Just an FYI folks, both of the Avant Browser servers are currently down, and I can't get hold of Anderson (there's a number for him in China, but costs a bleedin fortune to call over there, so only gonna do that if I absolutely have to).
I've been on the phone to HopOne, who provide the dedicated servers for Avant, and they're going to reboot the main avantbrowser.com server as it is showing as unreachable, however, they can't do anything about the forum.avantbrowser.com server, which also houses the it-mate.co.uk sites, without Andersons approval, so they're going to send him an e-mail with a reboot request.
If I've not heard from Anderson by 21:00 GMT, I'll give him a call.
I'll update this post when I know more.
Apologies for any inconvenience.
/edit 02-06-2009 02:45
I am happy to report, all servers are now back online.
Initial investigations show the downtime was caused by an HTTP flooding attack against the Avant Browser website. Talking to Anderson revealed an attacker from China, incidentally the same country as Anderson, was flooding the server and had contacted Anderson via QQ (apparently the same as WLM) informing him he would not stop the attack until Anderson had paid him the amount asked for. Anderson informed me the attacker only asked for $300, which is the smallest amount I've ever heard of being demanded by an attacker.
At the present time, I don't have very much information on the attacker himself at present (I'll be getting more within the next day or two). However, analysis did show one thing in common - the user agent for all of the IP's he had attacking the servers, was identical;
Unfortunately for our attacker this made it extremely simple to identify and filter out the flooding, both at the server level, and once we'd given this information to the hosting company, at the hosting co level aswell. No doubt this won't stop him for long as the UA is obviously faked anyway, and can quite easily be changed, but we've also taken the step of adding extra security and filtering to the servers themselves, and have blacklisted the IP ranges of those identified.
The IP's we identified were;
I'll post more in due course.