I've been on the phone to HopOne, who provide the dedicated servers for Avant, and they're going to reboot the main avantbrowser.com server as it is showing as unreachable, however, they can't do anything about the forum.avantbrowser.com server, which also houses the it-mate.co.uk sites, without Andersons approval, so they're going to send him an e-mail with a reboot request.
If I've not heard from Anderson by 21:00 GMT, I'll give him a call.
I'll update this post when I know more.
Affected servers
209.160.32.64
66.235.180.132
Affected sites
it-mate.co.uk
support.it-mate.co.uk
guestbook.it-mate.co.uk
surl.co.uk
avantbrowser.com
avantforce.com
forum.avantbrowser.com
forum.avantbrowser.cn
wiki.avantbrowser.com
blog.avantforce.com
orcabrowser.com
Apologies for any inconvenience.
/edit 02-06-2009 02:45
I am happy to report, all servers are now back online.
Initial investigations show the downtime was caused by an HTTP flooding attack against the Avant Browser website. Talking to Anderson revealed an attacker from China, incidentally the same country as Anderson, was flooding the server and had contacted Anderson via QQ (apparently the same as WLM) informing him he would not stop the attack until Anderson had paid him the amount asked for. Anderson informed me the attacker only asked for $300, which is the smallest amount I've ever heard of being demanded by an attacker.
At the present time, I don't have very much information on the attacker himself at present (I'll be getting more within the next day or two). However, analysis did show one thing in common - the user agent for all of the IP's he had attacking the servers, was identical;
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+MyIE+3.01)Cache-Control:+no-store,+must-revalidate
Unfortunately for our attacker this made it extremely simple to identify and filter out the flooding, both at the server level, and once we'd given this information to the hosting company, at the hosting co level aswell. No doubt this won't stop him for long as the UA is obviously faked anyway, and can quite easily be changed, but we've also taken the step of adding extra security and filtering to the servers themselves, and have blacklisted the IP ranges of those identified.
The IP's we identified were;
110.6.68.226 Resolution failed
113.87.123.207 Resolution failed
115.102.107.75 Resolution failed
115.102.122.215 Resolution failed
115.102.122.77 Resolution failed
115.102.122.90 Resolution failed
115.51.103.131 Resolution failed
116.113.100.67 Resolution failed
116.117.201.243 Resolution failed
116.30.237.161 Resolution failed
116.7.4.225 Resolution failed
117.136.9.73 Resolution failed
117.22.80.38 Resolution failed
117.69.217.29 29.217.69.117.broad.dynamic.hf.ah.cndata.com
117.8.79.197 Resolution failed
118.78.120.206 Resolution failed
118.78.223.5 Resolution failed
120.0.155.178 Resolution failed
120.142.44.79 Resolution failed
120.7.38.192 Resolution failed
121.201.3.40 Resolution failed
121.229.56.191 Resolution failed
121.230.57.93 Resolution failed
121.34.58.29 Resolution failed
121.42.198.75 Resolution failed
121.8.98.33 Resolution failed
123.118.0.99 Resolution failed
123.12.152.111 Resolution failed
123.14.196.156 Resolution failed
123.152.70.90 Resolution failed
123.17.171.186 Resolution failed
123.18.193.155 Resolution failed
123.19.91.81 Resolution failed
123.234.191.156 Resolution failed
124.131.162.37 Resolution failed
124.164.250.79 Resolution failed
124.64.10.233 Resolution failed
125.110.186.249 Resolution failed
125.121.223.38 Resolution failed
125.75.93.59 59.93.125.75.gs.dynamic.163data.com.cn
194.8.74.11 Resolution failed
210.21.81.133 Resolution failed
211.137.63.183 Resolution failed
211.81.53.58 Resolution failed
218.108.18.108 Resolution failed
218.66.14.152 Resolution failed
218.75.74.50 Resolution failed
218.85.120.61 Resolution failed
218.93.245.56 56.245.93.218.broad.sq.js.dynamic.163data.com.cn
219.140.230.36 Resolution failed
219.147.36.226 Resolution failed
220.165.71.195 195.71.165.220.broad.lj.yn.dynamic.163data.com.cn
220.181.61.220 Resolution failed
220.181.61.230 Resolution failed
221.213.45.244 Resolution failed
221.218.170.104 Resolution failed
221.220.224.242 Resolution failed
221.225.178.197 Resolution failed
221.3.101.143 Resolution failed
222.244.230.111 Resolution failed
58.215.65.183 Resolution failed
58.241.173.233 Resolution failed
58.249.40.255 Resolution failed
58.252.182.163 Resolution failed
58.255.128.187 Resolution failed
58.42.152.174 Resolution failed
58.55.96.159 Resolution failed
60.209.10.192 Resolution failed
60.233.156.208 Resolution failed
61.167.105.6 Resolution failed
76.161.2.106 static-76-161-2-106.dsl.cavtel.net
76.66.22.251 bas2-toronto48-1279399675.dsl.bell.ca
113.87.123.207 Resolution failed
115.102.107.75 Resolution failed
115.102.122.215 Resolution failed
115.102.122.77 Resolution failed
115.102.122.90 Resolution failed
115.51.103.131 Resolution failed
116.113.100.67 Resolution failed
116.117.201.243 Resolution failed
116.30.237.161 Resolution failed
116.7.4.225 Resolution failed
117.136.9.73 Resolution failed
117.22.80.38 Resolution failed
117.69.217.29 29.217.69.117.broad.dynamic.hf.ah.cndata.com
117.8.79.197 Resolution failed
118.78.120.206 Resolution failed
118.78.223.5 Resolution failed
120.0.155.178 Resolution failed
120.142.44.79 Resolution failed
120.7.38.192 Resolution failed
121.201.3.40 Resolution failed
121.229.56.191 Resolution failed
121.230.57.93 Resolution failed
121.34.58.29 Resolution failed
121.42.198.75 Resolution failed
121.8.98.33 Resolution failed
123.118.0.99 Resolution failed
123.12.152.111 Resolution failed
123.14.196.156 Resolution failed
123.152.70.90 Resolution failed
123.17.171.186 Resolution failed
123.18.193.155 Resolution failed
123.19.91.81 Resolution failed
123.234.191.156 Resolution failed
124.131.162.37 Resolution failed
124.164.250.79 Resolution failed
124.64.10.233 Resolution failed
125.110.186.249 Resolution failed
125.121.223.38 Resolution failed
125.75.93.59 59.93.125.75.gs.dynamic.163data.com.cn
194.8.74.11 Resolution failed
210.21.81.133 Resolution failed
211.137.63.183 Resolution failed
211.81.53.58 Resolution failed
218.108.18.108 Resolution failed
218.66.14.152 Resolution failed
218.75.74.50 Resolution failed
218.85.120.61 Resolution failed
218.93.245.56 56.245.93.218.broad.sq.js.dynamic.163data.com.cn
219.140.230.36 Resolution failed
219.147.36.226 Resolution failed
220.165.71.195 195.71.165.220.broad.lj.yn.dynamic.163data.com.cn
220.181.61.220 Resolution failed
220.181.61.230 Resolution failed
221.213.45.244 Resolution failed
221.218.170.104 Resolution failed
221.220.224.242 Resolution failed
221.225.178.197 Resolution failed
221.3.101.143 Resolution failed
222.244.230.111 Resolution failed
58.215.65.183 Resolution failed
58.241.173.233 Resolution failed
58.249.40.255 Resolution failed
58.252.182.163 Resolution failed
58.255.128.187 Resolution failed
58.42.152.174 Resolution failed
58.55.96.159 Resolution failed
60.209.10.192 Resolution failed
60.233.156.208 Resolution failed
61.167.105.6 Resolution failed
76.161.2.106 static-76-161-2-106.dsl.cavtel.net
76.66.22.251 bas2-toronto48-1279399675.dsl.bell.ca
I'll post more in due course.
No comments:
Post a Comment