?


LowEndBox.com is offline?




Posted by MattHouston, 03-05-2012, 05:21 PM
I'm unable to load lowendbox.com nor lowendtalk.com - anyone know what happened?

Posted by Spluut, 03-05-2012, 05:21 PM
Someone threatened to DDoS the site an hour ago here on WHT.

Posted by Simplex-Ed, 03-05-2012, 05:23 PM
http://forum.linode.com/viewtopic.php?t=8530

There's some info.


Posted by KMyers, 03-05-2012, 05:27 PM
Quote:
Originally Posted by Simplex-Ed
Yes, this same message was posted on WHT a few hours ago

Posted by Miscis, 03-05-2012, 05:28 PM
If they can do 500Gbps of traffic why would the 'proof' only be 0,4%?

Posted by MattHouston, 03-05-2012, 05:29 PM
Ok i see, thanks for the information.

Doesn't Linode have any DDOS mitigation systems in place?

Posted by MikeTrike, 03-05-2012, 05:29 PM
That's the dumbest thing I've ever seen.

Well, maybe it's the 2nd dumbest thing...

Here's the 1st:
http://www.huffingtonpost.com/2012/0...n_1309917.html

Posted by Microlinux, 03-05-2012, 05:30 PM
Kids these days . . .

Posted by Techy, 03-05-2012, 05:30 PM
Quote:
Originally Posted by MikeTrike
That's the dumbest thing I've ever seen.

Well, maybe it's the 2nd dumbest thing...

Here's the 1st:
http://www.huffingtonpost.com/2012/0...n_1309917.html
lol, thanks for the laugh.

Posted by KMyers, 03-05-2012, 05:32 PM
Quote:
Originally Posted by MikeTrike
Some people need to get a life

Posted by KnownHost-Jonathan, 03-05-2012, 05:32 PM
http://www.webhostingtalk.com/showthread.php?t=1133116

Posted by MattHouston, 03-05-2012, 05:49 PM
Is Linode.com offline? I tried to view that forum topic that was linked to above but the connection timed out?

Edit: Seems they had some packet loss, however they seem to have recovered now.

Posted by KMyers, 03-05-2012, 05:51 PM
Quote:
Originally Posted by MattHouston
Is Linode.com offline? I tried to view that forum topic that was linked to above but the connection timed out?
Seems fine

Posted by jeff@lfcvps, 03-05-2012, 05:56 PM
Any idea why they are being hit? Seems weird.

Posted by KMyers, 03-05-2012, 06:02 PM
Quote:
Originally Posted by jeff@lfcvps
Any idea why they are being hit? Seems weird.
I assume they put someone in the deadpool and they did not like it

Posted by sirius, 03-05-2012, 06:18 PM
Quote:
Originally Posted by [CTI] Todd
Kids these days . . .
Bingo!!

Sirius

Posted by Steven F, 03-05-2012, 07:31 PM
500 Gbps. That is totally believable.

Posted by flam316, 03-05-2012, 10:04 PM
Quote:
Originally Posted by EndServer
500 Gbps. That is totally believable.
It could happen, but I don't think it will/is from these kids.

Posted by Pillar, 03-05-2012, 11:40 PM
What did lowendbox's problems have to do with the WHT outage?

Posted by DeltaAnime, 03-05-2012, 11:45 PM
Quote:
Originally Posted by Pillar
What did lowendbox's problems have to do with the WHT outage?
Rumour is that the warning was posted here and the mods nuked it. When it did, they retaliated.

No confirmation from the mods/admins i don't think.

Francisco

Posted by Pillar, 03-06-2012, 12:05 AM
Script kiddy a site that provides cheap VPS and dedicated server advertisements. What a joke, of course they wouldn't day in and day out expect to need to withstand a DoS attack.

With the market reach and the publicization provided by lowendbox and sites of that nature you'd think this would be a good opportunity for some DDoS mitigation company to help provide discounted service or just pro bono in exchange for publicity of their DoS protection service.

Posted by pubcrawler, 03-06-2012, 01:37 AM
Come on, Lowendbox and Talk is still offline. What are the new yahoos running the site doing? Or what is Linnode doing?

I mean this the same Linnode that just watched $250k in bitcoins be stolen in the past week.

Lowend could have and should have migrated IP's, setup and activated secondary site hotspares, etc. Folks with a site that busy should have 2x hot spares on different networks.

I'd resurrect them from the dead fairly simply, DDoS or no DDoS. Start with a firewall and some strict iptables rules, front end proxying, etc. Scale horizontally and geographically and do same for the DNS. Start fighting and blocking the attack on different networks with traffic geographically isolated.

Yeah it works, we do it. To what sized attack I have no clue and disinterested in trying.

I'd like to know why the DDoS was launched against Lowend and WebhostingTalk. Has to be some interesting background.

Sucks, what am I going to do tonight? Can't chew out basement dwelling bottom providers, waa!

Posted by ZKuJoe, 03-06-2012, 02:54 AM
Quote:
Originally Posted by pubcrawler
What are the new yahoos running the site doing?
Waiting for Linode to remove the null route.

Quote:
Originally Posted by pubcrawler
Or what is Linnode doing?
Waiting to remove the null route.

Quote:
Originally Posted by pubcrawler
Lowend could have and should have migrated IP's, setup and activated secondary site hotspares, etc. Folks with a site that busy should have 2x hot spares on different networks.

I'd resurrect them from the dead fairly simply, DDoS or no DDoS. Start with a firewall and some strict iptables rules, front end proxying, etc. Scale horizontally and geographically and do same for the DNS. Start fighting and blocking the attack on different networks with traffic geographically isolated.
Willing to write us a check? Talk is cheap but what you're proposing is not. The bandwidth costs to stay online is not worth it IMO and Chief made the right choice to accept the null route. LEB and LET is a free public service, not a company. This DDoS attack is against the visitors, not us.

Quote:
Originally Posted by pubcrawler
To what sized attack I have no clue and disinterested in trying.
Not sure of the size of the attack myself (Linode isn't releasing specifics) but you're willingness to criticize our response to an attack you know 0 about says enough.

Quote:
Originally Posted by pubcrawler
I'd like to know why the DDoS was launched against Lowend and WebhostingTalk. Has to be some interesting background.
We're interested to know also. The attackers provided no demands other than Linode suspend us. We received an e-mail shortly before the attack began (same message they posted on Linode's forums) so you know as much as we do.

Quote:
Originally Posted by pubcrawler
Sucks, what am I going to do tonight? Can't chew out basement dwelling bottom providers, waa!
Yes, it pains us all.

Posted by DakNet, 03-06-2012, 03:08 AM
What are typical bandwidth amounts used and charged with an attack if you decide to stay online?

Posted by pubcrawler, 03-06-2012, 03:18 AM
Thanks for the comment kung fu

That null route sure is ahh sticky. Hope it gets unstuck soon. Softlayer (where Linnode is) isn't so friendly about network abuse issues. So good to plan secondary site elsewhere for future.

As far as LEB being free public service, ahh yeah, if so, you folks are missing the gravy truck. Nothing wrong with making money. That money would help with proper hosting, scaling and DDOS mitigation (no offense to anyone, but null routing the sites to be offline is mega failure).

Never should be placing lowendtalk and lowendbox on same server, same IP, etc. Different sites = different homes.

I'd be approaching a DDOS mitigation firm about helping out gratis for public relations success story. Several on here that likely turn this problem around. Perhaps you can barter ad space for services, you have the traffic worth a fortune.

I can't fathom what gripe some lonely basement dwelling mama's boy has with webhosting sites. But impressed at the magnitude of destruction so far. Admins here should share/repost whatever was pulled. Turn the posts over to law enforcement.

Fight back folks, bring these sorts of DDoS clowns down.

Posted by shakybaky, 03-06-2012, 03:21 AM
Quote:
Originally Posted by MikeTrike
That's the dumbest thing I've ever seen.

Well, maybe it's the 2nd dumbest thing...

Here's the 1st:
http://www.huffingtonpost.com/2012/0...n_1309917.html
OMG, I almost shart my pants laughing so hard.

Posted by DakNet, 03-06-2012, 03:22 AM
How do you know how much traffic LEB has?

Posted by pubcrawler, 03-06-2012, 03:33 AM
Quote:
Originally Posted by DakNet
What are typical bandwidth amounts used and charged with an attack if you decide to stay online?
The only folks that will be able to tell you something like that are those with large many rack installations.

A single server, a single rack, and especially shared resource users probably 99%+ of time gets nulled.

The size of attacks can be enormous. For instance a big attack last year that hit DNSMADEEASY was in neighborhood of 50Gbps.

I'd bet this attack is MUCH smaller - 5Gbps tops.

What's a 1Gbps cost? $1k-2k a month?

If attack continues for a week then goes away that usage total will be averaged way down for month. So, billable might end up being around 1.25Gbps additional for the month.

Problem is many providers don't have a spare 5Gbps sitting around right now for all of a sudden usage. Will blow away quality of service for others on same network.

This all points in my mind towards dealing with providers with ample bandwidth and flexibility to deal with such peaks. Linnode is per se big, but they live under someone else's roof and on someone else's network. Softlayer isn't exactly known for dealing with issues like DDoS well. They are of the school of boot people out the door that attract problems (well at least it seems that way).

The bandwidth should have hours ago dropped way off. Any real facility working with upstream providers should be mass blocking inbound problem traffic so it doesn't even hit the provider's routers. So no bandwidth consumed.

A provider like Linnode I'd expect to have a DDoS layer installed and someone on retainer that specializes in mitigations as-needed.

Downtime equals death. Surely, others in this market at going to smell both Linnode's and LEB/LET's blood from this.

I know I am more interested in VPS providers now that have clear proactive DDoS strategy in place, even if services cost more.

Posted by pubcrawler, 03-06-2012, 03:41 AM
Quote:
Originally Posted by DakNet
How do you know how much traffic LEB has?
That's simple.

There are a number of services online that rank website traffic, Alexa, Quancast, Compete, etc.. They aren't perfect, but usually fairly close.

LEB via Alexa is ranked about 21k of all sites.
LET " about 59k "

Those are fairly high traffic ranks. Anything under 100k is great.

Anything in 50k and below is gold mine traffic.

Web hosting services are a good paying CPC/ad rate. It's an audience that is buying, not shopping endlessly. People tend to buy and stay put since so much effort to move. So customer retention length is long.

So those factors in conjunction clearly point to LEB + LET having perhaps an undiscovered gold stash.

How much a month? Heck, they should be pulling in $20k+ a month.

Posted by ZKuJoe, 03-06-2012, 03:51 AM
Quote:
Originally Posted by pubcrawler
Thanks for the comment kung fu

That null route sure is ahh sticky. Hope it gets unstuck soon. Softlayer (where Linnode is) isn't so friendly about network abuse issues. So good to plan secondary site elsewhere for future.

As far as LEB being free public service, ahh yeah, if so, you folks are missing the gravy truck. Nothing wrong with making money. That money would help with proper hosting, scaling and DDOS mitigation (no offense to anyone, but null routing the sites to be offline is mega failure).

Never should be placing lowendtalk and lowendbox on same server, same IP, etc. Different sites = different homes.

I'd be approaching a DDOS mitigation firm about helping out gratis for public relations success story. Several on here that likely turn this problem around. Perhaps you can barter ad space for services, you have the traffic worth a fortune.

I can't fathom what gripe some lonely basement dwelling mama's boy has with webhosting sites. But impressed at the magnitude of destruction so far. Admins here should share/repost whatever was pulled. Turn the posts over to law enforcement.

Fight back folks, bring these sorts of DDoS clowns down.
I read some of your posts on the other thread (the one about WHT being down) and I can't agree with you more on the majority of what you said. To my knowledge LEB is generating revenue (well it was before the management change, not sure what was decided in regards to that) and LEB/LET were originally on 2 different providers (I think one was a DC on the east coast and the other west coast), after this it's definitely something for the new owner to think about.

Posted by IRCCo Jeff, 03-06-2012, 04:09 AM
Quote:
Originally Posted by flam316
It could happen, but I don't think it will/is from these kids.
The largest known attacks are in the realm of < 100 Gbps, but i'm sure we could see that ramp up in the future, perhaps even the near future?

Posted by pubcrawler, 03-06-2012, 05:47 AM
It's just you. http://webhostingtalk.com is up.

------------------------------------------------

Yeah mitigation I said of multiple IPs and horizontally geo-distributed sure make attacks harder, don't they. But the bozos that run LEB/LET mocked me about that and told me to write them a check.

That shouldn't stop you Anonymous.

Disabling ICMP, that's not cowardly, that's smart.

Sounds like you've been outfoxed.

Focus man, focus. No time for temper tantrums. Focus on the target, you see it crashing, the packets are piling up, it's packet tsunami. The lights are flashing, ahh wait, that's just sun coming up.

Posted by pubcrawler, 03-06-2012, 05:50 AM
Sweet:

From Twatter, the blippty blip said:
RACKING UP 1100 ADDITIONAL SERVERS @ USA DC's - TEAM ANONYMOUS LETS PREPARE THE ATTACK

Someone better call the Lorax before all the servers in the forest are cut down. Wait servers don't grow on trees.

Posted by pubcrawler, 03-06-2012, 05:54 AM
Scoreboard:

+1 to Webhosting Talk
+1 to LiquidWeb

-2 to Linnode (can I pay you guys in Bitcoins?)
-10 to LEB/LET (null routes and single homed sites rule!)

Anonymous
ahhh
0

Posted by ZKuJoe, 03-06-2012, 05:55 AM
Quote:
Originally Posted by pubcrawler
But the bozos that run LEB/LET mocked me about that and told me to write them a check.
I simply said it wasn't cheap to do. And I do not run LEB/LET, I am simply a volunteer staff member for some projects that are being worked on and for cleaning comment spam from LEB.

Posted by pubcrawler, 03-06-2012, 05:58 AM
Damn I am going to miss that Anonymous fellow. In the prime of his life, with a bright (sunny) future ahead, he was plowed down unmercifully by Webhostingtalk moderators. Killed in cold blood.

He leaves behind a collection of empty Mountain Dew bottles, a crusty keyboard, and 1,000 illegal dependents born out of wedlock.

Oh those poor servers, think of those poor servers without his father figure role.

RIP Anonymous.

Posted by pubcrawler, 03-06-2012, 06:01 AM
Quote:
Originally Posted by ZKuJoe
I simply said it wasn't cheap to do. And I do not run LEB/LET, I am simply a volunteer staff member for some projects that are being worked on and for cleaning comment spam from LEB.
Pulling on your sleeve Mr.

It's cheap to do. Really. No free though. You have Linux savy folks all over the place. Few days of their time and some VPS accounts. < $1k total. Monthly < $200. That's a few ads at most on LEB. Sold directly of course.

Posted by MrLadoodle, 03-06-2012, 06:08 AM
This isn't a game.

Although someone's mummy isn't going to be happy when she finds out someone's been using her credit card.

Posted by pubcrawler, 03-06-2012, 06:26 AM
Life's a game and it's far more interesting when you play. Some of us are too old or infirmed to partake in the game, so we observe from the sidelines. I am out of popcorn. Time for someone to get on with this show.

Truly, whatever ax the Anonymous fellow has needs to be put out in the public. The entire issue is being played out in public. Why not the reasoning behind it?

Like I've said, null routing sites isn't how to fight DDoS, never was, never will be. Providers that take that route don't deserve to be in business (alright some exceptions surely).

LiquidWeb couldn't ask for better advertising than dealing with this gracefully as it has.

Posted by Wintereise, 03-06-2012, 06:39 AM
So, you're saying that you'd rather pay 100k in bandwidth charges than simply nulling someone and be done with it? Good, more power to you.

Posted by pubcrawler, 03-06-2012, 06:45 AM
I don't believe that these attacks eat up $100k of bandwidth. Bound to chew up admins and human resources if we manually keep making same choices to admit defeat and stick our heads in the sand.

Why wouldn't a facility go upstream to their provider and deal with the attack further up the network?

Do I let an attacker all the way to my front door and fight them or do I cut them off 2 miles away on the way to my place?

Are we sure the internet isn't this aware of how to deal with enemies effectively?

Escalate blocks, bans, nulls, whatever upstream and keep going to the point of the problems front door.

Posted by Wintereise, 03-06-2012, 07:14 AM
Because it'd take a considerable amount of HR effort as well as bandwidth to keep their network alright while they dealt with this 'problem' for you, money you're clearly not giving them.

HR is anything but cheap, neither is bandwidth. If DDoSes are a problem for you, you should sign up with the providers who advertise their expertise in this area.

And that, precisely is the reason a DDoS protected server costs around 4x of a normal one with the same specs.

Linode does neither of these, so I find your comments weird.

Posted by pubcrawler, 03-06-2012, 07:31 AM
Softlayer has DDoS protection on their network(s).

ethproxy is a preferred partner and specializes in DDoS protection. Up to 22Gbps. (LEB/LET should call them).

Linode is a customer of Softlayer. So must be some DDoS protect in place for them.

If people in HR have to scurry and staff folks and people need to manually null things and draw up new router rules each and every time, then it's certainly time to invest in a solution. These attacks are known and primitive. Groundhog day each and every time.

I am real unclear what these DDoS fronted services 3rd party do other than filter and reverse proxy to real remote server. That's a good approach. I see paying for that.

Paying 4x more for DDoS protection in a datacenter, well that seems odd. The entire network should already be DDoS protected.

I know probably providers out there with DDoS protected networks selling non DDoS protected servers as well as expensive servers featuring DDoS protection on the same network.

Posted by hughesey, 03-06-2012, 07:32 AM
Whats wrong with putting it back behind CloudFlare like it was?

Posted by pubcrawler, 03-06-2012, 07:42 AM
Quote:
Originally Posted by hughesey
Whats wrong with putting it back behind CloudFlare like it was?
That's a good question. Didn't realize they were on Cloudflare before.

Cloudflare is basically what I've been say to some degree they should deploy.

Although I am unsure to what extent Cloudflare deals with dynamic content and proxying.

All LEB/LET eggs in one hosting basket has them offline hardcore and the fools behind the attacks are likely going to do the minimum it takes to keep them nulled by their provider. Silly problem and equally silly solution.

Exactly why we need traditional government laws to come in and start issuing orders to turn subscribers off until they learn how to use their computer and maintain such.

Either internet companies get with this reality, or inevitably government will say, look, enough of you folks failing to be responsible and act accordingly.

Posted by cd/home, 03-06-2012, 07:57 AM
Quote:
Originally Posted by hughesey
Whats wrong with putting it back behind CloudFlare like it was?
Because chances are if its a big enough attack CloudFlare will simply redirect thus being useless...

Posted by Wintereise, 03-06-2012, 07:58 AM
Softlayer certainly does have 'DDoS Protection', but if the traffic levels they're claiming is anything even near the truth, you'd be nulled for 24 hours just like here.


Been there, done that, not a pretty experience. If you need ddos protection, you go with someone who explicitly offers it, that's more or less it.

Posted by SoftWareRevue, 03-06-2012, 07:59 AM
Quote:
Originally Posted by pubcrawler
... At least they aren't censor happy like some folks.
It doesn't matter how many times you poke us, there is no way we're placating this troll by publishing his remarks.

Posted by pubcrawler, 03-06-2012, 08:00 AM
Anonymous fellow posted on Twatter splatter splat again, 7 minutes ago:

Quote:
Launching DDOS Attack against WHT shortly.
You kids have fun with this. Sun real bright here and time for me to nap and practice my astral projection.

Can't wait to see what unfolds today.

Posted by pubcrawler, 03-06-2012, 08:05 AM
Quote:
Originally Posted by SoftWareRevue
It doesn't matter how many times you poke us, there is no way we're placating this troll by publishing his remarks.
Good, I like official stances. Even if I don't agree with them.

I surely don't condone DDoS attacks as they tend to silence freedom of speech in communities like these. In commerce-only sites, well still don't agree with DDoS, but there isn't the meaningful human exchange going on there, so less umm sympathetic.

Hoping you folks weather whatever gets thrown as gracefully as you have. Big positive words for keeping the boat afloat during the storm.

Posted by pubcrawler, 03-06-2012, 08:15 AM
Quote:
Originally Posted by Wintereise
Softlayer certainly does have 'DDoS Protection', but if the traffic levels they're claiming is anything even near the truth, you'd be nulled for 24 hours just like here.


Been there, done that, not a pretty experience. If you need ddos protection, you go with someone who explicitly offers it, that's more or less it.
Yep, I agree with this, but funny marketing out there by providers with DDoS protected networks. Big providers have that usually plastered in the up front sales packaging. Deceptive if they null you.

I think this DDoS attack like many is nowhere near what people are boasting. Facilities and providers look mighty stupid if a 200Mbps attack kills their services. They'd never say that if it were true.

Too much dependence on often ill tuned Linux boxes facing the internet nakedly. Over and over and over again.

It's become fashionable to blame every outage on these invisible gigantic monsters. Remember, everyone use to blame every outage on humans, their staff, admins, etc. After that it was the upstream bandwidth providers always getting the blame. Now we are in the age of the DDoS fault.

Posted by pubcrawler, 03-06-2012, 08:32 AM
People with protected networks are probably getting slapped by packets per second and limits the devices have there.

Disguarding tiny packets is the solution. Likewise other odd sized packets should be ignored. A facility should have good idea of what packets typically are like size wise in their network.

The more disguards up front, the better. ASICS based solutions are damn fast and plenty of many Gbps choices out there.

Upstream blocking at bandwidth provider level goes back to at least 2000 when I was doing that for my employer.

Then again, my el cheapo VPS distributed array works very good and costs far less. Suitable for a site, but not a network or service provider approach. Probably can shed a a 2-10Gbps DDOS. Just need to spend more time building management tools to automate more of the human factor out.

Posted by Aldryic C'boas, 03-06-2012, 10:22 AM
You talk too much.

Posted by GetKVM_Ash, 03-06-2012, 10:24 AM
Quote:
Originally Posted by Aldryic C'boas
You talk too much.
I second that, i was just looking through thinking "Wow this guy talks to himself when nobody else is listening".

On another note @Aldryic C'boas, have you noticed who the OP is and also noticed the current status of his account

Posted by quantumphysics, 03-06-2012, 10:34 AM
oh no webhostingtalk is down i might actually have to go outside

edit: that twitter is hilarious, lol
Quote:
Setting up additional server with 100Gbps Uplink and 2056 IP's for attacking WHT.
i wish i could get a box with 2056 ips (well, v4) at this day and age..

Posted by Aldryic C'boas, 03-06-2012, 10:34 AM
Heheh, that's fairly amusing

Posted by Microlinux, 03-06-2012, 10:36 AM
Quote:
Originally Posted by pubcrawler
Make me feel MUCH better about Linnode. At least they aren't censor happy like some folks.
If only the world were so simple, that's a quaint thought.

Posted by MattS, 03-06-2012, 10:39 AM
Lol the OP was banned...

Posted by GetKVM_Ash, 03-06-2012, 10:40 AM
Quote:
Originally Posted by MattS
Lol the OP was banned...
I would point you to LEB to see the original thread regarding the OP who is, at this time, accused of been the man that brought us both HostRail and HostSnowy RIP. But i cant

Posted by Aldryic C'boas, 03-06-2012, 10:44 AM
@VMPort - don't forget sturdyvps.com. The WHMCS license for them even has Constantinos listed :3

Posted by GetKVM_Ash, 03-06-2012, 10:48 AM
Yep that's who the OP is LET knows all.

Posted by Aldryic C'boas, 03-06-2012, 10:50 AM
Makes you wonder just how involved he is with the attacks. The "afghanistan" cover was pathetically fake <_<

Posted by GetKVM_Ash, 03-06-2012, 10:54 AM
Quote:
Originally Posted by Aldryic C'boas
Makes you wonder just how involved he is with the attacks. The "afghanistan" cover was pathetically fake <_<
Dont get involved or you might be next! :3 Your always the loser lol

Posted by wadie, 03-06-2012, 10:55 AM
lol I love the OP! he gave me a good laugh.

Posted by Aldryic C'boas, 03-06-2012, 11:02 AM
Quote:
Originally Posted by VMPort
Dont get involved or you might be next! :3 Your always the loser lol
HAH.

Quote:
Originally Posted by wadie
lol I love the OP! he gave me a good laugh.
The OP gave us some laughs as well... always trying to open new companies under a different name, telling outrageous lies when discovered, then mysteriously vanishing again after getting caught.

Posted by GetKVM_Ash, 03-06-2012, 11:53 AM
@Aldryic C'boas

Told you > https://twitter.com/#!/AnonymousHacke5

Posted by Aldryic C'boas, 03-06-2012, 11:56 AM
It was bound to happen at some point or another. -shrug-

We manage our own nulls, however.. it won't be as simple as them churning 15 minutes of resources to get a 24 hour null from the DC.

Posted by Steven F, 03-06-2012, 12:17 PM
This just keeps getting better and better. Anyone know the actual size of his attacks?

Posted by Chris-WS, 03-06-2012, 12:20 PM
From: https://twitter.com/#!/AnonymousHacke5
Quote:
Still dead It's not just you! http://webhostingtalk.com looks down from here.
Fail xD

Posted by WLH-G, 03-06-2012, 01:02 PM
*Grabs popcorn*

Posted by SteveC8, 03-06-2012, 01:18 PM
Quote:
AnonymousHackers ‏ @AnonymousHacke5
Some of our new targets: BuyVM, securedragon.net
This is pretty pathetic, and it's making me think it's definitely a butthurt provider.

Hi Constantinos.

Posted by DotVPS-J, 03-06-2012, 01:56 PM
Quote:
Originally Posted by WLH-G
*Grabs popcorn*
and drinks

Posted by gilbert, 03-06-2012, 02:15 PM
What is the exact goal here to achieve at taking down web hosting talk and low end box is what I don't understand. These are just two community discussion based websites about web hosting. Nothing political for an activist group could happen for taking down one of these sites. Especially low end box which caters to thrifty people like me looking to save $$$.

Posted by SoftWareRevue, 03-06-2012, 02:27 PM
I never understand why shills do what shills do in the first place. But they obviously have some disturbing psychological issues that force them to act out.

Posted by Microlinux, 03-06-2012, 02:55 PM
Quote:
Originally Posted by SoftWareRevue
I never understand why shills do what shills do in the first place.
Teenage angst . . .

Posted by kbar, 03-06-2012, 04:39 PM
i think it was ddos'ed cuz no buyvm stock

Posted by premiso, 03-06-2012, 04:49 PM
Quote:
Originally Posted by kbar
i think it was ddos'ed cuz no buyvm stock
++, this is all buyvm's fault.

On that note, he should be labeled as "anonymouscoward" instead of anonymoushacker. Oh well, just some 10 yearold who learned how to botnet, hopefully LEB / LET get a new host that handles this ****, may cost out of pocket, but at least they are the winner overall!

So in the end, grow up!

Posted by kbar, 03-06-2012, 04:51 PM
hearing some stuff about new providers and stuff

Posted by pubcrawler, 03-06-2012, 04:55 PM
Ahhh, eeer, maybe BuyVM should host LEB/LET

Posted by cd/home, 03-06-2012, 05:06 PM
I think its time LEB/LET went direct with Softlayer and maybe invested in their own proxy DDoS protection acoupled with the Litespeed Webserver at least then they would stand half a chance of fighting back...

Posted by MrLadoodle, 03-06-2012, 05:08 PM
Quote:
Originally Posted by cd/home
I think its time LEB/LET went direct with Softlayer and maybe invested in their own proxy DDoS protection acoupled with the Litespeed Webserver at least then they would stand half a chance of fighting back...
How would Litespeed change anything? If the pipe is clogged, then nothing is getting through.

Posted by cd/home, 03-06-2012, 05:10 PM
Quote:
Originally Posted by Tiger-Daniel
How would Litespeed change anything? If the pipe is clogged, then nothing is getting through.
It helps plus it can handle more traffic than Apache which would simply bomb out...

Am not saying it will handle the brute of an attack but it'll certainly stand up for longer when the "sh*t hits the fan"...

Posted by MrLadoodle, 03-06-2012, 05:12 PM
Quote:
Originally Posted by cd/home
It helps plus it can handle more traffic than Apache which would simply bomb out...

Am not saying it will handle the brute of an attack but it'll certainly stand up for longer when the "sh*t hits the fan"...
LET/LEB used NGINX.

Posted by cd/home, 03-06-2012, 05:14 PM
Quote:
Originally Posted by Tiger-Daniel
LET/LEB used NGINX.
I forgot they used NGINX which offers next to none protection

Maybe they should spend the money they make off ads for some "real" protection rather than just milking the site as a cash cow?

I dare say those who pay to advertise their will be cheesed if this continues...

Posted by MrLadoodle, 03-06-2012, 05:16 PM
Quote:
Originally Posted by cd/home
I forgot they used NGINX which offers next to none protection

Maybe they should spend the money they make off ads for some "real" protection rather than just milking the ite as a cash cow?
I think your being biased now... If NGINX was so terrible, then why do CloudFlare use it?

Thats saying IIS is better then Apache because you pay for it, while Apache beats IIS in nearly every way.

Posted by cd/home, 03-06-2012, 05:19 PM
Quote:
Originally Posted by Tiger-Daniel
If NGINX was so terrible, then why do CloudFlare use it?
Because its free and neither did I say NGINX was terrible...

Cost vs performance NGINX wins...

Posted by SeriesN, 03-06-2012, 05:38 PM
More DDOS? Liquid web and Linode should be pissed.

Posted by KMyers, 03-06-2012, 05:42 PM
Quote:
Originally Posted by anon-e-mouse
He just doesn't like being exposed by those smarter than he is.
Agreed. I believe there are some telltale signs on who the attacker is. Without going into details, he was called out on LEB and has a grudge against it.

Posted by MrLadoodle, 03-06-2012, 05:45 PM
I was able to get part of his IP, and he comes from Cyprus (although could be proxying)

Posted by birdie25, 03-06-2012, 05:46 PM
Quote:
Originally Posted by Tiger-Daniel
I was able to get part of his IP, and he comes from Cyprus (although could be proxying)
Constantinos Coudounaris, that is all.

Posted by MrLadoodle, 03-06-2012, 05:49 PM
Quote:
Originally Posted by birdie25
Constantinos Coudounaris, that is all.
I don't think its a good idea to start naming people.

Posted by birdie25, 03-06-2012, 05:50 PM
Quote:
Originally Posted by Tiger-Daniel
I don't think its a good idea to start naming people.
Well, LET guys will get this hint

Posted by KMyers, 03-06-2012, 05:52 PM
Quote:
Originally Posted by pubcrawler
Anyone care to summarize without naming names what exactly went on at LEB with this provider that was called out? What was the provider called out for and was he/she/it banned or something similar?

Ugly situation. In best interest of both communities and their providers to get this matter resolved. The DDoS escalation and poking this person is only going to make uglier problems.
Quote:
Originally Posted by Tiger-Daniel
I don't think its a good idea to start naming people.
I agree with Daniel here.

1) I dont want to make the situation worse
2) I dont want to accuse someone without proof

Basically if this is who I think it is, the person setup several hosting companies where customers buy VPS's and shuts down the company. LET posted a Be On The Lookout

Posted by cd/home, 03-06-2012, 05:52 PM
Quote:
Originally Posted by Tiger-Daniel
I don't think its a good idea to start naming people.
Most who visit LEB/LET on a regular basis will have a rough idea who is behide this as he/them has threathed against this a number of times...

Posted by SeriesN, 03-06-2012, 05:54 PM
I think I might have the idea who he is. Some one frequent in DP forum as well. (With different user info)

Posted by MrLadoodle, 03-06-2012, 05:55 PM
Quote:
Originally Posted by cd/home
Most who visit LEB/LET on a regular basis will have a rough idea who is behide this as he/them has threathed against this a number of times...
Im a very regular member of LET/LEB and I'm still a bit clueless of who this is referring too.


Quote:
Originally Posted by KMyers
I agree with Daniel here.

1) I dont want to make the situation worse
2) I dont want to accuse someone without proof

Basically if this is who I think it is, the person setup several hosting companies where customers buy VPS's and shuts down the company. LET posted a Be On The Lookout

When/Where was this Be On the Lookout post?

Posted by N402KC, 03-06-2012, 05:56 PM
Quote:
Originally Posted by Tiger-Daniel
I am having issues loading the idiots twitter. But this guy has gotta realise that no one is supporting him.




Some of the best things on the internet are free (and open-source). Linux, WebKit, CUPS.
Totally Agreed! But sometimes Free comes with a cost of quality (poor)

Posted by anon-e-mouse, 03-06-2012, 05:56 PM
Quote:
Originally Posted by Tiger-Daniel
I don't think its a good idea to start naming people.
Why not? He's showing his true colours now.

Posted by MrLadoodle, 03-06-2012, 05:58 PM
Quote:
Originally Posted by anon-e-mouse
Why not? He's showing his true colours now.
Because what if we're wrong?

Of course if its solid proof, then we should just take the piss out of him.

Posted by Kairus, 03-06-2012, 06:00 PM
I bet it's drmike doing the DDoS! (j/k). I was gone for three days and come back and there's a bunch of LET drama, boo. I hope the LEB/LET staff move off Linode to something DDoS protected. From what LEA said in his goodbye post, the site makes enough money off advertisements to be able to afford DDoS protected hosting.

edit: DotVPS? Did something happen with him over the weekend?

Posted by quantumphysics, 03-06-2012, 06:04 PM
there are really only 3-4 "companies" i can think of
off the top of my head that absolutely have a grudge against them and are made fun of on LE{b,t} often and have very easy access to attackers and compromised hosts to flood from, and two of them are basically sleeping with each other

Posted by cd/home, 03-06-2012, 06:08 PM
Quote:
Originally Posted by Tiger-Daniel
I was able to get part of his IP, and he comes from Cyprus (although could be proxying)
From their Twitter:

Quote:
Confused everyone at WHT, hahaha with the country of the IP. Uneducated scums, they don't even know what a proxy is.
So it appears whoever that account belongs too they are watching WHT very close...

In response to the message, Yes we do know what an proxy is however your proxy will just bite your ass when I reverse it for you, hahaha back at you...

Posted by SeriesN, 03-06-2012, 06:09 PM
Twitter link pleas?

Posted by Kairus, 03-06-2012, 06:12 PM
Just another script kiddie.

Posted by SeriesN, 03-06-2012, 06:13 PM
Wait ISNT't secure dragon is kujoes company? (FWHT Admin)?

Posted by MrLadoodle, 03-06-2012, 06:13 PM
Despite the negative impacts of this person, this is rather entertaining.

Posted by SeriesN, 03-06-2012, 06:14 PM
2056 ip? 100gbps? Damn who is the provider?

Posted by n!ghtmare, 03-06-2012, 06:14 PM
Does anyone know how to contact the owner(s) of LowEndBox? maybe we can make a deal.

Posted by JSCL, 03-06-2012, 06:14 PM
Ladies and Gentleman, boys, girls and annoying cypriuts with no life,

May I please point you in the direction of this classic nursery rhyme - The Grand Old Duke of York - http://www.youtube.com/watch?v=-5LgybHRDeI

The story? Well, if you don't know it, figure that out for yourself.

Quote:
Does anyone know how to contact the owner(s) of LowEndBox? maybe we can make a deal.
Deals? In American political terms, WE DON'T NEGOTIATE WITH TERRORISTS. Waiting for responses from LiquidWeb? Sure, they can just fwd on the e-mails that no doubt have content of an illegal nature to the appropriate law enforcement agencies.

Posted by n!ghtmare, 03-06-2012, 06:17 PM
Quote:
Originally Posted by JSCL
Deals? In American political terms, WE DON'T NEGOTIATE WITH TERRORISTS. Waiting for responses from LiquidWeb? Sure, they can just fwd on the e-mails that no doubt have content of an illegal nature to the appropriate law enforcement agencies.
I'm not a terrorist. my sites get DDoSed all the time and I have free protection capacity that could be used in return for a banner ad or whatever.

Posted by SeriesN, 03-06-2012, 06:17 PM
Fudge, The guy actually replied to my post? Damn.

Posted by MrLadoodle, 03-06-2012, 06:18 PM
Someone has far too much time on there hands.

Posted by SeriesN, 03-06-2012, 06:19 PM
Reply to twitter post: Hey now, Do not need to make fun of me. Asked just out of curiosity .

Posted by N402KC, 03-06-2012, 06:23 PM
Who ever emails them mite get screwed over. Anyways, How are they posting to Twitter? Can Twitter get involved and display some IP Addresses from the posters/posting locations?

Posted by MrLadoodle, 03-06-2012, 06:24 PM
Quote:
Originally Posted by N402KC
Who ever emails them mite get screwed over. Anyways, How are they posting to Twitter? Can Twitter get involved and display some IP Addresses from the posters/posting locations?
Twitter are known to hate releasing private data, whatever the person.

Posted by N402KC, 03-06-2012, 06:25 PM
Quote:
Originally Posted by Tiger-Daniel
Twitter are known to hate releasing private data, whatever the person.
Well since they are acting Maliciously, Can't they have a little participation?

Posted by quantumphysics, 03-06-2012, 06:25 PM
Quote:
Originally Posted by Tiger-Daniel
Twitter are known to hate releasing private data, whatever the person.
If they're explicitly forced to by court order they still will though.
Not that they HAVE much data in the first place, as anyone with half a brain would proxy onto twitter..

the most other stuff you'd get would be DM's, which likely there are none since you need mutual follow to send one and they're at 0/0

Posted by JSCL, 03-06-2012, 06:25 PM
Quote:
Originally Posted by N402KC
Who ever emails them mite get screwed over. Anyways, How are they posting to Twitter? Can Twitter get involved and display some IP Addresses from the posters/posting locations?
Sure, maybe, if WHT/iNet decide to try and get a court order that means Twitter will have to provide that information. Or unless iNet go via law enforcement agencies who will then go for a court order to get that information from Twitter.

Twitter seems very reluctant however to supply IP information - take for example the UK riots last August - Twitter refused to supply the UK police with any IP logs.

Posted by SeriesN, 03-06-2012, 06:26 PM
But if Linode and LEB asks them May be? Who knows?

Posted by KMyers, 03-06-2012, 06:26 PM
Quote:
Originally Posted by cd/home
Now their asking folk to contact them Via an email address:
Yeh, Unlike the hacker group they are trying to IMITATE, they dont use Pastebin. They are nothing more then Anonymous Knockoffs

Posted by MrLadoodle, 03-06-2012, 06:26 PM
Quote:
Originally Posted by JSCL
Sure, maybe, if WHT/iNet decide to try and get a court order that means Twitter will have to provide that information. Or unless iNet go via law enforcement agencies who will then go for a court order to get that information from Twitter.

Twitter seems very reluctant however to supply IP information - take for example the UK riots last August - Twitter refused to supply the UK police with any IP logs.
Twitter refused to give the US government any information about Lulzsec or Anonymous members.

Posted by JSCL, 03-06-2012, 06:26 PM
Quote:
Originally Posted by SeriesN
But if Linode and LEB asks them May be? Who knows?
They will merely respond with "Lol, who are you again?" - those names are 'nobodies' to Twitter, let's be frank about it.

Posted by The Prohacker, 03-06-2012, 06:27 PM
Quote:
Originally Posted by N402KC
Well since they are acting Maliciously, Can't they have a little participation?
It would take a subpoena to release the information; we have the same requirement for disclosure of private information.

Law enforcement has other tools to compel disclosure but still need a court order eventually.

For any one wanting some of the background from Lowendtalk:
http://webcache.googleusercontent.co...&gl=us&strip=1

Posted by MrLadoodle, 03-06-2012, 06:27 PM
Quote:
Originally Posted by KMyers
Yeh, Unlike the hacker group they are trying to IMITATE, they dont use Pastebin. They are nothing more then Anonymous Knockoffs
They don't even share the same goals, this person seems to agree with censorship of the internet.

Posted by N402KC, 03-06-2012, 06:27 PM
Well, Unless Anony act's against Twitter, I am not sure they will do anything.

Posted by xonion, 03-06-2012, 06:28 PM
Quote:
Originally Posted by Tiger-Daniel
I don't think its a good idea to start naming people.
Well, just a thought.

Take a look at the twitter channel of hostsnowy, e.g. this post: h**ps://twitter.com/#!/HostSnowy/status/176795281810137089
h**p://img688.imageshack.us/img688/9503/hostsnowytwitter.png

And check RDNS:
h**p://img838.imageshack.us/img838/3989/rdns779522553.png

Seriously ?

Posted by n!ghtmare, 03-06-2012, 06:29 PM
Quote:
Originally Posted by The Prohacker
It would take a subpoena to release the information; we have the same requirement for disclosure of private information.
I don't know if you saw the thread about Caronet going bankrupt that was around a few months ago, but people were posting their opinion and Caronet were sending them C&D letters 1-2 days later. How did they get a subpoena and send letters within 2 days?

Posted by KMyers, 03-06-2012, 06:29 PM
Quote:
Originally Posted by Tiger-Daniel
They don't even share the same goals, this person seems to agree with censorship of the internet.
Wisely said. I hate to say since the LulzSec and Anonymous were formed, there have been so many people trying to rise in their spotlight

Posted by MrLadoodle, 03-06-2012, 06:30 PM
Quote:
Originally Posted by xonion
Well, just a thought.

Take a look at the twitter channel of hostsnowy, e.g. this post: h**ps://twitter.com/#!/HostSnowy/status/176795281810137089
h**p://img688.imageshack.us/img688/9503/hostsnowytwitter.png

And check RDNS:
h**p://img838.imageshack.us/img838/3989/rdns779522553.png

Seriously ?
Great catch there

Posted by Herenow, 03-06-2012, 06:31 PM
Im no expert but.. Let me join the topic and ask somethings..

I saw his twitter and..
Quote:
Just received communication from LiquidWeb, let's wait for their decision now.
What the hell does he think that LiquiWeb will do? Null route WHT? I mean WHT is of great importance for LiquidWeb, isnt it? Why would LiquidWeb even negociate with this guys.

Quote:
Setting up additional server with 100Gbps Uplink and 2056 IP's for attacking WHT.
God.. This cant be cheap. Do they even have a motive for taking down WHT? Or are they just randomly mad at providers? And trying to call attention of LiquiWeb, Linode, SoftLayer etc?

Well i read somethings about people saying, hes just a kid, just some random mad guy. A rich one rs, but not random.

Posted by birdie25, 03-06-2012, 06:31 PM
Quote:
Originally Posted by xonion
Well, just a thought.

Take a look at the twitter channel of hostsnowy, e.g. this post: h**ps://twitter.com/#!/HostSnowy/status/176795281810137089
h**p://img688.imageshack.us/img688/9503/hostsnowytwitter.png

And check RDNS:
h**p://img838.imageshack.us/img838/3989/rdns779522553.png

Seriously ?
This. 10chars

Posted by JSCL, 03-06-2012, 06:32 PM
Until you go about getting an injunction, I am the type of person (as we all know), to dip my foot in the crappy pond.

We can safely say that the Cypriut Constantinos Coudounaris is responsible for this. It is pretty clear by the link provided by the extremely-Pro-Hacker that it is Constantinos Coudounaris.

I wonder if we can continue posting Constantinos Coudounaris and he, like myself, shall be loitered by Google? Constantinos Coudounaris ? Hacking ? WHT? LEB ? Anonymous ? Totally!

Posted by cd/home, 03-06-2012, 06:33 PM
Quote:
Originally Posted by xonion
Well, just a thought.

Take a look at the twitter channel of hostsnowy, e.g. this post: h**ps://twitter.com/#!/HostSnowy/status/176795281810137089
h**p://img688.imageshack.us/img688/9503/hostsnowytwitter.png

And check RDNS:
h**p://img838.imageshack.us/img838/3989/rdns779522553.png

Seriously ?
So my concerns was correct

Posted by The Prohacker, 03-06-2012, 06:34 PM
Quote:
Originally Posted by n!ghtmare
I don't know if you saw the thread about Caronet going bankrupt that was around a few months ago, but people were posting their opinion and Caronet were sending them C&D letters 1-2 days later. How did they get a subpoena and send letters within 2 days?
I'd bet they didn't need our IP log to figure out who the users were and to contact them

We never released any information or even received a subpoena for the information regarding CaroNet. I'm the guy who responds to abuse complaints; we get a few C&D requests a month for threads on WHT. I just politely inform them of section 230 of the U.S Communications Decency Act.

Posted by cd/home, 03-06-2012, 06:40 PM
I wonder if they dare to comment about this on their twitter page...

http://whois.domaintools.com/77.95.225.200

Posted by N402KC, 03-06-2012, 06:41 PM
Quote:
Originally Posted by cd/home
I wonder if they dare to comment about this on their twitter page...

http://whois.domaintools.com/77.95.225.200
Uh OH.......

Posted by DotVPS-J, 03-06-2012, 06:41 PM
Quote:
Originally Posted by cd/home
I wonder if they dare to comment about this on their twitter page...

http://whois.domaintools.com/77.95.225.200
Snel have 24/7 Support if you want to give them a call

Posted by cd/home, 03-06-2012, 06:43 PM
Quote:
Originally Posted by DotVPS-J
Snel have 24/7 Support if you want to give them a call
Sure...

Posted by N402KC, 03-06-2012, 06:49 PM
Twitter Deleted?

Posted by premiso, 03-06-2012, 06:49 PM
Twitter account magically disappeared...RUH OH!

I so hope he gets caught and prosecuted!

Posted by birdie25, 03-06-2012, 06:49 PM
Quote:
Originally Posted by N402KC
Twitter Deleted?
Yes it seems that it has been deleted.

Posted by GetKVM_Ash, 03-06-2012, 06:53 PM
Quote:
Originally Posted by birdie25
Yes it seems that it has been deleted.
Still working here..

Posted by Spirit, 03-06-2012, 06:54 PM
Quote:
Originally Posted by JSCL
We can safely say that the Cypriut Constantinos Coudounaris is responsible for this. It is pretty clear by the link provided by the extremely-Pro-Hacker that it is Constantinos Coudounaris
Can we? It was just one drama from many on LET lately. This poor failed lying business man... and our jumping to conclusions. It could be anyone. Really anyone.
It's not that I defend him but we could be easily on wrong track. Being the latest person on the long list of LEB/LET failures doesn't make him ddos criminal by default. It seems almost too easy..

Posted by SeriesN, 03-06-2012, 06:55 PM
Hmm, Who said LEB and Linode is Just a name again? Also do not forget iNET.

Posted by Xynnus, 03-06-2012, 06:56 PM
Quote:
Originally Posted by [CTI] Todd
Kids these days . . .
Exactly...

Posted by JSCL, 03-06-2012, 06:56 PM
Quote:
Originally Posted by Spirit
Can we? It was just one drama from many on LET lately. This poor failed lying business man... and our jumping to conclusions. It could be anyone. Really anyone.
It's not that I defend him but we could be easily on wrong track. Being the latest person on the long list of LEB/LET failures doesn't make him ddos criminal by default. It seems almost too easy..
I'm sorry but I refuse to believe that The Semi-ProHacker would make reference to HostSnowy / Constantinos Coudounaris if there wasn't a connection. He's not exactly going to want to run the risk of a legal challenge against his post being an iNet representative, is he?

Posted by cd/home, 03-06-2012, 06:57 PM
Quote:
Originally Posted by VMPort
Still working here..
Still working here aswell just the posts have gone...

Posted by premiso, 03-06-2012, 06:58 PM
Quote:
Originally Posted by cd/home
Still working here aswell just the posts have gone...
Quote:
Sorry, that page doesn’t exist!
Wonder if some servers haven't propagated yet.

Posted by canar, 03-06-2012, 06:59 PM
hostsnowy, sturdyvps twitter gone and sites down

Posted by cd/home, 03-06-2012, 06:59 PM
Quote:
Originally Posted by Spirit
and our jumping to conclusions.
Take alook at this: http://whois.domaintools.com/77.95.225.200

Posted by pubcrawler, 03-06-2012, 07:00 PM
Lowend box is now redirecting elsewhere -- to Twitter...

http://twitter.com/#!/LebAlerts

Fun 24 hours, no sleep, child in hospital, now a migration. Huge thanks 2 our new provider getting a server racked so quick, more on that...

Posted by DotVPS-J, 03-06-2012, 07:02 PM
Quote:
Originally Posted by pubcrawler
Lowend box is now redirecting elsewhere -- to Twitter...

http://twitter.com/#!/LebAlerts

Fun 24 hours, no sleep, child in hospital, now a migration. Huge thanks 2 our new provider getting a server racked so quick, more on that...
Hopefully they'll be up asap

Posted by Spirit, 03-06-2012, 07:04 PM
@JSCL
Connections was made mostly from us, lowendboxers, which jumped to conclusions mostly because he was the latest potential scam attempt discovery at LET and nothing more than that. It could be anyone, but he was latest and that made him atm more popular and for some people more "obvious" than others.
It could be him, yes of course.. but most people jumped to conclusions because he's the latest LET drama and this made him more obvious.


edit.
Quote:
Originally Posted by cd/home
I overlooked this. If that's really his personal IP and not some of his few "customers" to create even bigger mess I must say that he's really dumb. But well... we know this already.

Posted by SoftWareRevue, 03-06-2012, 07:06 PM
Quote:
Originally Posted by JSCL
... He's not exactly going to want to run the risk of a legal challenge against his post being an iNet representative, is he?
Risk? What? How so?

For posting this?
Quote:
For any one wanting some of the background from Lowendtalk:
http://webcache.googleusercontent.co...&gl=us&strip=1

Posted by subigo, 03-06-2012, 07:08 PM
The $1 VPS market: SERIOUS BUSINESS.

Posted by pubcrawler, 03-06-2012, 07:09 PM
Might be raising more issues:

Prometeus – $3.75/month 192MB Ram OpenVZ VPS
SturdyVPS – $2.95/month 128MB RAM OpenVZ VPS
NozHost – $5/Month 512MB RAM OpenVZ VPS
InfraVPS – OpenVZ and Xen-PV VPS starts $2.47

That quartet is found on a "new" review blog site:
http://www.lowendcube.com/

righthand column...

Some other providers to eyeball in light of what has happened.

Posted by cd/home, 03-06-2012, 07:10 PM
Quote:
Originally Posted by Spirit
It could be him, yes of course.. but most people jumped to conclusions because he's the latest LET drama and this made him more obvious.
I knew it was "him" all along due to the previous comments and threats he has posed...

This single piece of information puts the ice on the cake for my liking:

Quote:
IP Location: Netherlands Netherlands Amsterdam Snel Internet Services B.v
ASN: AS42267
Resolve Host: anonymoushackers
IP Address: 77.95.225.200 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Reverse IP: 1 website uses this address. (example: hostsnowy.com)

Posted by birdie25, 03-06-2012, 07:11 PM
Quote:
Originally Posted by pubcrawler
Might be raising more issues:

Prometeus – $3.75/month 192MB Ram OpenVZ VPS
SturdyVPS – $2.95/month 128MB RAM OpenVZ VPS
NozHost – $5/Month 512MB RAM OpenVZ VPS
InfraVPS – OpenVZ and Xen-PV VPS starts $2.47

That quartet is found on a "new" review blog site:
http://www.lowendcube.com/

righthand column...

Some other providers to eyeball in light of what has happened.
Prometeus - legit
StudyVPS - shady
NozHost - shady
InfraVPS - no comment

Posted by DeltaAnime, 03-06-2012, 07:12 PM
NozHost actually purchased VM's to flood from. Shady doesn't begin to describe them.

Francisco

Posted by pubcrawler, 03-06-2012, 07:13 PM
Wait wait wait.

Anyone other than admins here notice that the person who started this thread was:

Matt Houston?

That would be the SturdyVPS "owner".

Posted by MattS, 03-06-2012, 07:14 PM
Quote:
Originally Posted by pubcrawler
Wait wait wait.

Anyone other than admins here notice that the person who started this thread was:

Matt Houston?

That would be the SturdyVPS "owner".
Hence why he's banned I'm assuming.

Posted by SoftWareRevue, 03-06-2012, 07:16 PM
Quote:
Originally Posted by MattS
Hence why he's banned I'm assuming.
He's been banned under many names.

Posted by premiso, 03-06-2012, 07:16 PM
@pubcrawler, it was pointed out a while ago, like page 3 or 4.

Posted by pubcrawler, 03-06-2012, 07:21 PM
Oops I missed that

Tell you what, folks hunches really appear to be on target or damn close this time.

Good work for finding the nslookup info. With the Anonymous reference. *Hoping* we are all correct on this.

Time to go deal with the Romanian server provider (if he/she exists) and isolate other exploited resources used in the attacks. Doubt this is the last we'll see of this runner.

Posted by quantumphysics, 03-06-2012, 07:23 PM
Quote:
Originally Posted by pubcrawler
Might be raising more issues:

Prometeus – $3.75/month 192MB Ram OpenVZ VPS
SturdyVPS – $2.95/month 128MB RAM OpenVZ VPS
NozHost – $5/Month 512MB RAM OpenVZ VPS
InfraVPS – OpenVZ and Xen-PV VPS starts $2.47

That quartet is found on a "new" review blog site:
http://www.lowendcube.com/

righthand column...

Some other providers to eyeball in light of what has happened.
prometeus is a totally legit host, not anywhere close to those two -- probably just bad post timing ors omething

Posted by SeriesN, 03-06-2012, 07:23 PM
But I wonder how were they able to get 4k ips?

Posted by Microlinux, 03-06-2012, 07:24 PM
Quote:
Originally Posted by pubcrawler
Wait wait wait.

Anyone other than admins here notice that the person who started this thread was:

Matt Houston?

That would be the SturdyVPS "owner".
Yes. The wording of the post was a bit disingenuous . . . "anyone know what happened?"

Posted by The Prohacker, 03-06-2012, 07:27 PM
Quote:
Originally Posted by SeriesN
But I wonder how were they able to get 4k ips?
Botnets.. You can buy them now pre-assembled

Posted by pubcrawler, 03-06-2012, 07:27 PM
A public database of DDoS origination, malware attempts, etc. by IP range, provider, etc. could be mega useful for screening potential providers and isolating patterns.

Likely could have cut this runner off early based on some of his posts and relationships on underbelly websites.

Hoping LEB starts allow meaningful numeric ratings of providers, by customers. Aggregated submitted reviews + ratings would stop many providers cold in tracks and do so without back and forth conversations on reviews.

Posted by cd/home, 03-06-2012, 07:28 PM
Quote:
Originally Posted by The Prohacker
You can buy them now pre-assembled
I can buy something else pre-assembled in amsterdam

Posted by SeriesN, 03-06-2012, 07:29 PM
Ehm. Bad boy
Quote:
Originally Posted by cd/home
I can buy something else pre-assembled in amsterdam

Posted by Steven F, 03-06-2012, 07:36 PM
Quote:
Originally Posted by cd/home
I can buy something else pre-assembled in amsterdam
Would that be a server...?

Posted by Robert vd Boorn, 03-06-2012, 07:38 PM
A server with red lights.

Posted by cd/home, 03-06-2012, 07:38 PM
Quote:
Originally Posted by EndServer
Would that be a server...?
You can buy several things a server being one of them yes

Posted by AHFBWEB, 03-06-2012, 07:39 PM
sturdyvps anon twitter is gone

Posted by quantumphysics, 03-06-2012, 07:40 PM
https://twitter.com/#!/SturdyVps ?

Posted by cd/home, 03-06-2012, 07:41 PM
Quote:
Originally Posted by AHFB HTML
sturdyvps anon twitter is gone
Its gone from my end aswell now.

I have screenshots of the anon twitter if anyone wants them.

I could include them on a post if I am allowed?

Posted by AHFBWEB, 03-06-2012, 07:42 PM
Quote:
Originally Posted by quantumphysics
that one too, I was speaking of his anonhacker one

Posted by premiso, 03-06-2012, 07:50 PM
Quote:
Originally Posted by cd/home
I could include them on a post if I am allowed?
I don't think it is necessary, but that is me.

Posted by SoftWareRevue, 03-06-2012, 08:04 PM
Quote:
Originally Posted by premiso
I don't think it is necessary, but that is me.
Right. There was really nothing on it worth repeating.

Posted by cd/home, 03-06-2012, 08:12 PM
Whats happened to the party?

Is drink running low and popcorn ran out?

Posted by andri, 03-06-2012, 08:17 PM
SecureDragon's site is down, SturdyVPS' too. Well, it's spreading. Poor customers (like me), they know nothing.

Posted by GetKVM_Ash, 03-06-2012, 08:19 PM
BuyVM still untouched, that's what i like to see

Posted by christiwilsonc, 03-06-2012, 08:30 PM
So this is a guy who is pissed off at LEB for banning/shunning his product/company? WHT too? (Sorry, I don't read LET/LEB so I am not "in the know" of what goes on there.

I really don't understand people who send DDoS attacks. Don't the realize that other peoples livelihoods depend on their server to be up and running? If I read correctly one of the owners of LEB child was in the hospital last night and they also had to worry about his business being down and loosing money? Whoever is behind this attack (and those who do these childish games) are on the very low-end of the gene pool and I hate that I spend even time to read and post on this thread.

Posted by n!ghtmare, 03-06-2012, 08:38 PM
So he's continuing to DDoS providers after people found out who he was?

Any idea what caused this? Just his own companies failing or..?

Posted by Kairus, 03-06-2012, 08:41 PM
Quote:
Originally Posted by n!ghtmare
So he's continuing to DDoS providers after people found out who he was?

Any idea what caused this? Just his own companies failing or..?
Yeah, his companies keep failing.

Posted by DotVPS-J, 03-06-2012, 09:10 PM
Quote:
Originally Posted by VMPort
BuyVM still untouched, that's what i like to see
His probably to scared of Aldryic

Posted by ZKuJoe, 03-06-2012, 09:19 PM
Quote:
Originally Posted by andri
SecureDragon's site is down
We took our web server offline as a precaution while we make some changes.

Posted by lonea, 03-06-2012, 11:06 PM
So could somebody fill in me this story ? The old owner of hostrails did an attack on LEB / LET ?

Posted by ubservers, 03-06-2012, 11:59 PM
Quote:
Originally Posted by christiwilsonc
are on the very low-end of the gene pool
I guess they applied the philosophy of the site

Posted by iperweb, 03-07-2012, 01:18 AM
Quote:
Originally Posted by pubcrawler
Might be raising more issues:

Prometeus – $3.75/month 192MB Ram OpenVZ VPS

That quartet is found on a "new" review blog site:
http://www.lowendcube.com/

righthand column...

Some other providers to eyeball in light of what has happened.
What's up doc? I was contacted by the lowendcube guy, we have no affiliation with other company in the LEB market.

S.

Posted by cd/home, 03-07-2012, 08:41 AM
I wonder when this "anon" or shall I say "clown" will re-surface again

Posted by Kairus, 03-07-2012, 03:54 PM
Quote:
Originally Posted by cd/home
I wonder when this "anon" or shall I say "clown" will re-surface again
http://www.lowendtalk.com/discussion...lcome-back-let

Script kiddie is back!

Posted by Robert vd Boorn, 03-07-2012, 03:57 PM
Gotta love the creative names/emails he uses.

Posted by cd/home, 03-07-2012, 04:23 PM
Yawns... Still throwing his bottle out the pram is he, Maybe he needs his diaper changing?

Posted by DeltaAnime, 03-07-2012, 04:52 PM
He's trying to get 'help' through hackforums.

Francisco

Posted by KMyers, 03-07-2012, 04:53 PM
Quote:
Originally Posted by DeltaAnime
He's trying to get 'help' through hackforums.

Francisco
Can you PM me a link, I really need to see that


Poooooonnyyy

Posted by cd/home, 03-07-2012, 04:54 PM
Quote:
Originally Posted by DeltaAnime
He's trying to get 'help' through hackforums.

Francisco
Trying to launch an attack against WHT is pretty stupid a fair number of hosts use WHT for advertisements so he is just burning bridges so to speak...

Posted by sirius, 03-07-2012, 04:57 PM
Quote:
Originally Posted by KMyers
Can you PM me a link, I really need to see that


Poooooonnyyy
No need to PM - feel free to post the link here.

Posted by KMyers, 03-07-2012, 04:59 PM
Quote:
Originally Posted by sirius
No need to PM - feel free to post the link here.
Your the boss

Posted by DeltaAnime, 03-07-2012, 04:59 PM
http://www.hackforums.net/showthread.php?tid=2277918

http://webcache.googleusercontent.co...&ct=clnk&gl=ca

Francisco

Posted by KMyers, 03-07-2012, 05:00 PM
Nice, offering a free VPS for anyone who helps with the attack

Posted by SeriesN, 03-07-2012, 05:01 PM
Some one posted the link here before. Let me post again,
http://onyx.ipxcore.com/hf/

Posted by cd/home, 03-07-2012, 05:01 PM
Maybe someone should contact Limestone Networks to have this site taken down/removed?

Posted by SeriesN, 03-07-2012, 05:02 PM
Quote:
Originally Posted by cd/home
Maybe someone should contact Limestone Networks to have this site taken down/removed?
INET!!! <10 CHAR>

Posted by n!ghtmare, 03-07-2012, 05:04 PM
Quote:
Originally Posted by cd/home
Maybe someone should contact Limestone Networks to have this site taken down/removed?
It's not illegal unfortunately. it's been on limestone for years anyway.

Posted by Robert vd Boorn, 03-07-2012, 05:05 PM
The first part...

Posted by cd/home, 03-07-2012, 05:06 PM
Quote:
Originally Posted by n!ghtmare
It's not illegal unfortunately. it's been on limestone for years anyway.
When has "hacking" or arranging DDoS attacks been legal?

Posted by n!ghtmare, 03-07-2012, 05:06 PM
Quote:
Originally Posted by cd/home
When has "hacking" or arranging DDoS attacks been legal?
http://en.wikipedia.org/wiki/First_A...s_Constitution

Posted by KMyers, 03-07-2012, 05:07 PM
Quote:
Originally Posted by cd/home
Maybe someone should contact Limestone Networks to have this site taken down/removed?
Quote:
Originally Posted by n!ghtmare
It's not illegal unfortunately. it's been on limestone for years anyway.
Unfortunately they are right, The laws about "Hacking" are not black or white.

Now it would be nice if a member of WHT joined and posted the "truth" about this guy. How he wants the sites taken down because he was caught stealing from his customers. It may make that thread a bit more fun

Ill do it later if no one wants to beat me to it

Posted by cd/home, 03-07-2012, 05:07 PM
Quote:
Originally Posted by n!ghtmare
What about it?

Posted by SeriesN, 03-07-2012, 05:09 PM
But if Limestones own networks is going to be use3d against their service, Limestone should give a damn. Plus INET is one of their high end client.

Posted by KMyers, 03-07-2012, 05:10 PM
Quote:
Originally Posted by SeriesN
But if Limestones own networks is going to be use3d against their service, Limestone should give a damn. Plus INET is one of their high end client.
Its like removing a hornets nest... If you anger them, you may regret it.

Posted by SeriesN, 03-07-2012, 05:11 PM
Atleast they can request HAckforum Admin to monitor this user/request? All is well! All is well!

Posted by KMyers, 03-07-2012, 05:12 PM
Quote:
Originally Posted by SeriesN
Atleast they can request HAckforum Admin to monitor this user/request? All is well! All is well!
No, they really cant

Posted by n!ghtmare, 03-07-2012, 05:12 PM
Quote:
Originally Posted by KMyers
Its like removing a hornets nest... If you anger them, you may regret it.
If you anger people at hackforums the most that's going to happen is you get a small DDoS for 120 seconds.

"hack"forums is not hackers. it's indian and american teenagers selling ddos booters and scamming each other.

Posted by Flapadar, 03-07-2012, 05:12 PM
Quote:
Originally Posted by SeriesN
But if Limestones own networks is going to be use3d against their service, Limestone should give a damn. Plus INET is one of their high end client.
From the type of users on hackforums, it is probably not in limestone's best interest to take action without a court order - even if they are just kids. Several thousand kids sending small ddos for 120 seconds would add up.

Posted by KMyers, 03-07-2012, 05:15 PM
Quote:
Originally Posted by n!ghtmare
If you anger people at hackforums the most that's going to happen is you get a small DDoS for 120 seconds.

"hack"forums is not hackers. it's indian and american teenagers selling ddos booters and scamming each other.
Agreed, they are mainly script kiddies and nothing more. The problem is it may cause anger to some of the bigger players who disapprove of "censoring" the internet.

And we have to remember something, It does not matter how often these sites are closed, they will re-open somewhere else

Posted by GetKVM_Ash, 03-07-2012, 05:30 PM
We some how have the honour of been on his to-do list

Posted by Aldryic C'boas, 03-07-2012, 06:24 PM
An update for anyone that missed the hilarious ending of this: hxxp://www.lowendtalk.com/discussion/1718/constantinos-your-final-warning

(Sorry for the external link, mods)

(transcript, in case that link needs to be snipped:

Quote:
Hello Constantinos,

First of all, we don't negotiate with terrorists, let alone script kiddies. You had some pocket money, you bought a botnet and decided to pretend to be "Anonymous." The problem is, whilst for the past 48 hours you have been enjoying yourself, there have been a plethora of hosts in contact with us, many of which were script kiddies long before you knew what anonymous was.

Now lets cut to the chase, any host who has been affected by Constantino's actions simply send an email through to LebAlerts@Gmail.Com and we will provide you with the 2000+ IPs used by Constantinos, and uncensored irrefutable evidence that ties his actions to his home IP address which will empower you to pursue him legally. You may even choose to guess his home router's DSL password

<img src="http://i.imgur.com/yZldf.jpg">

I would like to say a huge thanks to Nick at LiquidWeb, and especially Aldryic at BuyVM. Both hosts worked together, and Aldryic gave an incredible amount of his personal time the past 48 hours towards building a case to identify and trace Constantinos. That I am personally grateful for, thank you. Lastly, the offers from various LEB providers to help if possible is appreciated and highlights the great community of both end users and providers here who can band together.

Should Constantinos decide to further engage in illegal and malicious activities towards LET and DDOS us, as always you can catch up on our migration progress at twitter http://twitter.com/LebAlerts over the next few days.

We will have news on our new host, and their incredible support in the coming days.

Chief

Posted by KMyers, 03-07-2012, 06:29 PM
Quote:
Originally Posted by Aldryic C'boas
An update for anyone that missed the hilarious ending of this: hxxp://www.lowendtalk.com/discussion/1718/constantinos-your-final-warning

(Sorry for the external link, mods)

(transcript, in case that link needs to be snipped:
HA, Nice job calling him out from his wormhole

Posted by Coolraul, 03-07-2012, 06:33 PM
Quote:
Originally Posted by Aldryic C'boas
An update for anyone that missed the hilarious ending of this: hxxp://www.lowendtalk.com/discussion/1718/constantinos-your-final-warning

(Sorry for the external link, mods)

(transcript, in case that link needs to be snipped:
I don't understand why he would post as anonymoushackers from his own ip that he used before on the site he was and is attempting to disrupt.

Posted by KMyers, 03-07-2012, 06:34 PM
Quote:
Originally Posted by Coolraul
I don't understand why he would post as anonymoushackers from his own ip that he used before on the site he was and is attempting to disrupt.
I wonder if the posts he made on WHT were the same IP. It does seem a little sloppy not to use a proxy

Posted by Hsunami, 03-07-2012, 06:36 PM
But then again, this is the same guy who started up HostSnowy and SturdyVPS and wasn't able to cover the tracks well enough both times and got exposed both times.

Posted by Coolraul, 03-07-2012, 06:37 PM
Quote:
Originally Posted by KMyers
I wonder if the posts he made on WHT were the same IP. It does seem a little sloppy not to use a proxy
The ability to disseminate that information is way above my pay grade

Posted by KMyers, 03-07-2012, 06:38 PM
Quote:
Originally Posted by Coolraul
The ability to disseminate that information is way above my pay grade
Or at least the ability to disclose it

Posted by Aldryic C'boas, 03-07-2012, 06:39 PM
WickedFactor has it right. The guy is sloppy and careless... gets him caught every time

Posted by KMyers, 03-07-2012, 06:41 PM
Quote:
Originally Posted by Aldryic C'boas
WickedFactor has it right. The guy is sloppy and careless... gets him caught every time
WHT should request the list of IP Addresses to ensure they are blocked as well. I know its just a temp measure

Posted by Aldryic C'boas, 03-07-2012, 06:43 PM
I'd be more than happy to provide said list, just let me know where I need to email it to mods.

Posted by KMyers, 03-07-2012, 06:45 PM
Quote:
Originally Posted by Aldryic C'boas
I'd be more than happy to provide said list, just let me know where I need to email it to mods.
Can you advise if the list also contains any IP addresses he may have used as a proxy or only attacking IP addresses?

Posted by Aldryic C'boas, 03-07-2012, 06:49 PM
Quote:
Originally Posted by KMyers
Can you advise if the list also contains any IP addresses he may have used as a proxy or only attacking IP addresses?
Some are infected personal PCs, a good number are rooted/exploited dedis/VPSes. I've already sent out ~150 abuse reports to various ISPs and providers.. but the majority of these are drones used to flood (C&C style booter). His "proxy" was IPs from VPSes, and various connections (netcafe, etc) in his hometown.

The actual attacking bots have been used for quite a few hits.. he doesn't own any of the net, it's just some booter that he dropped a couple of grand on to make the hits.

Posted by Flapadar, 03-07-2012, 06:52 PM
Wouldn't it be smarter to write a script to parse and automate the sending of abuse reports?

Posted by Aldryic C'boas, 03-07-2012, 06:53 PM
Quote:
Originally Posted by Flapadar
Wouldn't it be smarter to write a script to parse and automate the sending of abuse reports?
I wrote a script to parse WHOIS information. But no, I didn't want to automatically flood providers' inboxes... where I can, I'm trying to give them multiple IPs at once, along with any information I've found (residential/VPS-dedi, type of compromise, etc).

Posted by Flapadar, 03-07-2012, 06:55 PM
Quote:
Originally Posted by Aldryic C'boas
I wrote a script to parse WHOIS information. But no, I didn't want to automatically flood providers' inboxes... where I can, I'm trying to give them multiple IPs at once, along with any information I've found (residential/VPS-dedi, type of compromise, etc).
You could automate most of that too. Store the abuse contact as a key, list of IPs as the value. And then iterate through the lot.

Type of compromise would be impossible to automate I suppose, and residential/vps/dedi very hard. But, you could always use the parsed list to speed up your manual mails.

Posted by Aldryic C'boas, 03-07-2012, 06:58 PM
Quote:
Originally Posted by Flapadar
You could automate most of that too. Store the abuse contact as a key, list of IPs as the value. And then iterate through the lot.

Type of compromise would be impossible to automate I suppose, and residential/vps/dedi very hard. But, you could always use the parsed list to speed up your manual mails.
Very true, but I'm on some downtime right now, and I don't mind putting a little effort into it. I'm not contacting every provider anyways... lots of them have different procedures for abuse complaints, and a ton simply won't care.

This botnet is -huge- (a friend working for a DC on the west coast confirmed these IPs have been used in attacks over 50gb), so this really isn't going to make that much of a difference anyways. Just doing my small part.

Posted by SeriesN, 03-07-2012, 07:00 PM
Wat a big butthole. Some one needs a good spanking!

Posted by SeriesN, 03-07-2012, 07:07 PM
As the Irish Say:
"A Big Boot to the ARS!"

Posted by excentricus, 03-07-2012, 07:54 PM
Both LEB and LET appear to be offline again.

Posted by DotVPS-J, 03-07-2012, 07:57 PM
Quote:
Originally Posted by excentricus
Both LEB and LET appear to be offline again.
http://twitter.com/#!/LebAlerts

Posted by SeriesN, 03-07-2012, 07:57 PM
Up for me.

Posted by Aldryic C'boas, 03-07-2012, 07:58 PM
Desperation, I believe. His home phone is also public now, and he's made a few attempts to take us offline as well.

Unfortunately for him... one of the attacking IPs was from a .mil. Amusingly enough, at a base I was stationed at some years back. Needless to say, NETCOM is -pissed-, and he's earned some very angry attention

Posted by DotVPS-J, 03-07-2012, 08:00 PM
Quote:
Originally Posted by SeriesN
Up for me.
Down for me.

Posted by iperweb, 03-07-2012, 08:02 PM
Down for me too

Posted by MannDude, 03-07-2012, 08:33 PM
So, some dude from Hostrail is doing this? Anyone know why?

I assume someone didn't like him/his company and now he's upset? (Boo FN hoo) Seems like a good way to ruin any chance of succeeding in this industry, ever.

Posted by Aldryic C'boas, 03-07-2012, 08:33 PM
Quote:
Originally Posted by MannDude
So, some dude from Hostrail is doing this? Anyone know why?

I assume someone didn't like him/his company and now he's upset? (Boo FN hoo) Seems like a good way to ruin any chance of succeeding in this industry, ever.
He's been busted trying to open multiple fraud companies, and repeatedly banned from several communities (including LET). All of the evidence is in this thread :3

Posted by DotVPS-J, 03-07-2012, 08:34 PM
Quote:
Originally Posted by MannDude
So, some dude from Hostrail is doing this? Anyone know why?

I assume someone didn't like him/his company and now he's upset? (Boo FN hoo) Seems like a good way to ruin any chance of succeeding in this industry, ever.
I think he just got mad or discovered he could buy a booter for $10 from hackforums? who knows...

Posted by MannDude, 03-07-2012, 08:47 PM
Quote:
Originally Posted by Aldryic C'boas
He's been busted trying to open multiple fraud companies, and repeatedly banned from several communities (including LET). All of the evidence is in this thread :3
Woops. When I clicked on the thread I only saw page 1, wasn't aware there were multiple pages. D'oh! (Been a long day).

Posted by DotVPS-J, 03-07-2012, 08:53 PM
http://gyazo.com/b0189f529dd62fc5809cf3ba43f3f00c.png

Made me laugh.

Posted by Textuality, 03-07-2012, 10:45 PM
This is ticking me off. Not only can I not post cool stories on LET for but an hour out of 48 but someone of staff there hurt my feelings in a PM and I thought we were cool now even though we hadn't used to be. That person knows who he is, that's all I'll say, and I replied back saying it hurt my feelings. It happened today. Anyway, not going to go into details but I am honestly sad tonight because of it.

Posted by Aldryic C'boas, 03-07-2012, 10:48 PM
... we can't even get a break from you in WHT?

Posted by quantumphysics, 03-07-2012, 10:49 PM
im confused , who is she

Posted by Aldryic C'boas, 03-07-2012, 10:50 PM
Heh, "she".

He goes by the moniker @Naruto on LET.

Posted by Kairus, 03-07-2012, 10:51 PM
Quote:
Originally Posted by Aldryic C'boas
Heh, "she".

He goes by the moniker @Naruto on LET.
Oh god.

10char

Posted by quantumphysics, 03-07-2012, 10:57 PM
i dont get it, can someone pm me with what's suipposed to be bad

Posted by Aldryic C'boas, 03-07-2012, 11:00 PM
Nah. He's worth giving a chance. When he's not acting an ass he's a decent guy. Just remember that if you find yourself thinking "Is this guy f-ing serious?", the answer is pretty much 'no'.

Posted by server prodigy, 03-07-2012, 11:03 PM
While I hope this guy get's what's coming to him and have offered to help in my own small way via the feds, I do have to take issue with the latest twitter post slamming Linode for null routing LEB during the attack.

DOS attacks use a great deal of bandwidth which most providers are not willing to donate to the cause. Linode is not a data center, they've managed to provide a decent service for a long time without being one and expecting them to keep you online because larger scale providers can is just ridiculous.

Larger scale providers can afford to buy expensive network appliances to help defend against DOS attacks but even they have a limit where they will also refuse to absorb the attack.

Did you even offer to pay Linode for the cost of the bandwidth to keep you online while the attack was underway? I can almost guarantee you the null routing was performed by their upstream provider and they had no choice in the matter regardless.

Posted by Aldryic C'boas, 03-07-2012, 11:08 PM
Quote:
Originally Posted by server prodigy
While I hope this guy get's what's coming to him and have offered to help in my own small way via the feds, I do have to take issue with the latest twitter post slamming Linode for null routing LEB during the attack.

DOS attacks use a great deal of bandwidth which most providers are not willing to donate to the cause. Linode is not a data center, they've managed to provide a decent service for a long time without being one and expecting them to keep you online because larger scale providers can is just ridiculous.

Larger scale providers can afford to buy expensive network appliances to help defend against DOS attacks but even they have a limit where they will also refuse to absorb the attack.

Did you even offer to pay Linode for the cost of the bandwidth to keep you online while the attack was underway? I can almost guarantee you the null routing was performed by their upstream provider and they had no choice in the matter regardless.

Sorry, but just to help clarify some... the issue wasn't just the nullroute (which is completely understandable), but the total lack of communication from Linode from what I gathered. It was described to me that Linode wouldn't even share how large the attack was, where it was coming from, etc... the only reason we tracked all of this down was from LiquidWeb giving us a place to start from.

We place nulls ourselves during inbound attacks that meet certain criteria. The difference is that 1) our nulls are automatic, and only last an hour; 2) we communicate with the client and bring them up to speed on what's going on. Based on what I saw from the attacks against us, most of the hits were ~400-500mbit. Maybe Linode was just having a bad day... but there's no excuse for leaving a client in the dark.

Posted by Kevin Hillstrand, 03-07-2012, 11:30 PM
LEB & LET appear to be redirecting to Twitter now.

Any idea who they are moving to?

Posted by Aldryic C'boas, 03-07-2012, 11:31 PM
Yes, but it's not my place to say. Don't worry, the move is well underway, Joel will announce soon enough.

Posted by Kairus, 03-07-2012, 11:38 PM
Quote:
Originally Posted by Aldryic C'boas
Yes, but it's not my place to say. Don't worry, the move is well underway, Joel will announce soon enough.
I THINK YOU MEAN CHIEF.

Posted by pubcrawler, 03-07-2012, 11:45 PM
400-500Mbit? That's not much DDoS juice at all. Folks can't deal with that? Sounds like some newbie LEB hosting to me. Oh wait, it's Linode and Softlayer. Even more laughable.

Softlayer is a notorious bedwetter about anything on their network going wrong. Good network and competent folks, but zero time or interest when/if their is a problem. Linode, well come'on, not even communicating with customers about such a thing?

I'd expect a provider to be really involved with customer when attack ongoing and be preserving IP info and other forensics to hand over to customer and investigators. Sounds like Linode duck and hid.

I told folks these attacks were 2Gbps or less. But all the hype, 100Gbps, 50Gbps. It's freaking 1/2 Gbps. This equals MASSIVE FAIL by all involved.

Perhaps that "How to Run on a 64MB VPS" mentality isn't helping LET/LEB. Time to grow up and out boys.

See LEB/LET down... again ... Which is confusing to me. I thought they were migrating to some other network that had the b*lls and the pipe to deal with such an attack?!?! Swore I saw the site was still pointing to Linode earlier today (as per Twitter "We're back online with Linode temporarily". WTF?

That was 10 hours after:
Quote:
All data is off the Linode box, new server setup will start in a few hours then LowEndBox will come followed by LowEndTalk
Come on folks, LEB/LET isn't that big or hard to migrate. Quit going back to the poisoned Linode well.

Posted by cd/home, 03-07-2012, 11:47 PM
Quote:
Originally Posted by Aldryic C'boas
Joel will announce soon enough.
Joel Theodore?

Posted by netomx, 03-07-2012, 11:49 PM
Quote:
Originally Posted by pubcrawler
400-500Mbit? That's not much DDoS juice at all. Folks can't deal with that? Sounds like some newbie LEB hosting to me. Oh wait, it's Linode and Softlayer. Even more laughable.

Softlayer is a notorious bedwetter about anything on their network going wrong. Good network and competent folks, but zero time or interest when/if their is a problem. Linode, well come'on, not even communicating with customers about such a thing?

I'd expect a provider to be really involved with customer when attack ongoing and be preserving IP info and other forensics to hand over to customer and investigators. Sounds like Linode duck and hid.

I told folks these attacks were 2Gbps or less. But all the hype, 100Gbps, 50Gbps. It's freaking 1/2 Gbps. This equals MASSIVE FAIL by all involved.

Perhaps that "How to Run on a 64MB VPS" mentality isn't helping LET/LEB. Time to grow up and out boys.

See LEB/LET down... again ... Which is confusing to me. I thought they were migrating to some other network that had the b*lls and the pipe to deal with such an attack?!?! Swore I saw the site was still pointing to Linode earlier today when it was working.
Please read Twitter status, then write.

Posted by pubcrawler, 03-07-2012, 11:56 PM
I read the Twitter threads, which make the downtime even more self inflicted and smelling of idealism or idiocy.

Why would LEB/LET go back to Linode? Cause the community thinks they outed the perp? Writing is on the wall kids, if you have an issue with someone and their site is hosted on Linode, DDoS them. LEB/LET will see more of these attacks, copy cat attacks, etc. So Linode isn't the place to hang your server.

19 hours ago, via Twitter:
Quote:
All data is off the Linode box, new server setup will start in a few hours then LowEndBox will come followed by LowEndTalk
Then 9 hours ago:
Quote:
All data is off the Linode box, new server setup will start in a few hours then LowEndBox will come followed by LowEndTalk
Then 3 hours ago:
Quote:
LiquidWeb a premium provider withstands the DDOS, BuyVM a budget LEB provider withstands the DDOS, @Linode instantly null routes for 24hrs..
What was the brain trust at LEB/LET thinking?!?! How did folks boomerang back to Linode? Was there even a migration occurring, for real? Oh I know, you fellows thought you scared that Istanbul fellow...

Posted by DeltaAnime, 03-08-2012, 12:00 AM
Quote:
Originally Posted by pubcrawler
I read the Twitter threads, which make the downtime even more self inflicted and smelling of idealism or idiocy.

Why would LEB/LET go back to Linode? Cause the community thinks they outed the perp? Writing is on the wall kids, if you have an issue with someone and their site is hosted on Linode, DDoS them. LEB/LET will see more of these attacks, copy cat attacks, etc. So Linode isn't the place to hang your server.

19 hours ago, via Twitter:


Then 9 hours ago:


Then 3 hours ago:


What was the brain trust at LEB/LET thinking?!?! How did folks boomerang back to Linode? Was there even a migration occurring, for real? Oh I know, you fellows thought you scared that Istanbul fellow...
As far as I know Joel is still getting the box prepared and over. The provider he moved to delayed his IP block assignment by quite a few hours, he only just got the ip's a bit ago.

Francisco

Posted by n!ghtmare, 03-08-2012, 12:07 AM
Linode is useless when it comes to DDoS. I was receiving a 40Mbit UDP attack a while ago and they didn't help.
I knew who was running the attack, I needed the bot IPs, Linode refused to give the IPs. They said the attack was UDP so the IPs were spoofed. They weren't, they were just bots.

Posted by Dougy, 03-08-2012, 12:12 AM
Quote:
Originally Posted by Aldryic C'boas
Desperation, I believe. His home phone is also public now, and he's made a few attempts to take us offline as well.

Unfortunately for him... one of the attacking IPs was from a .mil. Amusingly enough, at a base I was stationed at some years back. Needless to say, NETCOM is -pissed-, and he's earned some very angry attention
he is gonna get fux0red.. angry us military = bad ending for someone

Posted by pubcrawler, 03-08-2012, 12:13 AM
Love you folks, really. Lots of good people in this community and LEB/LET. Sorry to see this drama continuing to unfold.

Glad to see IP allocation is the hold up and real migration has happened. Kinda sloppy/slow/goofy of new provider (even with IP shortage). Let's hope the new provider gets in gear better once up and running.

Linode sells a good product or so folks claim. Damn pricey for what it is. Having ZERO network support when attacks do and will occur, that's priceless, tactless, unacceptable. These aren't very big attacks and Linode should be way better prepared. Clearly, the old school null route approach is well and alive at Linode. Shame.

How much traffic were you hit with Francisco when included on the DDoS party?

Posted by Aldryic C'boas, 03-08-2012, 12:30 AM
You still talk too much.

Posted by pubcrawler, 03-08-2012, 12:35 AM
Yeah cause one line zingers rule the internet. Sorry, I bill by the word

Posted by Aldryic C'boas, 03-08-2012, 12:37 AM
You misunderstand. The rambling and over-exuberance on an issue that does not involve you becomes tiring.

Posted by SeriesN, 03-08-2012, 12:41 AM
Quote:
Originally Posted by Aldryic C'boas
You misunderstand. The rambling and over-exuberance on an issue that does not involve you becomes tiring.
Mate, take some time off, get a pizza at grimaldis and a 20oz bottle of pepsi. Call it a night.

Posted by Aldryic C'boas, 03-08-2012, 12:42 AM
You can keep the Pepsi, I wouldn't touch it

Grimaldis sounds interesting though, the name's unfamiliar. Local/family restaurant?

Posted by SeriesN, 03-08-2012, 12:50 AM
Grimaldis has the best pizza in the whole wide world. People waits hours to grab a slice. Every thing is made by papa, fresh fresh fresh. Sauce to veggy! Get a can of coke then?

Posted by DeltaAnime, 03-08-2012, 12:51 AM
Quote:
Originally Posted by pubcrawler
How much traffic were you hit with Francisco when included on the DDoS party?
When it came knocking on our doors it was ~500mbit of UDP and ~110,000 pps of SYN.

The UDP was easy enough to deal with but we had to leave the nullroutes on for a few minutes to test/get rules in place. We have a maintenance path into our network so even if it got very large and our autonull didn't pick it up, we'd be able to still get in.

Francisco

Posted by Aldryic C'boas, 03-08-2012, 12:53 AM
Quote:
Originally Posted by SeriesN
Grimaldis has the best pizza in the whole wide world. People waits hours to grab a slice. Every thing is made by papa, fresh fresh fresh. Sauce to veggy! Get a can of coke then?
Hmm... looks like Corpus Cristi is the closest to me. I may have to go find the place next time I'm in that area.

As far as the drink... well, a glass of bourbon would do me fine

Posted by SeriesN, 03-08-2012, 01:12 AM
As long as you take break, that all matters. Note: papajhones has a large pie with "unlimited" toppings for 11$. Get the thin crust. If ya pass by ny, give me a shout.

Posted by pubcrawler, 03-08-2012, 01:17 AM
Grimaldis made me think of my favorite Mexican restaurant way over in Florida with a similar name.

@DeltaAnime, good numbers. When you folks come into VPS stock again, we'll be a customer. Like legit folks with active hands-on network. Good work on fending threats off.

@Aldryic, the DDoS and downtime affects everyone. Termite DDoS'ers are a public plague. ****** providers with NULL ROUTE happiness affect everyone.

Brevity, sure, I guess, but I don't do SMS/Twatter/etc. Guess my ADD isn't what it use to be. No worries though, where's my blue pill and my goblet of home brew? Cheers!

Posted by Dan-CKS, 03-08-2012, 01:19 AM
Is the attack still in progress then? or are the ip's just null-routed

Posted by pubcrawler, 03-08-2012, 01:38 AM
Quote:
Originally Posted by SeriesN
Linode is kinda falling back for some reason. First they had the issue with their control panel and now not beong able to handle the situation.
Linode was soiled merchandise when they brushed the bitcoin theft under the rug. Word is, it was north of $250k smuggled off of VPSes there. Their PR spin of it made it sound like nothing happened. That's a lot of $$$.

It is almost certain that downtime now is due to NULL ROUTE by Linode combined with LEB/LETs new home not being fully ready to go live. (me no comprende why Linode was ever lit back up)

Via Twitter 4 hours ago, after LEB/LET was down for a while:
Quote:
LiquidWeb a premium provider withstands the DDOS, BuyVM a budget LEB provider withstands the DDOS, @Linode instantly null routes for 24hrs..

Posted by DeltaAnime, 03-08-2012, 01:42 AM
Quote:
Originally Posted by pubcrawler
@DeltaAnime, good numbers. When you folks come into VPS stock again, we'll be a customer. Like legit folks with active hands-on network. Good work on fending threats off.
!
Thanks We try our best.

Right now the autonull is in place so we're defending our homefronts as we can. We hope to expand our autonull to create pcap files of floods that we can forward to customers.

Francisco

Posted by SeriesN, 03-08-2012, 01:43 AM
Feel bad for leb guys though. They lost some pretty good bucks cause of this issue.

Posted by pubcrawler, 03-08-2012, 01:50 AM
Quote:
Originally Posted by SeriesN
Feel bad for leb guys though. They lost some pretty good bucks cause of this issue.
We've kinda gone around this issue on threads about LEB/LET income. It's possible the sites haven't been ran with income making in mind.

If they were running as a business, then sure, out of serious cash and will have a likely few months impact on income streams.

I feel mega bad for all involved. Way too easy for these attacks to hit again and again, which could do lots of damage.

Posted by anon-e-mouse, 03-08-2012, 02:15 AM
Quote:
Originally Posted by Aldryic C'boas
The rambling and over-exuberance on an issue that does not involve you becomes tiring.
I find it rather interesting. Gets my brain cells working overtime

Posted by nzjav05, 03-08-2012, 02:26 AM
And now it looks like Imountain & Kiloserve have come under attack

Posted by SeriesN, 03-08-2012, 02:29 AM
Quote:
Originally Posted by nzjav05
And now it looks like Imountain & Kiloserve have come under attack
Loads fine here.

Posted by nzjav05, 03-08-2012, 02:34 AM
Quote:
Originally Posted by SeriesN
Loads fine here.
Have to disagree. Both sites are refusing to fully load (Imountain times out).
And both my vps' with Kilo are unreachable (ssh times out, and http loads after 15seconds+).

Posted by pubcrawler, 03-08-2012, 02:34 AM
Neither of those sites are loading from here. Anything official stating real problem at either?

Posted by SeriesN, 03-08-2012, 02:35 AM
You are right, either loading really slow or timing out. Might be a network issue though.

Posted by iperweb, 03-08-2012, 02:41 AM
How many bots were involved with this second attack? If possible I would have redirect the traffic to a honeypot to record all the sources.... All providers should collaborate removing the plague of these botnet...

Posted by WhIteSidE, 03-08-2012, 02:59 AM
It's really quite sad that LEB / LET is having these problems. I've found LEB an invaluable resource to finding a VPS in a particular geographical location for testing, etc.

Good Luck, guys

Posted by RC-Martin, 03-08-2012, 03:23 AM
Still not working. It redirects me to http://twitter.com/LebAlerts

Posted by JSCL, 03-08-2012, 03:46 AM
I'll make reference to it again - The Grand Old Duke of York - http://www.youtube.com/watch?v=-5LgybHRDeI

The story behind that nursery rhyme describes Constantinos and his outrage over these past 48-72 hours.

Posted by Iliad, 03-08-2012, 03:51 AM
What is going to be the course of action that is to be taken now that pretty much everyone knows who is behind the DDoS on WHT and LEB/LET?

Posted by JSCL, 03-08-2012, 03:58 AM
Quote:
Originally Posted by Iliad
What is going to be the course of action that is to be taken now that pretty much everyone knows who is behind the DDoS on WHT and LEB/LET?
I doubt anyone who was targeted other than WHT/iNet has the financial muscle to launch a legal challenge. They may just had the detail to law enforcement and have it dealt with that way.

Posted by Roph, 03-08-2012, 04:53 AM
I must say, due to how they've been handling things, when (if?) BuyVM have stock again I'd like to become a customer too

Posted by SoftWareRevue, 03-08-2012, 06:04 AM
Quote:
Originally Posted by JSCL
I doubt anyone who was targeted other than WHT/iNet has the financial muscle to launch a legal challenge. They may just had the detail to law enforcement and have it dealt with that way.
We will do whatever can be done.

Posted by enviousity, 03-08-2012, 07:37 AM
I don't get this either.

Posted by SoftWareRevue, 03-08-2012, 07:46 AM
Quote:
Originally Posted by enviousity
I don't get this either.
What's not to get? Is there something unclear?

Posted by Coolraul, 03-08-2012, 08:32 AM
Grr can we end this thread already ... drama on top of drama. Let's move it to SI

Posted by SoftWareRevue, 03-08-2012, 08:44 AM
*unsubscribes coolraul from thread



/but I don't think the thread will be over until we something something Constantinos

Posted by Coolraul, 03-08-2012, 08:50 AM
lol..

Complete meltdown by this guy. He may look back on this and say .. "wow what was I thinking".

Posted by Aldryic C'boas, 03-08-2012, 09:08 AM
Given his history, he won't even have the tact to look back and say "What did I do wrong".

Posted by Amitz, 03-08-2012, 09:20 AM
Is this the kid you all are talking about?
http://sv1.imagefire.net/image/6afcc9295f9d.png

Posted by Aldryic C'boas, 03-08-2012, 09:21 AM
Quote:
Originally Posted by Amitz
Is this the kid you all are talking about?
http://sv1.imagefire.net/image/6afcc9295f9d.png
Yup, that's him.

Posted by JaJae, 03-08-2012, 09:26 AM
Quote:
Originally Posted by Amitz
Is this the kid you all are talking about?
http://sv1.imagefire.net/image/6afcc9295f9d.png
This is what he needs more than a kick in the a##.

Link

Posted by Amitz, 03-08-2012, 09:27 AM
Crazy stuff what those kids are doing in these times. I did experiments with all thinkable illegal substances and spent my nights doing funky things with girls when I was in his age. Brought many problems too, but was way cooler looking back... *g*

However, I deeply feel with you guys who have to sacrifice your private time to cope with the results of his immature actions. Kudos!

Posted by ServerCluster, 03-08-2012, 10:16 AM
what is his issue? I read on LEB something about demands - what demands?

Posted by GetKVM_Ash, 03-08-2012, 10:18 AM
Quote:
Originally Posted by ServerCluster
what is his issue? I read on LEB something about demands - what demands?
That LEB be deleted basically, oh and any provider that is a regular over there. Including us, BuyVM, SecureDragon and a few others.

Posted by Amitz, 03-08-2012, 10:18 AM
Quote:
Originally Posted by ServerCluster
what is his issue? I read on LEB something about demands - what demands?
A Life. Free Beer. A Chick to date. New Eyebrows. Parents that love him. Unaccomplishable demands altogether.

Posted by sirius, 03-08-2012, 11:07 AM
Quote:
Originally Posted by Amitz
Is this the kid you all are talking about?
http://sv1.imagefire.net/image/6afcc9295f9d.png
... wonder what he'll look like in a prison jumpsuit?

Posted by Amitz, 03-08-2012, 11:12 AM
Quote:
Originally Posted by sirius
... wonder what he'll look like in a prison jumpsuit?
Stop making me hot!

Posted by n!ghtmare, 03-08-2012, 11:16 AM
Quote:
Originally Posted by sirius
... wonder what he'll look like in a prison jumpsuit?
No need to wonder~

Posted by Ville:, 03-08-2012, 11:17 AM
Goto http://www.lowendtalk.com/wiki/fitvps.com then click the logo on the top right to get to the main page.
Glitch to get on the main discussion. Don't go telling Chief @Aldryic

Posted by GetKVM_Ash, 03-08-2012, 11:17 AM
Quote:
Originally Posted by n!ghtmare
No need to wonder~
LMFAO! Legend

Posted by sirius, 03-08-2012, 11:32 AM
Quote:
Originally Posted by VMPort
LMFAO! Legend
Maybe that can be the next WHT mouse-pad.

Posted by GetKVM_Ash, 03-08-2012, 11:41 AM
Quote:
Originally Posted by sirius
Maybe that can be the next WHT mouse-pad.
We should arrange a mass WHT prison visit for all the providers/websites involved

Posted by KMyers, 03-08-2012, 12:01 PM
Quote:
Originally Posted by VMPort
We should arrange a mass WHT prison visit for all the providers/websites involved
Something tells me he wont survive past the 3rd visitor

Posted by Simon-Orqoo, 03-08-2012, 01:06 PM
Call me a moron, but why was LEB, Linode WHT et al all DDoSed?

Posted by JSCL, 03-08-2012, 01:06 PM
New provider for LEB/LET is ColoCrossing. One wonders if this continues if they will be shooting themselves in the foot by being the helpful hand.

Posted by Dougy, 03-08-2012, 01:07 PM
Quote:
Originally Posted by KMyers
Something tells me he wont survive past the 3rd visitor
dougy's mustard gas will take care of the job

... knew i shouldn't have had that sauerkraut

Posted by Aldryic C'boas, 03-08-2012, 01:09 PM
Quote:
Originally Posted by Simon-Orqoo
Call me a moron, but why was LEB, Linode WHT et al all DDoSed?
tl;dr, Attacker kept opening pump-n-dump VPS companies, selling yearly plans, then taking the money and running. He got pissed after his latest attempt (SturdyVPS) was publicly exposed.

Posted by Simon-Orqoo, 03-08-2012, 01:10 PM
Quote:
Originally Posted by Aldryic C'boas
tl;dr, Attacker kept opening pump-n-dump VPS companies, selling yearly plans, then taking the money and running. He got pissed after his latest attempt (SturdyVPS) was publicly exposed.
Ahh, thought it had to be something retarded like that

Posted by KnownHost-Jonathan, 03-08-2012, 01:22 PM
Quote:
Originally Posted by Aldryic C'boas
tl;dr, Attacker kept opening pump-n-dump VPS companies, selling yearly plans, then taking the money and running. He got pissed after his latest attempt (SturdyVPS) was publicly exposed.
This reminds me of another company also

Posted by sneaksms, 03-08-2012, 02:07 PM
Excuse me stating the obvious here, but he'd be much better off if he used the money to get some decent hardware and an admin rather than spunk it on botnet time. Just sayin'

Posted by iperweb, 03-08-2012, 03:07 PM
It's me or there are again problems to reach LET?

Posted by Textuality, 03-08-2012, 03:08 PM
Quote:
Originally Posted by Simon-Orqoo
Call me a moron
I tried but it said to lengthen my message to at least 10 characters.

Posted by netomx, 03-08-2012, 03:08 PM
Have just been offline...

Posted by andr0meda, 03-08-2012, 03:08 PM
Quote:
Originally Posted by iperweb
It's me or there are again problems to reach LET?
I was just browsing it, but then its down again.

Posted by Textuality, 03-08-2012, 03:10 PM
I can't even get on from the /wiki/ part. Also, how come I could before? Because the /wiki/ link had www. in the URL and I don't type www. when I visit and my DNS was on older cache for without the www.?

Posted by Iliad, 03-08-2012, 03:11 PM
Quote:
Originally Posted by sneaksms
Excuse me stating the obvious here, but he'd be much better off if he used the money to get some decent hardware and an admin rather than spunk it on botnet time. Just sayin'
I'm extremely curious in knowing what motivated him to DdoS WHT, LEB/LET. Doing so most likely cost him a s*itload of money.

Posted by netomx, 03-08-2012, 03:11 PM
He is making partial requests to LEB, because I can ping it OK

Posted by Steve81, 03-08-2012, 03:13 PM
Quote:
Originally Posted by netomx
He is making partial requests to LEB, because I can ping it OK
Can be slowread or slowloris.

Posted by pubcrawler, 03-08-2012, 03:18 PM
Well, Lowendtalk *WAS* back online. It's down now again. Still seeing issues I guess.

Surprised about Colocrossing being the lucky company to host LET (and likely LET). We use Colocrossing via their Chicago facility and find the network very good. Concern with them are posts on here and null routing of suspected attacks. Same procedure as ill fated Linode/SoftLayer.

Was expecting a much more seasoned and person heavy company.

Posted by netomx, 03-08-2012, 03:20 PM
Quote:
Originally Posted by pubcrawler
Well, Lowendtalk *WAS* back online. It's down now again. Still seeing issues I guess.

Surprised about Colocrossing being the lucky company to host LET (and likely LET). We use Colocrossing via their Chicago facility and find the network very good. Concern with them are posts on here and null routing of suspected attacks. Same procedure as ill fated Linode/SoftLayer.

Was expecting a much more seasoned and person heavy company.
It is now online.. haha weird, maybe we was making partial requests from his computer, and block his ip

Posted by Kairus, 03-08-2012, 03:23 PM
Quote:
Originally Posted by netomx
It is now online.. haha weird, maybe we was making partial requests from his computer, and block his ip
Down for me.

Posted by netomx, 03-08-2012, 03:24 PM
Yeah, it has been up and down.

Posted by Iliad, 03-08-2012, 04:37 PM
LET seems to be functioning for me.

Posted by KnownHost-Jonathan, 03-08-2012, 04:54 PM
Quote:
Originally Posted by sneaksms
Excuse me stating the obvious here, but he'd be much better off if he used the money to get some decent hardware and an admin rather than spunk it on botnet time. Just sayin'
That's the difference in children and adults.

Posted by Iliad, 03-08-2012, 05:06 PM
Quote:
Originally Posted by tmzVPS - Jonathan
That's the difference in children and adults.
We've been calling him a child as a means of mocking him. But how old is this Constantinos guy?

Posted by netomx, 03-08-2012, 05:10 PM
Quote:
Originally Posted by Iliad
We've been calling him a child as a means of mocking him. But how old is this Constantinos guy?
20 .............

Posted by Chris-WS, 03-08-2012, 05:11 PM
I'm not sure but I believe beyond all the stress this caused to the owner, I think Constantinos simply helped LEB/LET to increase its popularity ... I was just comparing the visit chart over the last few weeks and these days visits...

Posted by Microlinux, 03-08-2012, 05:13 PM
Quote:
Originally Posted by Iliad
We've been calling him a child as a means of mocking him.
It's not mocking, its a factual description of his level of maturity. How old he is, that's irrelevant.

Posted by Wintereise, 03-08-2012, 05:15 PM
Const is 20. And as to the intermittent outages, Chief and the DC staff are tinkering along a few things.

He's said that while they keep on doing this, the site will keep on flashing. So just relax and get a beer, guys

Posted by cd/home, 03-08-2012, 05:15 PM
Well...

Maybe this is a wake up call for LEB/LET to change a little bit I mean over the recent months ive just found the place to be a competitor bashing ground...

What do others think?

Posted by sirius, 03-08-2012, 05:21 PM
Quote:
Originally Posted by cd/home
Well...

Maybe this is a wake up call for LEB/LET to change a little bit I mean over the recent months ive just found the place to be a competitor bashing ground...

What do others think?
Honestly, I think it's ridiculous. LEB/LET exposed this fraud and this fraud is now acting out like a child.

Job well done.... consequences are unfortunate.

Posted by Chris-WS, 03-08-2012, 05:23 PM
Quote:
Originally Posted by sirius
Honestly, I think it's ridiculous. LEB/LET exposed this fraud and this fraud is now acting out like a child.

Job well done.... consequences are unfortunate.
May I ask , does anyone have the link to the post where its exposed his fraudulent actions?...

Posted by KMyers, 03-08-2012, 05:24 PM
Quote:
Originally Posted by sirius
Honestly, I think it's ridiculous. LEB/LET exposed this fraud and this fraud is now acting out like a child.

Job well done.... consequences are unfortunate.
Agreed. LEB can be a bit rough when it comes to hosts who are not playing by the rules. Overall it is a great place.

There is nothing wrong with exposing fraud like this and I really hope he gets exactly what he deserves.

Posted by anon-e-mouse, 03-08-2012, 05:31 PM
Quote:
Originally Posted by netomx
20 .............
You know him?

Posted by netomx, 03-08-2012, 05:34 PM
Quote:
Originally Posted by anon-e-mouse
You know him?
Nope, just what the people said because he had his FB account.

Posted by cd/home, 03-08-2012, 05:34 PM
Quote:
Originally Posted by sirius
Honestly, I think it's ridiculous. LEB/LET exposed this fraud and this fraud is now acting out like a child.

Job well done.... consequences are unfortunate.
Quote:
Originally Posted by KMyers
Agreed. LEB can be a bit rough when it comes to hosts who are not playing by the rules. Overall it is a great place.

There is nothing wrong with exposing fraud like this and I really hope he gets exactly what he deserves.
But talking aside of this case aswell it happens time and time again I think the overall meaning of the place has changed over the last recent months...

Nowadays its just fancy ads all over the place and people bashing each other, Its only a small place so it stands out like a sore thumb.

Posted by Matt R, 03-08-2012, 05:35 PM
Quote:
Originally Posted by anon-e-mouse
You know him?
His Facebook and what not were posted up somewhere on LET alongside a whole bunch of accounts he opened under the same username a long time ago. I'll see if I can find them again, but he is definitely 20 according to the accounts he opened up online if memory serves correct.

Posted by cd/home, 03-08-2012, 05:40 PM
How is everyone sure his real name is actually: Constantinos Coudounaris ?

when I google Constantinos Coudounaris I get: http://cy.linkedin.com/pub/constanti...aris/20/8a/b61

Quote:
Current

Volunteer Administrator at WSPForums.com
Volunteer Ambassador at HotScripts.com
Volunteer Super Moderator at DeletedDomains.com

Same person?

Posted by Harzem, 03-08-2012, 05:46 PM
Quote:
Originally Posted by cd/home
Same person?
The "hacker" did claim to work for iNet at some point in time. I'm not familiar with any of the staff on those sites though.

Posted by cd/home, 03-08-2012, 05:48 PM
Quote:
Originally Posted by Harzem
The "hacker" did claim to work for iNet at some point in time. I'm not familiar with any of the staff on those sites though.
So thats basicly a false profile he has setup?

Maybe you need an address for him?

Quote:
7Z King Paul Street
1096 Nicosia
Cyprus
http://maps.google.com/maps?q=7+%CE%...CE%B1&t=h&z=19
http://www.facebook.com/pages/C-C-Ad...930155?sk=info

Posted by sirius, 03-08-2012, 05:49 PM
Quote:
Originally Posted by cd/home
How is everyone sure his real name is actually: Constantinos Coudounaris ?

when I google Constantinos Coudounaris I get: http://cy.linkedin.com/pub/constanti...aris/20/8a/b61




Same person?
Yep.

Sirius

Posted by SoftWareRevue, 03-08-2012, 05:51 PM
Quote:
Originally Posted by cd/home
How is everyone sure his real name is actually: Constantinos Coudounaris ?

when I google Constantinos Coudounaris I get: http://cy.linkedin.com/pub/constanti...aris/20/8a/b61




Same person?
He 'had' some little thing at HotScripts. It didn't last long and was removed when he ran into trouble here a year or so ago.

Posted by cd/home, 03-08-2012, 05:56 PM
Quote:
Originally Posted by SoftWareRevue
He 'had' some little thing at HotScripts. It didn't last long and was removed when he ran into trouble here a year or so ago.
He offered a script Via the site but didnt work for iNet then

Posted by SoftWareRevue, 03-08-2012, 06:00 PM
He actually had something to respond to reported scripts. I'm not really sure how the position worked, but it didn't involve having access to any administrative controls.

Posted by cd/home, 03-08-2012, 06:03 PM
Quote:
Originally Posted by SoftWareRevue
He actually had something to respond to reported scripts. I'm not really sure how the position worked, but it didn't involve having access to any administrative controls.
Shocking, Surely you have enough information to make a chase for this clown before he joins another circus?

Posted by DeltaAnime, 03-08-2012, 06:07 PM
I personally just think his big 'inside secrets' he has is just proof that mouse isn't from aus.



Francisco

Posted by MrLadoodle, 03-08-2012, 06:09 PM
It looks like he really did go off the rails.

Sorry for the pun.

Posted by Flapadar, 03-08-2012, 06:11 PM
Quote:
Originally Posted by cd/home
So thats basicly a false profile he has setup?

Maybe you need an address for him?



http://www.facebook.com/pages/C-C-Ad...930155?sk=info
https://plus.google.com/107828367339040300399/about

Posted by cd/home, 03-08-2012, 06:11 PM
Quote:
Originally Posted by DeltaAnime
I personally just think his big 'inside secrets' he has is just proof that mouse isn't from aus.



Francisco
Ive just gotta laugh at that

http://www.barnorama.com/wp-content/.../09/mebear.jpg

Posted by anon-e-mouse, 03-08-2012, 06:13 PM
Quote:
Originally Posted by Amitz
Crazy stuff what those kids are doing in these times. I did experiments with all thinkable illegal substances and spent my nights doing funky things with girls when I was in his age. Brought many problems too, but was way cooler looking back... *g*
At least while he is having online hissy fits, mothers can sleep easier knowing he isn't stalking their daughters IRL.

Posted by M Bacon, 03-08-2012, 06:16 PM
I thought that Low End Box used Cloud Flare?

Posted by MrLadoodle, 03-08-2012, 06:18 PM
Quote:
Originally Posted by M Bacon
I thought that Low End Box used Cloud Flare?
Used to use CloudFlare.

But it isn't very hard to find the true IP of the server thats behind CloudFlare. Most people leave the true IP in the DNS as they need it for mail etc.

Posted by M Bacon, 03-08-2012, 06:26 PM
Ya. Cloud Flare is useless then in this situation.

I think that Low End Box needs to delete the trashy posts or attempt to moderate them. That site has too many people arguing and bickering. That's just my opinion on the situation. I think that somebody got mad at them and now they are paying the price for it.

Posted by Flapadar, 03-08-2012, 06:33 PM
Quote:
Originally Posted by Tiger-Daniel
Used to use CloudFlare.

But it isn't very hard to find the true IP of the server thats behind CloudFlare. Most people leave the true IP in the DNS as they need it for mail etc.
Plus, cloudflare put traffic direct when too much ddos goes towards a site.

Posted by cd/home, 03-08-2012, 06:37 PM
Quote:
Originally Posted by M Bacon
I think that Low End Box needs to delete the trashy posts or attempt to moderate them. That site has too many people arguing and bickering.
No, Its true completely true...

Far to much "competitor" bashing going on in that stable to be honest.

Posted by pubcrawler, 03-08-2012, 06:39 PM
Quote:
Originally Posted by cd/home
Well...

Maybe this is a wake up call for LEB/LET to change a little bit I mean over the recent months ive just found the place to be a competitor bashing ground...

What do others think?
I spoke my piece about this topic

LET I view, but don't participate on (that dreaded Google CAPTCHA to setup account -- we block spy assets).

LEB, I spend a fair amount of time on. Do post there and buy from vendors advertising on there.

Seems to be a core of vendors that are quite tightly wound into LEB. Too tightly at times, as competitor bashing is rather common. I find that disgraceful and it might run afoul of laws in certain jurisdictions. It should be stopped. Reviews and conversations should be limited to the customers and the vendor placing the ad.

Other thing I've found increasingly annoying is the editorializing of ads themselves. Lots of hype and borderline stuff upside the ad. Some vendors must feel they are being slighted by such. I'd rather have ads that were ads plus some true value add, ratings, prior reviews, info on the company...

Posted by TheLie, 03-08-2012, 06:58 PM
Hm, a Ukrainian friend of me is living in Nicosia, maybe he wants to pay a visit to him? (Prefferably with a shotgun? )

I can ask....

Posted by cd/home, 03-08-2012, 07:09 PM
Quote:
Originally Posted by Zhang
Hm, a Ukrainian friend of me is living in Nicosia, maybe he wants to pay a visit to him? (Prefferably with a shotgun? )

I can ask....
You dont need a shotgun just go armed with a 500Gbps

Posted by damoncloudflare, 03-08-2012, 07:11 PM
Quote:
Originally Posted by Tiger-Daniel
Used to use CloudFlare.

But it isn't very hard to find the true IP of the server thats behind CloudFlare. Most people leave the true IP in the DNS as they need it for mail etc.
Yes. A lot of people assume that we hide all of their IPs because digs, traces & pings to the domain will show our information when checking the root domain...but we're not an IP protection service & those effects are really just a side effect of using our service. There are certain records we can't proxy.

Posted by damoncloudflare, 03-08-2012, 07:12 PM
Quote:
Originally Posted by Flapadar
Plus, cloudflare put traffic direct when too much ddos goes towards a site.
Yes, but it generally has to be a fairly sizable attack. The rule for going direct depends on if the attack against that site starts to impact other customers. Most attacks are ok.

Posted by NE-Adam, 03-08-2012, 07:26 PM
Quote:
Originally Posted by damoncloudflare
Yes, but it generally has to be a fairly sizable attack. The rule for going direct depends on if the attack against that site starts to impact other customers. Most attacks are ok.
What attack size is the limit generally?

Posted by damoncloudflare, 03-08-2012, 07:51 PM
Quote:
Originally Posted by NE-Adam
What attack size is the limit generally?
Can't provide a numeric value, unfortunately (a lot of variables). A larger UDP attack? *Probably* ok. DNS attack? Not ok.

Posted by Yujin, 03-08-2012, 11:34 PM
Quote:
Originally Posted by Amitz
Is this the kid you all are talking about?
http://sv1.imagefire.net/image/6afcc9295f9d.png
I thought this is Jason Biggs

Posted by ServerCluster, 03-09-2012, 06:03 AM
Is it working? Twitter says it is but I keep getting redirected to the twitter page when I try go to the website

I tried ipconfig /flushdns

edit: I mean lowendtalk.com

Posted by MattS, 03-09-2012, 06:04 AM
lowendtalk.com is working, lowendbox.com is still down I think.

Posted by ServerCluster, 03-09-2012, 06:25 AM
Quote:
Originally Posted by MattS
lowendtalk.com is working, lowendbox.com is still down I think.
both redirect me to twitter

Posted by MattS, 03-09-2012, 07:19 AM
Quote:
Originally Posted by ServerCluster
both redirect me to twitter
Try the www.lowendtalk.com

Posted by DeltaAnime, 03-09-2012, 07:30 AM
Flush your DNS cache/browser cache

Francisco

Posted by ServerCluster, 03-09-2012, 08:33 AM
already did dns but browser worked - thanks

Posted by shearerc, 03-11-2012, 02:24 PM
Down again as of now
http://www.isup.me/www.lowendbox.com

It's not just you! http://www.lowendbox.com looks down from here.

Posted by GetKVM_Ash, 03-11-2012, 02:41 PM
Quote:
Originally Posted by shearerc
Down again as of now
http://www.isup.me/www.lowendbox.com

It's not just you! http://www.lowendbox.com looks down from here.
Yep its down, along with our website and three of our nodes.

Posted by raindog308, 03-11-2012, 08:06 PM
Quote:
Originally Posted by pubcrawler
I spoke my piece about this topic

LET I view, but don't participate on (that dreaded Google CAPTCHA to setup account -- we block spy assets).
Whatever are you talking about?

Posted by RC-Martin, 03-11-2012, 08:17 PM
Both are up now.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
FDC - Denver is down (Views: 1357)
Wired Tree (Views: 1090)


Language: