Temasek Review site down by another massive DDOS attack
October 31st, 2009 | 
Author: Dear readers,
Our site is down from 3pm yesterday due to another round of massive DDOS attack. This is the second time in two weeks that services to our site is disrupted due to external factors beyond our control.
We have already installed another layer of firewall to pre-empt this from happening again. However, we do expect the person or group to continue their attacks in the future.
They must have spent a bomb already to bring down our site, but you can be assured that no matter what they do, Temasek Review will continue running and we will be acquiring more sites in the future.
Some comments from our readers posted yesterday are also lost as a result of the attack
We apologize for the inconvenience caused and we would like to thank you for your continued support.
ADMINISTRATOR
.
Posted in Snippets
80 Responses to “Temasek Review site down by another massive DDOS attack”
Loading ...
Alex Tan Allan Ooi AWARE Chee Soon Juan Chiam See Tong Claire Lee David Widjaja DBS Dr Allan Ooi Dr Silviu Ionescu Dr Vivian Balakrishnan Foyce Le Xuan highnote5 Hong Lim Park Jack Lin Xinli Jack Neo Jack Neo affair Jack Neo scandal Josie Lau Josie Lau Meng Lee Lee Kuan Yew Lehman brothers Lighthouse Evangelism MAS minibonds Miss Singapore World NTU stabbing PAP Pastor Rony Tan Ris Low Romanian diplomat in hit-and-run Rony Tan S-League silviu ionescu Singapore Singapore 2010 Youth Olympic Games Tan Kin Lian Thio Su Mien Tiger Woods affair Tong Kok Wai Top 8 Vivian Balakrishnan Wendy Chong Y O G Youth Olympic Games
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
It is safe to assume who is the attacker, given that TR publishes new articles lambasting the PAP and its cronies every day. Keep up the good work. We support you, TR!
Another DDOS attack within such a short period? Timed to bring site down over the weekend. Someone must be damm pissed off with this site! Who could they be? =)
Wahahaha! Good work in getting TR back up!
Hi all, it is time to seriously consider helping TR:
http://www.temasekreview.com/donations/
the more scared they are,the more they fight you shows that we are on the right side.
Gandhi” First they ignore you, then they ridicule you, then they fight you, then you win”
Needless to say the attackers must be Pappy running dogs,they are watching this site very closely.
This site is getting critical of the the garment and is also getting very popular with singaporeans who are not blinded with their propaganda in the Shitty Times and Media Broadcast.
Just be prepared for more attacks coming on,with the Election looming round the corner.
DDOS attack might be in a form of worm virus distributed by email. Once distributed, the rest will be automatic.
Computers that was infected by the virus might try to access “www.temasekreview.com” 1000 times a minute in the background at a designated date and time, e.g. once every monday and friday 3pm.
If 100 computers are infected throughout the inteernet, the website confirm will be so down that even the administrator is not able to squeeze out any bandwidth to login to the admin-controlpanel.
You do not need to spent a bomb in DDOS attack. Any diploma computer student studying in any 3rd grade private school can do it. Singaporean might not dare to do this kinda thing though. Who are more lightly the culprit?
Hint 1: Who hack into the FBI and US government website before?
Hint 2: Other than PAP, whose interest in Singapore had been challenge in this website?
When shame of truth is too much forbearance, DDOS attack bares the evidence of a badly hurt pit bull terrier or a pack of pit bull terriers.
Fyi, DDOS is not like that. And no firewall can stop DDOS.
When there’s DDOS, you won’t see “under construction” page like yesterday.
The browser will just keep loading and loading and loading and loading.. until finally there’s a time-out message.
I suggest you thrash it out with your servers to find out the real problem. Hope you aren’t hoodwinked by them.
Hi DDOS,
The site is timed-out entirely yesterday till about 10pm.
Our administrator then moved it to another server with a stronger firewall which explains the “under construction” page you saw.
No firewall can stop DDOS, but it can reduce the frequency and intensity of attacks.
Our server is a dedicated server with its own firewall, it cannot be breached easily by amateurs.
Roger, just thought you should verify with some IT people and keep an eye on the service provider hosting your server. I’ve become skeptical about these providers.
Is it any coincidence that the ISD has a new ‘cyber-security’ division?
May be the TR can consider moving the server to US? They got tough law against cyber attacks. If the source of DDOS is from certain entity in Singapore, even the law will no be partial and faced difficulties getting the culprits to justice.
@Vote of Opposition, laws or no laws, it wont change a bit nor make a difference because the main originating attacker is very very hard to trace.
Technically, the culprit can be traced but it would require very very expensive high tech equipment to do that, you are probably talking about maybe the FBI, CIA or maybe even ISD.
@DDOS is not like that, once a DDoS is started, you will see hundreds and thousands of different IPs from all around the world accessing your server at the same time, which IP then is the culprit?
DDoS in excess of 50mbps will completely bring any servers to its knees without a robust hardware firewall doing the filtering on the router end with at least a 1T backbone considering the massive bandwidth required.
No software firewall that I know of can take more than 20mbps of DDoS unless the server is on a 50mbps or 100mbps dedicated leased line.
@XiSd, if blocked by firewall, we won’t see a page, so I’m suspicious of the hosting service. TR must also try to watch over the provider hosting their server.
Why don’t you use CAPTCHA? It doesn’t take a genius to figure this, it is obvious the site is very vunerable. You should seriously consider some of such measures, even your comments imput parameters are not protected from bot attacks.
Maybe ISD is attacking Temasek Review…..becos election is near.
@DDOS is not like that, the UC page is on a different server than has an anti-ddos firewall and came up only AFTER the DDoS killed the original site, which was on a different server.
From my understanding, hostican was hosting TR but the charges were very expensive for the price they are paying. TR have moved since to an asian centre and admin has confirmed that a hardware firewall will be installed by their new hosts.
@Brndan, CAPTCHA will be useless against DDoS. Its more of a protection against spamming and automated submission.
You seriously need the brotherhood. Only they have have the experiential knowledge to deal with this nonsense. They cut their teeth in North Asia against the best. The Chinese who came out with this thing, they once proudly called the cobra. By the time Darkness and his crew finished with the cobra, it looked like one of those decorative chinese knots.
They do such a good job, their gaming servers run 24/7, 365 days a year with hardly any glitches.
While not one to be indulging in speculation, it may be possible to conduct some basic forensic investigation of the recent DDOS attacks to attempt to zero in on the identity of the perpetrator(s) and the motive(s). I suppose the IP addresses have been logged in the Apache logs and may be “dig -x”. IP spoofing is possible but unlikely.
If there is sufficient evidence of Singapore based IP addresses used in the attacks, one may leverage the section 11 on “territorial scope” of the Computer Misuse Act (Cap 50A):
11. —(1) Subject to subsection (2), the provisions of this Act shall have effect, in relation to any person, whatever his nationality or citizenship, outside as well as within Singapore.
(2) Where an offence under this Act is committed by any person in any place outside Singapore, he may be dealt with as if the offence had been committed within Singapore.
(3) For the purposes of this section, this Act shall apply if, for the offence in question —
(a) the accused was in Singapore at the material time; or
(b) the computer, program or data was in Singapore at the material time.
TR may consider lodging a formal police complaint (at least for the record). Regardless of who one thinks the perpetrator is, it certainly does not hurt to fight fire with fire.
Firewalls are not built to mitigate DDoS attacks. You need a dedicated DDoS solution in front of your Firewall to filter attack traffic form good traffic. Take a look at our website for more info.
Duncan Hume
@XiSd, I don’t get it. The DDOS will also affect the new server with the UC page, so users won’t see the UC also, because they’re either blocked by that new firewall or they are time-out by the DDOS.
Anyway, you’re closer and in a better position to advise TR. I’m just pointing another possible place to look. Hope you guys solve the problem.
@Duncan Hume, true and precise. A software firewall will NEVER do a proper job, maybe a small scale DDoS or SYNC but not an intended, targetted one in excess of 20mbps.
TR is getting a hardware firewall installed sometime this week.
@DDOS is not like, like I said, TR is on a server without a strong firewall as opposed to the temporary page setup by the host on their servers which has strong firewall installed.
Any DDoS within the limits and capabilities of the hardware firewall will be filtered and clean traffic will be let through, hence ‘clean and innocent’ readers will get through.
I am NOT close to the admin nor am I involved in the admin, just in touch with the admin.
I may be time to start writing for theonlinecitizen.
Darkness 2009
Steve Wu, if the person and the appliance is outside of Sinkapore, then the Act is useless.
What can the Sinkapore Police Do? Besides, DDoS is ALWAYS NOT a single Ips or it would be just a mosquito bite
Make the necessary arrangements Singaporedaddy, tell the others to switch – remember always, we did not start this arms race, all we ever wanted was peace and the right to blog.
Now it will get very complicated. As we will burn the rule book and its really a free for all. But again, pls remember, we did not start this arms race, all we ever wanted was peace and the right to blog.
Always remember this.
Darkness 2009
Next time you get attacked let us know, we’ll give you hand
and make sure your site stays up
Hi XiSd Tay, the point is that the Computer Misuse Act applies even if the person is OUTSIDE of Singapore. This means that the police has the statutory duty to accept the complaint if it comes to it. It shall prevent a later excuse that no one filed a complaint and hence the police does not know about it.
You and I know how efficient the police is even with domestic cases, so I am also not hopeful that it will actually do anything even though it is duty bound. Hence, the complaint is just a record, and not meant to be an alternative to the suggestions already given by the good folks.
Hi Darkness,
Do you happen to know who is the culprit?
At the frequency our site is being attacked, we will never be able to build up the readership, but if the attackers think they will force us to close down, they will be grossly disappointed.
This never happens in the past when our traffic is still lower than TNP/TODAY.The problem started when our alexa ranking exceeded 550.
Now, which site(s) will benefit most if TR is down? Who is so desperate to stop our continued growth? Think about it.
We do have some evidence at hand, but it is not concrete, perhaps you will like to give us some advice?
We can be contacted at temasekreview@gmail.com
“I may be time to start writing for theonlinecitizen.
Darkness 2009″
Darkness
Why sure someone of high caliber like you write for a site that keep censoring comment ?
First of all what makes you so cocksure that I even believe for one moment, this site has suffered a massive doss attack?
Do you have any idea what a doss attack even is? Or how its actually executed? if it really did happen it would have left an electronic signature the size of Alaska somewhere in cyber space – guess what? We havent even found so much as a pimple?
So all of you would do well not to be hoodwinked by this.
The way I see it; this is just another ploy to sell us all another gold plated fire engine by some lame duck covert unit that is probably trying to roll out a new set of guidelines to further control our internet. Dont believe me, you just watch and see what is going to come out in the MSM in these next few weeks. I guarantee you all.
Understand this clearly! I am not going to reveal any info as to how I happen to know that this site has never ever suffered from a doss attack – let us just say, I just know and that is really all I need to escalate this matter.
You can go and scan my computer all day – waste of time, I dont use that unit for anything except surfing and most of the time a robot is doing that.
Darkness 2009
life is not so simple; you press buttons and people jump? You have to be kidding me.
The real problem is not those who jump; those that do so dont count; they are sheep; if they dont jump on this; they will probably find a hundred other things to jump abt.
The real problem are those who dont jump – the real problem are those WHO REALLY KNOW WHAT IS GOING ON! Sooner or later you got to deal with them; bc when they hear abt you crying wolf; they are going to put on their thinking hats and ask why, who and how?
Either way whatever answer emerges; its definitely not going to go a very long way to build up deep spirited trust; infact, its going to sow the seeds of acrimony and may even trigger off an electronic arms war like the one we currently in China – where the communist have no choice but to spend billions every year hirring armies of computer hacks just to keep their great fire wall from turning to mud – who wins then?
Dont say I didnt warn you not to cry wolf
Darkness 2009
it’s a dress rehearsal for election time
Hi Darkness,
We have to disagree with your assessment. Our system administrator is a paid staff of an offshore company with no links to the Singapore government unless you are implying that our hosting company is a mole which is sabotaging our site.
From a business point of view, that will be suicidal. The DDOS attack is not something new. We encounter it before with the old hosting company, just that it is getting a bit more frequent this time.
It is all very lame and complete waste of time to speculate. Like Darkness said, if there was indeed a DDoS, there will be electronic footprint all the way down to the router, the DC will capture a sudden bandwidth surge, server log will show, firewall log will also show IPs being dropped, etc etc etc.
DDoS is something not any site wants to experience and I don’t see reason why an ESTABLISHED SITE like TR would want to come up with any ploy to get attention considering that claiming so will ADVERSELY affect its reputation (since the 1st rule of the Internet on sites is to make sure it is 99.9% UP and not down), if thats what anyone is implying that TR is guilty of.
My suspect is they got in by injecting some malicious web program code into the comment form input fields. This may have given them administrator access. Maybe admin can check form submits. Anyway just speculation.
Brendan, what you mentioned is possible but in TR’s case, it is DDoS and not a hack.
DDoS is usually initiated infected computers rom all over the world remotely triggered. These computers are usually unaware that they have been infected and is a ’sleeping meat chicken’ (China hackers term for infected computer used for DDoS) until the malicious code is triggered.
A small scale DDoS will normally involves a few hundred IPs and a decent firewall will be able to handle that with no sweat. Any DDoS above 1000+ will certainly limp a server and make it crawl without a robust firewall and huge bandwidth.
Most servers hosting sites are on either a 10mbps dedicated or 100mbps shared network, so it is almost certain that the server or the network will be inaccessible if there was a DDoS exceeding 40mbps, which will create a bottleneck on the 100mbps network, after the switch.
Unless a server has tons of memory, properly configured and a dedicated leased line or a robust firewall, most of the time it would go down under a Medium Sized DDoS attack exceeding 40mbps.
I cant presume to speak for wayang. All I know is you told us all this site has been nuked – so we looked around to see whether we could render any assistance.
Guess what we found absolutely nothing!
Nothing! Not even so much as an anthill. Now the question you all need to ask yourselves is how is that even possible?
FYI a doss attack is not so different from setting off a thermo nuclear warhead – its bound to leave alot of traces like dead bodies, charred buildings and not to mention a 100 or so storey mushroom cloud, so its not something that you can just hide underneath your bed.
But as I said we found nothing. I even sent Singaporedaddy and Harphoon to Russia and North Asia where they circulated in those forums and asked all our channel partners there to haul up the usual suspects – and again, a big fat nothing.
Perhaps someone here who is smarter than me (that cant be too hard) can FIRST tell me how is it even possible to have a doss attack without leaving a whopper of an electronic wake?
Even alien technology that was once used to move stones to build the pyramids in luxor cant do that!
AFTER we have successfully answered that ONE question, then and only then do we consider the secondary question of whether wayang is making up stories – but FIRST of all, lets try to answer this ONE question first.
Gentlemen, I call a spade a spade. I think the ordinary readers here have a right to know this.
Darkness 2009
So why nobody try to DDoS google.com? I’m sure there enough computers in the world outside US (beyond their judisriction) or maybe the combo of Russia and China, but yet multinational US companies can afford to protect their sites from such DDoS? Surely the equiptment they use cannot be too expensive or classfied that nobody can buy???
My final guess would be they (call it ISD if you like) flood the singapore pipe (the physical fibre link) the max bandwith it can handle to the location where this site is hosted, thus there will be no more bandwith to process request from genuine visitors like us to download the content.
Hence we get error 404 or cannot access site or something.
So perhaps other sites on the same hosting server as TR cannot be viewed from Sg during the DDoS attack as well because we shere the same fibre link to that location. Possible??
@Darkness, I have no intention of engaging you in a never ending debate over which forum you and your gang visit nor where the DDoS originate from, the possibilities are endless and leaves a lot to speculation with never concerte answers.
You claimed you have done battle with chinese players, then I have no doubt you SHOULD KNOW that a SINGLE PERSON can use a program readilly available on the internet to harvest ‘meat chicken’ from unprotected computers from around the world and start a decent DDoS on an unprotected site, it cost peanuts and is as easy as finding the recipe for nuclear bobm on google. One can also engage someone else to initiate the DDoS on a site for as little as RMB 300 per 4 hours, I am sure you know that too.
Unless you want to claim that a SINGLE FORUM or AGENCY in the world DEFINITELY will know of a DDoS if one is initiated or that an attacker has to register himself at this SINGLE FORUM you guys visit to initiate an attack, then your claim that an attack DID NOT take place is just as unbelievable as TR’s claim of being under attacked.
I am more tempted to believe TR’s version than yours because you cannot DEFINITELY prove that DDoS DID NOT take place but I am sure TR’s host, DC or server log can to an extent show that there was a sudden influx of traffic but then TR need not go to that extent of having to prove themseles, do they?
You accused TR of having cooked up or masterminding the recent downtime, my question is: WHAT FOR?
TR is already a successful site with a steady stream of readers, why would they need to do that? Admin must be a moron for bringing his site down just to gain some sympathetic readers, surely not! Admin can also simply claim that there was a server hardware failure so the downtime, does it really matter how the site went down?
On the contrary, I do find your eagerness to dispel TR’s DDoS claim suspicious. How does it concern you if TR was or wasn’t under a DDoS?
@Brendan, google.com is NOT a single server, they are on a cluster of servers located all aorund the world. If you have limited ammunitions and want to shoot a wild boar, you will most probably get ONE with the ammunition you have.
But what if your aim is to kill that SINGLE BOAR but you noticed that the entire forest is full of boars look alike? With the limited ammunition, can you shoot all of them and wipe them out? Hope that explains.
And for your information, TOP OF THE RANGE Anti DDoS firewall like those used in DC’s in USA can cost $100,000 or more. Just google on the internet for Advanced DDoS Protection and you will noticed that a decent 1-5gb protection can cost anything from $200 to $1000 UDS.
I tell you what XiSd, lets wait for the webmaster here to publish all our entries to the whole wide world – then and only then will I go for the kill in this conversation.
Or maybe we will just get it published in The Online Citizen?
Either way its up to you; as it is, we are all just having a private conversation – and if you dont mind, I have to really ask why?
Since when was gold so afraid of fire?
Darkness 2009
I promise you; I’ve give you all the statistics and even walk every single reader here through all the way points from A-Z.
Infact, I will make it so easy to understand; even a two year old kid will have no trouble ferreting out the truth for what it actually is – THERE IS NO DOSS ATTACK.
But between me and you XiSd; I’ve got a feeling what I said here is NEVER going to make it to the public domain – like I said, its just a private conversation.
And your secret is very safe with me (for the time being at least), very safe indeed – its good to have friends – only dont think for one moment; I dont know whats happening here
I am Darkness 2009
Darkness, like you said, we are all just having a private conversation. Since it is a private conversation, why the need to ask why?
Whatever you want to publish anywhere in the world is your perogative and none of my concern, I am just another reader just like you.
You have your right to express your views and opinion about this issue and I have mine, just like others who have theirs.
Matter as it is, TR doesn’t owe anyone any explaination nor they have a case to prove.
I look forward to your course on DDoS. Its always good to learn something new each day. I hope admin DO ALLOW your lecture to be published but thats not my call.
As for my secrets, everyone has some but I am not the least concern because it doesn’t affect or concern other readers here at TR. I am just a reader at TR, period.
I am still curious however about your ‘vested interested’ in TR being DDoS. You were once a writer for wayang, why did you ’suddenly’ disappear? have to really ask why?
Your secret is very safe with me. It is. No worries. I am the last person to tell.
But guess what everything (Oh Dear!)I post here is mirrored in at least 400 gaming forums (dont try to track it, I use another computer for that and every week, I hop to a new one); I cant be responsible if people decide to take an interest in the boy who cried wolf – surely you cant blame me; can you?
Darkness 2009
checkmate
@Darkness, I am quite certain that I have not been drinking today but I am beginning to lose you and not understand a single word you say.
You said: Your secret is very safe with me. It is. No worries. I am the last person to tell.
I have no secret to hide form you nor there is a need to hide anything from anyone here at this blog. I have no dealings with any readers here so unlike you, I have NO VESTED INTEREST in TR. Any secrets I may have is my concern, not of yours or anyone else for that matter.
You said: But guess what everything (Oh Dear!)I post here is mirrored in at least 400 gaming forums (dont try to track it, I use another computer for that and every week, I hop to a new one); I cant be responsible if people decide to take an interest in the boy who cried wolf – surely you cant blame me; can you?
I don’t do gaming online nor visit any gaming forum, so please forgive me if I have NOT heard of you nor your gang. Then again, we have no dealings with each other except this private conversation and I intend to keep it this way.
TR is already listed on major search engines and their postinsg made it to the google news on a daily basis, I am sure another 400 or so gaming forum might actually boost their traffic more. I am sure admin will be greatful for your help in this matter.
Your issue with admin and the crying wolf is of little interest to me neither does how you surf the web with multiple computers impress me. I don’t think I would waste time wanting to track you since I hardly know you nor is interested in who you are or were.
You should really take up the issue of the crying wolf with the admin, not me. I am merely expressing my opinion, just like you.
You can choose to agree or disagree or agree to disagree.
There is no DOSS attack on this site. ordinary readers who may not have an indepth knowledge of how the internet works; all deserve to know this.
Having said that, like I said, your or their secret is perfectly safe with me (wink wink) – as though I may not agree with the means. I know only too well why there is a need to propagate fear and more importantly use psychological warfare to foreclose on the end.
I understand – no need to even explain. I understand completely
To recap again: there is no DOSS attack on this site. Its a figment of your imagination. Though I have a much simpler answer, indeed much simpler
As I said in one of my earlier entries – we didnt even find so much as an anthill and if anyone here or elsewhere can better us, pls kindly prove us wrong – I will gladly eat my shoe with ketchu
Darkness 2009
@Darkness, you have a very weird sense of reasoning here which is beyond my comprehension.
TR claimed that there was a DDoS attack which brought the site down, you disagree. Thats fine with me and I am sure admin will respect your view as well.
HOWEVER, instead of just letting matter rests, you venture beyond and taunted the admin of TR and started insinuating that admin has a hidden agenda and may be lying.
My question is, SO WHAT IF THERE WASN’T A DDOS ATTACK? What it it to you who claims to have NO VESTED INTEREST IN TR (although you wrote for wayang in the past) but JUST A READER engaging in a PRIVATE CONVERSATION?
TR can be down for ANY REASON, it will still be none of your concern nor of mine, am I right? If admin had instead call it a server hardware failure and not a DDoS, would you still be engaging in this ‘private conversation’?
You are asking others to prove your allegations wrong, what for? We got nothing better to do? It was you who made the allegations, the onus of proof is on you, not vice versa.
And as for your ’suggestion’ of knowing MINE and TR’s secret, please stop the nonsense, I have no time for this. I am not related to TR in anyway nor am I on the admin board of TR, so please DO NOT link me and TR together and spin tales like the Shitty Times.
If you have something to say, just say it and stop playing like a broken old record. But whatever you do, please back it up with proof, the one element you so adamently insist.
I DO NOT doubt that you may be an expert on DDoS and my knowledge on DDoS will fit in the palm of your hands but I can read simple english and there is such a thing call google and yahoo. What I don’t know I can search and cetainly you cannot claim to know of every SINGLE DDoS happenning every hour thoughout the Internet on billions of site, can you? Unless of course you are the patent holder of DDoS and every attacker has to report their intended attack to your agency or forum, whatever.
All it takes to prove you wrong is by starting a small scale DDoS on a random site on a certain date and time and let you tell me which site IN THE WORLD was attacked BY ME, I will eat my shoe with red hot chilli if you can tell me which site I just attacked about 17 minutes ago on or about 0121 hours, Hong Kong time
Fact is, DDoS is not that difficult to initiate or comprehend. There are many school kids in China and Hong Kong who can start one just by downloading a program from the Internet, no big deal.
Please leave the spins and wayang to the Shitty Times and not bring it to TR.
“TR claimed that there was a DDoS attack which brought the site down, you disagree. Thats fine with me and I am sure admin will respect your view as well.”
For all I care wayang can even claim the moon is made out of cheese – that is NOT the issue here; please refer to my post @ 1st Nov 2009 8:30 pm – we cant hope to put the cart before the horse and expect to make progress.
First thing first, let us first try to find out: how is it possible for ANY site to suffer a massive doss attack without even leaving so much of an electronic signature.
Once we have successfully answered that question; then we will go for the kill for wayang. Not before.
Like I said thus far its just a private conversation
Darkness 2009
Darkness,
We know little about IT matters and we were told by our system administrator that the site is under massive attack by DDOS. This is the official explanation given by the company which hosts our server.
Whether it is a DDOS or not is of little importance to us as long the site is up and running. The fact is, the site was down for 8 hours and our readership suffered greatly as a result.
We are businessmen, not politicians, journalists or IT engineers. Every second our site is down, we lose a reader and money. We have spent a lot of money upgrading the server already and we expect no more downtime.
You are now accusing our hosting company of lying about the DDOS attack. Please settle this with them and do not get us involved. Better still, if you can prove that they are the sabotaging our site, we will transfer our site to another server immdetiately. Of course if you have been shown to be lying, then they have the option to sue you for defamation. Again, this does not concern us.
Since you proclaim yourself to be so smart, you should be able to trace our hosting company. If you can expose them, we will be more than grateful to you.
@Darkness, MASSIVE is subjective. To a layman, 100 IPs or so may be massive, to you, thats peanuts and even a properly setup software firewall can handle it. So in your context, a 20mbps, 50mbps or 100mbps DDoS is ‘MASSIVE’? Only with that information and agreement on ‘MASSIVE’ can we proceed.
TR did NOT mention that there were no electronic signatre, in fact, DC and server log will show quite clearly there was but TR need not dig these up to prove it to you, do they?
Like I said, the reason why I am engaging you is to learn more about DDoS and that can only happen if we engage ourselves in healthy exchanges.
“TR can be down for ANY REASON, it will still be none of your concern nor of mine, am I right?”
Well it really depends; for example, if you send off a SMS to a few thousand people, claiming that a bunch of terrorist have set of bomb blast in Orchard and it subsequently turns out to be only a bunch of bass guitarist having a blast in Orchard – whose concern do you think it is; mine or yours?
You tell the whole wide world wayang has suffered a massive doss attack; did you ever consider so much as even once how this would come to influence business decisions when it comes to internet investments by foreigners? – or for that matter who actually forms the community in the internet 9did you know that social political blogs only constitute less than 3% of internet attribution?) – or what type of business interest such comments may even impact?
No man is an island; so I am sorry, this is very much my business. It became my business as soon as I see it getting to close to my rice bowl. And I dont even care if it is the Chinese or the US govt – dont care!
Darkness 2009
@Darkness/XisdTay,
Pardon me for jumping in for the party,
The most common form of a DDOS against web servers would be a half-open SYN while hammering the HTTP port via spoofed IPs and yes, there would be a whole load of collateral from that which will show up all over the place. IPS logs, HTTP logs and Cacti graphs. It is not in my interest to be debating with anyone if TR actually suffered a DDOS but if TR is actually suffering from a DDOS or an attack of another nature and why on earth do you guys not ask the hosting provider to block the HTTP requests upstream or actually get a host that can perform traffic scrubbing upstream. Really, you also do not get away with enterprise level DDOS solutions for a 5 dollar a month hosting plan. You get what you pay for, really. Alternatively, look into mod_evasive for DDOS solutions, maybe?
http://www.mydigitallife.info/2007/08/15/install-mod_evasive-for-apache-to-prevent-ddos-attacks/
Also, hardening your TCP/IP stack,
http://www.securityfocus.com/infocus/1729
Also, look into getting your servers multi-homed or at least, mirrored somewhere else. I did offer to mirror the site for you guys but I got no reply so we’ll drop that idea for now. Also, look into round-robin DNS, this may help you alleviate the DDOS/loads with multiple servers although one could still argue that you can hammer the individual ips but that shouldn’t take out TR totally as the DNS queries from the clients will still be answered by the first reachable server. Here’s something maybe you guys can start looking at, openDNS + lighttpd + iptables on multiple servers instead of a single hosting account. As you expand, your infrastructure supporting has to move along with it too.
Anonymous Coward
@Darkness, you said: No man is an island; so I am sorry, this is very much my business. It became my business as soon as I see it getting to close to my rice bowl.
Now I am really lost here. How does TR being DDoS or NOT affect your rice bowl? Maybe you might want to explain yourself clearly on this claim instead of beating round the bush.
Once we know WHAT your true intentions are and WHY the sudden and keen interest to call the admin a liar, then we can continue on the proper path.
Do you have vested interest in TR? You are a shareholder?
You own the patent to DDoS and the attacker SHOULD HAVE paid you a royalty and register with you to attack TR and he forgot?
I could go on and on and on but too tired.
@Anonymous Coward, thank you for the feedback, all that you have highlighted have been considered and proposed to TR’s admin immediately after the DDoS and have been implemented whenever feasible. That I was told.
However, I feel that a stronger firewall at the network level coupled with rich bandwidth allocation is the ultimate solution but that comes at a hefty price. You dont get an enterprise level hardware firewall for $5.00 a month, ya?
If you do a search on the internet, a decent advanced firewall 3rd party protection will easilly cost $200 give or take. This is a decision only for TR’s admin to make, we are only engaging in private conversation.
As for the mirror offer, I did speak with admin but the technicalities involved is beyong them, which is probably why the no go.
@XiSDTay,
If the reason for getting hit hard by a DDoS and not wanting to do anything about it because of “technical complexities”, might I say that then there should be nothing that TR should cry about as the problem now isn’t a technical nor a financial problem but one that is deemed “too technical” by TR. We learn, we all learn how it works and there are always volunteers to help, not as if no one volunteered to help you guys out. In that case, I believe there’s nothing much anyone else outside of the administrative group can do or offer to do, considering TR stance on this matter.
Anonymous Coward
@Anonymous Coward, options were presented to TR by their hosts and TR have chosen to go for the hardware firewall.
TR is doing something about it, that I am sure.
DDoS is an act of a coward and I hope TR can withstand such attack better in the future.
@Darkness, if you have proof to show that TR was not DDoSed but hookwinked by their hosting company, please disclose it to TR’s Admin so that they can take it up with the company. I believe TR will thank you for this.
@XiSd Tay, you seems to be very IT savvy. You must be regretting wasting all those years in ISD? You would have made it big with your IT knowledge in the outside world I believe.
Host this site in the US. Otherwise you will be attacked and sued into closure.
You also need to ensure people’s anonymity otherwise the will be unable to speak out.
Don’t forget there is no free speech in Singapore.
@ExPoLiCe
1. TR’s admin has access to server logs and all the information they need from the alleged DDoS, provided by their host. From my understanding, TR wasn’t charge a cent for the additional strengthening and recovery for the site.
2. Maybe I was in the Secret Department that have just been unsecret?
@John Galt, it is much easier to sue TR in the US than where they are now.
@XiSd Tay,
No wonder. So based on your intimate knowledge, can this DDoS the work of your former colleagues?
“I could go on and on and on but too tired>”
If that is the case, then go and rest; when you are ready we will take it from where we lefted off – why should I even volunteer free consultancy is completely beyond me. Its none of business is some people think they are so smart; they are driving off the cliff.
In an age when a F-16 cost $75 million; a leopard tank cost $30 million and ministers get paid a couple of million per piece; nothing is free.
Just remember we all live in a world of consequences where every action is liable to create a corresponding reaction.
why should the internet be an exception to this rule?
Darkness 2009
“You are now accusing our hosting company of lying about the DDOS attack. Please settle this with them and do not get us involved. Better still, if you can prove that they are the sabotaging our site, we will transfer our site to another server immdetiately. Of course if you have been shown to be lying, then they have the option to sue you for defamation. Again, this does not concern us.”
Go ahead and sue. Whats holding them back? allow me to repeat it clearly again for your benefit and others – there is no doss attack on this site.
Just bc someone tells you; your backside is on fire doesnt mean that you have to jump into a bucket of water.
As I said in my previous entries and here: first thing first – first we find out how is it even possible for a doss attack not to leave even so much as a sliver of an electronic signature – after we have successfully answered that ONE question; then there will be plenty of time and opportunity for recriminations. I guarantee you.
It is conceivable admin; you may not have vital knowledge concerning this subject – that is to say you dont even know what conditions must first be obtained bfr you can even claim definitely your site has been nuked –
I understand, this is not easy information to find out; as there exist outdated and misleading info in the internet; but let me say this; mounting a doss attack is not something you decide to do on a sunday afternoon; it is a highly skilled operation that demands foremost money, organizational skill and an apparatus in the form of a network; should any one element be missing, you cant pull it off – and if you want to go into another layer of detail; you may also ask how are these people organized? What is their chain of command? How many cells are there? How are they networked? What time zone are they in? And so on and so forth.
To cut a long winded story short; once you know the modus operandi admin – then you would understand very quickly, why it is not possible to mount a sustained doss attack on this site or for that matter any site without even leaving so much as a watermark of an electronic thumbprint.
Darkness 2009
My suggestion is conduct a full diagnostic protocal on your account; every server comes with a built reboot function (there is no rocket science to this); no need to even re-route your code or to even customise it to resolve this “problem.” No need.
If the same problem persist; then consider hosting it on a parallel server (preferrably on opposite time zones / with perhaps a time delay for added security – no need to even talk abt firewall) / that way if one fails the other stands in as a reserve and you can even use A to cross reference B in the event of a crash or when you encounter any anomalies.
Have you done all these things?
Keep life simple.
Darkness 2009
Hi Darkness,
Our system admin did suggest a parallel server, but it will cost us a few hundred dollars more a month. We will consider the option in the future when the site starts to make some money. We have upgraded the server three times in the last one month alone. At this rate we are going, TR will probablty be bled dry soon. We cannot afford to have the site down intermittently like this if we are to build up the readership.
why i get error 404 when trying to read top news?
Hi sicktothebones,
Try refreshing the page again later. We are still fixing the cache.
@Darkness, you are not reading my reply at all and repeatedly claiming that YOU DON’TSEE as opposed to I SAW no electronic saignature of the alleged attack.
What you DON’T SEE does not mean that it doesn’t exists. I SAW the server logs and the bandwidth graph. I am convinced, PERIOD.
So lets say for the purpose of discussion that MAYBE the host told admin that it was a hard disk failure and admin decided to pass it off as a DDoS just to explain the downtime.
So anything wrong with that also? Whats it to you if it was a DDoS or a hardware failure? If anyone is to be worried, its the admin of TR, not you nor me.
I cannot comprehend your eagerness in wanting to taunt admin and call TR a liar. Its natural then to wonder what your true agenda is.
LASTLY, before I sign off, you claimed: mounting a doss attack is not something you decide to do on a sunday afternoon; it is a highly skilled operation that demands foremost money, organizational skill and an apparatus in the form of a network; should any one element be missing, you cant pull it off – and if you want to go into another layer of detail; you may also ask how are these people organized? What is their chain of command? How many cells are there? How are they networked? What time zone are they in? And so on and so forth.
Not entirely true, I SAY. With ready ‘meat chickens’ in cold storage, one can initiate a DDoS in less than an hour, at the click of a mouse. Of course if you are just learning how to DDoS then, it might take donkey years.
You again claimed: What is their chain of command? How many cells are there? How are they networked? What time zone are they in?
And I SAY not entirely true also for the reasons I stated above. Tell a chinese hacker or smart surfer the above and he will tell you to stop wasting his time. A LONE smart kid with the correct software can prepare himself for a DDoS or SYNC attack in less than a day ALL BY HIMSELF, what chain of command, what cells? We are living in the internet age, my friend.
Also, it is very easy to catch ‘meat chickens’ on the internet, there are PLENTY of FREE programs out there allowing you to do that. You don’t have to believe me, just do a search on the internet in CHINESE, DDOS 肉鸡。
Good day!
“So lets say for the purpose of discussion that MAYBE the host told admin that it was a hard disk failure and admin decided to pass it off as a DDoS just to explain the downtime.
So anything wrong with that also?”
of course. if it’s a hard disk failure, just say hard disk failure. very simple. when one says something else, it becomes complicated liao. one will have to ask ‘ what’s the intention?’
you said you saw the server log and stuff, and you were convinced it was a ddos. would you be willing to share what you saw with darkness?
should be no problem right?
@sheldon, Unfortunately NO, I am not prepared to share my findings with Darkness for the plain and simple reason that both TR and me has got nothing to prove to Darkness.
It will be very difficult to convince him of anything unless I can show him the bandwidth graph of the ENTIRE INTERNET on the day in questions.
Besides, he claims to be well connected and runs a huge network, so whatever findings I arrived at will be insignificant to him.
However, I can make an exception if he is willing to come clean and state for the record what his real agenda is.
The reason why I am saying so is because IF he had GENUINELY wanted to help TR handle this DDoS issue, he from the onset should have made it very clear of his intentions but he choose to beat round the bush, insinuate that I have secrets that he knows of, that TR’s admin was lying, etc etc etc.
When as a matter of fact, I have NEVER EVEN heard of him in my donkey years of being alive and certainly cannot recall knowing anyone back in Sinkapore remotely with his kind of skills.
The only person that has his kind of skills that I know is not from Sinkapore but in China who is also good in initiating DDoS against sites, then go contact the webmaster owner of the attacked site asking for certain sums of money to stop the attack, much like extortion.
Of course Darkness can’t be him because Darkness is in Sinkapore while the person I know is in China and nicknamed suolang (锁狼), right
sure, you guys have nothing to prove to darkness or anybody for that matter. it’s not like we pay to read this site.
do it for the sake of humanity and openness.
for the reason why darkness started insinuating was because he was convinced there was no ddos.
now, if you could show him the evidence that you saw, wouldn’t you think it help move the discussion forward? i am assuming that evidence is not that prone to interpretation, that if another IT savvy guy were to see it, ‘ddos’ would come to mind immediately.
so if after darkness sees it and he still disagrees it’s ddos, then it’s clear you guys have different definitions of ddos. probably, to him, it would be one that will not leave the kind of electronic fingerprint that he didn’t find.
i repeat, do it for the sake of openness.
Sheldon. U need to be very careful with Bambi Darkness Bad Boy, what if he is purposely baiting TR?
Could just be my overly suspicious mind in overdrive, but I cant help wondering why is he so cock sure?
He has to know something that we dont know. He has too.
“So lets say for the purpose of discussion that MAYBE the host told admin that it was a hard disk failure and admin decided to pass it off as a DDoS just to explain the downtime.
So anything wrong with that also?”
Look here stupid. How can a hard disk failure be explained as a doss attack?
Thats like calling lake toba a puddle or the grand canyon a sinkhole. No one in their right frame of mind does that.
Next time dont cry wolf and spook a whole lot of people.
Dont complicate your already complicated life.
If you are planning to shut down during APEC; no need to prep the ground; most people dont have the technical know how to even begin to ask themselves complicated questions like how, why or when? – just let it rip. Like I said, we know what is going on and we understand. We understand completely.
Darkness 2009
Sheldon is right XISD TAY why dont you share with all of us what convinced you so thoroughly that TR did suffer a massive DDOS attack. To quote you,
“What you DON’T SEE does not mean that it doesn’t exists. I SAW the server logs and the bandwidth graph. I am convinced, PERIOD.”
Why dont you take this opportunity to kill off Darkness completely? Its obvious to all of us XISD TAY you already have the documentary proof. As you boasted so confidently, ” I am convinced, PERIOD>”
So what is preventing you from convincing us all XISD TAY that TR has suffered a massive DDOS attack? Unless of course you happen to be saying in not so many words, Darkness 2009 was right all along.
There was never any DDOS attack.
只許官家放火,不許百姓點燈???
I have stated my stand on this matter very clearly, I have the logs which was passed to me by the SysAdmin of TR with TR’s admin permission.
However, I believe that Darkness has a hidden agenda which I am not sure of, so log or no log, it might not solve the issue and may even complicate things further, subjecting TR to more abuse.
Server logs are just plain numbers to the layman but to someone with Darkness’s expertise, it will exposed the server right down the core. For an expert hacker, exposing the type of OS used, web server, php version, mysql version is sufficient information to open a few back doors.
If Darkness is genuinely wanting to help TR with the DDoS issue, then he should approach the admin of TR and who knows, TR might even dismiss their present SysAdmin and engage Darkness, but thats for TR to decide, not me.
@Darkness who claimed: If you are planning to shut down during APEC; no need to prep the ground; most people dont have the technical know how to even begin to ask themselves complicated questions like how, why or when? – just let it rip. Like I said, we know what is going on and we understand. We understand completely.
Read further up a few posts about the things my china friends did to webmasters, sounds familiar?
My reply, go ahead, try it. (You SHOULD know what I mean)
@XiSd Tay,
I fully agree with you that if the logs will give away the weaknesses of the systems, then TR should not be revealing it to @Darkness especially when his intention is dubious.
However, from a non-techie’s perspective, would it be possible for you to disclose enough information to prove the DDoS attack but blank out the system versions etc?
I believe that this is the only way to settle this matter with @Darkness once and for all.
TR really trust you huh? Because you are ex-ISD?
@ExPoLiCe, thank you for your understanding in this matter.
Problem with blanking out the details is when I do that, then I can’t prove anything anymore
Anyway, TR’s admin is AGAINST the idea of displaying the log, so let Darkness remain in the Dark.
As for TR’s trust, its gained over time, not because of who I was but who I am now.
@sheldon, why should TR or me prove anything? It was Darkess who made the allegations, he should be the one proving it, not us.
@ XiSd Tay on Wed, 4th Nov 2009 9:56 am
I like you here because you are a very knowledgeable blogger.
YOU BEEN AROUND, DEFINITELY!!
@Anonymous, thank you for your ‘liking’
Too bad you are in Sinkapore while I am in Hong Kong or else we can both go out for a good time, my treat, of course
Hey @XiSd Tay,
I like you too! I want to read your blog too! What’s the URL?
So if I go Hong Kong next time, I can call you and you bring me out for a good time also? Give me your Hong Kong number now!
Hahaha…..