Announcement

Collapse
No announcement yet.

Continuing Attempts to Thwart FluTrackers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Re: Continuing Attempts to Thwart FluTrackers

    We were down today for about 1.5 hours due to a denial of service attack. The server company is investigating this.

    We temporarily switched to our backup site:

    FluTrackers.org

    please bookmark this site.

    If we are down for an extended period of time we will post notices to twitter& facebook


    Thanks everyone!

    Comment


    • Re: Continuing Attempts to Thwart FluTrackers

      At first look - WOW - we have had a huge December!

      So far - 11,302,561 hits from people and an additional 2,367,199 hits from search engine bots - WOW

      But Wait... the page view number is off....9,222,050 page views from people...which is more than 71 pages for each visit from the viewers @ 69,608 unique ips.

      ???

      Over 71 pages for the average viewer at each visit??? No way.

      We have had a continuing denial of service attack since December 7. I began receiving email notes about excess server load from the server company. Since the traffic was direct links into the site from various ips, it did not appear to be a denial of service attack at first. In fact, the server company suggested after a week that we install the latest vbulletin to better handle our huge traffic. On Friday afternoon, December 20, the server company called me about the continuing excess load.

      On Saturday I began to investigate the origin of the traffic to see what topics on FluTrackers were attracting so much attention.

      The first thing I saw was the number of hits. Unreal.

      Then I saw that China was the country of origin for the excess traffic. And then I discovered all of the traffic was to our registration form. In the past few months about 50+ fake people have signed up to join each day. Then all of a sudden this stopped a couple of weeks ago. Now I know why....they are not bothering to sign up. They have realized that they can not get in.

      So now they are flooding the site registration form with direct links. This must be generated by computer. Look at the various ips and the number of pages viewed before I banned them:

      61.164.163.138 - 268,355
      125.77.148.220 - 250,218
      175.44.29.231 - 232,148
      175.6.1.99 - 231,047
      175.44.24.163 - 201,411
      175.44.27.2 - 170,355
      59.58.176.46 - 147,363
      61.129.51.240 - 143,901
      175.44.11.225 - 142,688
      112.111.190.221 - 139,224
      175.44.26.252 - 103,652
      115.210.179.58 - 94,701

      This is just the top 12. There are more. This amount of volume can only be generated by a computer program.

      Overall pages viewed from China are 7,947,773. !!! Almost all in only 2 weeks.

      So why would someone try to overload the site from December 7 through December 21 when I began to ban these ips?

      What is the possible motive?

      I spent most of Saturday and Sunday taking action to make sure these and other ips can not access the server. Even with this continuous attack we never went down. We have installed various methodologies to prevent down time.

      So, whoever you are - you will never take us down. We are not just a site.

      We are a phenomenon. People Helping Other People. This Can Not Be Stopped.

      Comment


      • Re: Continuing Attempts to Thwart FluTrackers

        Here are December's final numbers but I have to adjust for the traffic that is a Denial of Service attack:

        <table class="aws_border sortable" border="0" cellpadding="2" cellspacing="0" width="100%"><tbody><tr><td class="aws_title" width="70%">Summary </td><td class="aws_blank"> </td></tr> <tr><td colspan="2"> <table class="aws_data" border="1" cellpadding="2" cellspacing="0" width="100%"> <tbody><tr bgcolor="#ECECEC"><td class="aws">Reported period</td><td class="aws" colspan="5"> Month Dec 2012</td></tr> <tr bgcolor="#ECECEC"><td class="aws">First visit</td> <td class="aws" colspan="5">01 Dec 2012 - 00:00</td></tr> <tr bgcolor="#ECECEC"><td class="aws">Last visit</td> <td class="aws" colspan="5">31 Dec 2012 - 23:59</td> </tr> <tr><td bgcolor="#CCCCDD"> </td><td bgcolor="#FF9933" width="17%">Unique visitors</td><td bgcolor="#F3F300" width="17%">Number of visits</td><td bgcolor="#4477DD" width="17%">Pages</td><td bgcolor="#66F0FF" width="17%">Hits</td><td bgcolor="#339944" width="17%">
        </td></tr> <tr><td class="aws">Viewed traffic *</td><td>85,297
        </td><td>161,230
        (1.89 visits/visitor)</td><td>11,377,170
        (70.56 Pages/Visit)</td><td>13,992,084
        (86.78 Hits/Visit)</td><td>
        </td></tr> <tr><td class="aws">Not viewed traffic *</td><td colspan="2">
        </td> <td>2,835,700</td><td>3,007,399</td><td>
        </td></tr> </tbody></table></td></tr></tbody></table>* Not viewed traffic includes traffic generated by robots, worms

        Comment


        • Re: Continuing Attempts to Thwart FluTrackers

          Already in a little more than 29 hours into 2013 this attack is continuing:

          <table class="aws_border sortable" border="0" cellpadding="2" cellspacing="0" width="100&#37;"><tbody><tr><td class="aws_title" width="70%">Summary </td><td class="aws_blank">
          </td></tr> <tr><td colspan="2"> <table class="aws_data" border="1" cellpadding="2" cellspacing="0" width="100%"> <tbody><tr bgcolor="#ECECEC"><td class="aws">Reported period</td><td class="aws" colspan="5"> Month Jan 2013</td></tr> <tr bgcolor="#ECECEC"><td class="aws">First visit</td> <td class="aws" colspan="5">01 Jan 2013 - 00:00</td></tr> <tr bgcolor="#ECECEC"><td class="aws">Last visit</td> <td class="aws" colspan="5">02 Jan 2013 - 05:12</td> </tr> <tr><td bgcolor="#CCCCDD">
          </td><td bgcolor="#FF9933" width="17%">Unique visitors</td><td bgcolor="#F3F300" width="17%">Number of visits</td><td bgcolor="#4477DD" width="17%">Pages</td><td bgcolor="#66F0FF" width="17%">Hits</td><td bgcolor="#339944" width="17%">
          </td></tr> <tr><td class="aws">Viewed traffic *</td><td>4,533
          </td><td>5,740
          (1.26 visits/visitor)</td><td>241,762
          (42.11 Pages/Visit)</td><td>334,815
          (58.33 Hits/Visit)</td><td>
          </td></tr> <tr><td class="aws">Not viewed traffic *</td><td colspan="2">
          </td> <td>104,069</td><td>110,833</td><td>
          </td></tr> </tbody></table></td></tr></tbody></table>* Not viewed traffic includes traffic generated by robots, worms


          It is not possible that each visit generates a 42 page read. Several ips have already abused us.

          Comment


          • Re: Continuing Attempts to Thwart FluTrackers

            Here are some of the abusive ips and the number of pages they viewed. The first few are all China. I have not looked at all of them yet.

            113.72.35.26 -56,775
            120.37.208.121 - 46,749
            69.46.84.70 27,881 - 27,881
            183.26.209.161 - 11,544
            183.26.212.228 - 9,151
            222.77.227.52 - 6,459
            27.155.153.219 - 5,854
            205.164.58.7 -5,841
            94.242.237.5 - 4,798
            14.147.75.166 - 4,680
            210.21.68.152 - 4,271



            There are more. There is no possibility that any real person has read these many pages on only 29 hours.

            Comment


            • Re: Continuing Attempts to Thwart FluTrackers

              US media companies hit by 'Chinese hackers'
              Wall Street Journal and New York Times newspapers report that both their computer systems were infiltrated.

              Last Modified: 01 Feb 2013 02:22

              snip

              "Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information," Paula Keve said.

              Wall Street Journal and New York Times newspapers report that both their computer systems were infiltrated.

              Comment


              • Re: Continuing Attempts to Thwart FluTrackers

                U.S. looking at action against China cyberattacks
                Updated: Feb 01, 2013 4:03 PM CST
                LOLITA C. BALDOR
                Associated Press
                ...
                Richard Bejtlich, the chief security officer at Mandiant, the firm hired by the Times to investigate the cyberattack, said the breach is consistent with what he routinely sees China-based hacking groups do. But, he said it had a personal aspect to it that became apparent: The hackers got into 53 computers but largely looked at the emails of the reporters working on a particular story. The newspaper's investigation delved into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion.

                "We're starting to see more cases where there is a personal element," Bejtlich said, adding that it gives companies another factor to consider. "It may not just be the institution, but, is there some aspect of your company that would cause someone on the other side to take personal interest in you?"

                Journalists are popular targets, particularly in efforts to determine what information reporters have and who may be talking to them.

                The Chinese foreign and defense ministries called the Times' allegations baseless, and the Defense Ministry denied any involvement by the military.
                ...

                Full text:
                http://www.fox8live.com/story/20928593/us-looking-at-action-against-china-cyberattacks
                "Safety and security don't just happen, they are the result of collective consensus and public investment. We owe our children, the most vulnerable citizens in our society, a life free of violence and fear."
                -Nelson Mandela

                Comment


                • Re: Continuing Attempts to Thwart FluTrackers

                  I think one of the main hackers' attractor here at FT is H5N1.

                  In fact, when I post on twitter a link with #H5N1 hashtag the number of 'hits' for the thread literally skyrockets.

                  This could signal also an individually tagged activity against my account and my links toward FT.

                  I wonder whether we will have to rename my FT account and / or username/password, emails...

                  Comment


                  • Re: Continuing Attempts to Thwart FluTrackers

                    The hackers gave up trying to get into the server. For years they tried but they never were able to guess the correct user name or password. This is why they now have a computer program to send many requests to look at the registration form. You can change anything you want in your profile at FT, but at this time it appears they have given up trying to access the server - plus we have many safeguards installed. I think most of the H5N1 hits are real people and entities. It remains one of the biggest natural threats to mankind.

                    As to twitter who was hacked yesterday and 250,000 accounts were accessed, we were not one of those. I changed our password anyway. So we are not the focus of that set of hackers. There is speculation it was China.

                    Comment


                    • Re: FluTrackers 2012 Total Year Statistics - Preliminary

                      Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

                      By DAVID E. SANGER, DAVID BARBOZA and NICOLE PERLROTH
                      Published: February 18, 2013 177 Comments

                      On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People?s Liberation Army base for China?s growing corps of cyberwarriors.

                      more...




                      --------------------------

                      Most of the ips engaging in a continuous DOS attack against us have originated in Putian, Fujian province. I have managed to cut the traffic to the server down to 1,060,311 page views so far in February - down from 9,714,466 in December.

                      Comment


                      • Re: Continuing Attempts to Thwart FluTrackers

                        We are experiencing a continuing DOS attack and are slow this afternoon. I am working with the server company after receiving this email from them:

                        Date: Mar 19, 2013 3:40 PM
                        IMPORTANT: Do not ignore this email.

                        .... the cpu has been maxed out for more than a 6 hour period......You should check the server to see why the load is so high and take steps to lower the load......

                        Comment


                        • Re: Continuing Attempts to Thwart FluTrackers

                          It does seem to running slow today.
                          _____________________________________________

                          Ask Congress to Investigate COVID Origins and Government Response to Pandemic.

                          i love myself. the quietest. simplest. most powerful. revolution ever. ---- nayyirah waheed

                          "...there’s an obvious contest that’s happening between different sectors of the colonial ruling class in this country. And they would, if they could, lump us into their beef, their struggle." ---- Omali Yeshitela, African People’s Socialist Party

                          (My posts are not intended as advice or professional assessments of any kind.)
                          Never forget Excalibur.

                          Comment


                          • Re: Continuing Attempts to Thwart FluTrackers

                            We tightened the firewall settings and this inadvertently caused the server to automatically ban some frequent users, including me and Sally! lol

                            We are working with the server company to determine the correct settings.

                            If you can not see FluTrackers from your regular location, please email us at flutrackers@earthlink.net

                            Comment


                            • Re: Continuing Attempts to Thwart FluTrackers

                              I am having difficulty logging in as well, as it took me two days to sneak in here to post that article solving the outbreak in Carmen de Areco.

                              At least I know that issue wasn't related to my computer (although I did find several viruses and trojans on my computer this morning)...

                              Comment


                              • Re: Continuing Attempts to Thwart FluTrackers

                                Originally posted by alert View Post
                                I am having difficulty logging in as well, as it took me two days to sneak in here to post that article solving the outbreak in Carmen de Areco.

                                At least I know that issue wasn't related to my computer...
                                I think the firewall banned everyone!

                                I have been working with the server company last night and this morning to improve the firewall settings.

                                Because of the spammers, the admins have spent a lot of time dealing with this issue - and that was probably their intent.

                                Comment

                                Working...
                                X