Interesting afternoon…

inxilpro · August 3, 2015, 11:45pm

Hey all,

We’ve had an interesting afternoon at InterNACHI. Our server got hit with a denial of service, or DDoS, attack, and we were dealing with 50x traffic for several hours. This is what it looked like:

We’ve contained the problem and blocked the offending IPs, and have been monitoring the situation. Sorry if anyone was affected by slowness or downtime!

If you’re in Ukraine and just accidentally tried to download all of NACHI.ORG every second for several hours, sorry we had to block you!

Chris

belliott · August 3, 2015, 11:47pm

Wondered what happened.
What is the purpose of this type attack ?

mcyr · August 3, 2015, 11:50pm

Well, that explains the Server is too busy for a few minutes.

dhays · August 3, 2015, 11:52pm

They were just trying to slow Frank Rotte down a little. He was burning up the NACHI server. :mrgreen:

frotte · August 3, 2015, 11:58pm

Hardly fazed me.

inxilpro · August 3, 2015, 11:59pm

Hard to say, and probably no way we’ll ever know. When you get as big as we are, you become a target for stuff like this. We deal with a handful of attacks like this every month. Usually they’re not as big as this, or don’t cause as many problems. This one just was particularly effective.

Just for fun, I logged out of one of our servers and then logged back in immediately. When I logged back in, I was greeted with this:

So, in less than 3 seconds our server saw 17 attempts to break into it. It’s just the reality that we have to deal with nowadays. Luckily, 90% of the time our automated systems catch it, and 90% of the time that they don’t, our IT team steps in before we get into any trouble.

Also, we use really freaking strong passwords

Chris

sfetty · August 4, 2015, 12:43am

I noticed about an hour or two of the “the server being too busy”. Thanks for the update as to what happened. My Google Adwords info tells me I’m flooded with traffic from Russia, is there a way to stop or guard from the attacks?

rernst1 · August 4, 2015, 3:29am

Good job stopping that DOS. It shows a good IT team. Back in the day I worked for a company that was attached allot and it can eat up allot of resources.

lkage · August 4, 2015, 3:55am

Thanks for the update and your teams’ expertise.

belliott · August 4, 2015, 7:21am

Seems all the attacks come from Russia most of the time.
I know Dom deals with them for years from there.
Whats the deal with Russia and Hackers ?..LOL

I suppose they are doing us all a favor in the long run by teaching us to learn security.

cwallace1 · August 4, 2015, 1:03pm

They are usually attempting to break in to obtain / steal personal information: user names, passwords, credit card info, DOB, SSN, etc…

Thanks for the update Chris.

jjonas · August 4, 2015, 3:47pm

It’s Nick’s fault.

dmorris5 · August 9, 2015, 11:08pm

People need to get a life and quit doing “Mindless” junk like this. It just shows they are not progressing in life other than getting some sort of satisfaction on causing other people pain.