#1 2017-05-02 21:59:09

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,547
Website

Continued DDOS attacks and the end result. (IRC users please read)

Hi Folks,

As a result of the now almost daily ddos attacks and the hours of work having to go in to dealing with them, I am going to be making changes that will block all IRC related activity on all Inception hosting LES servers.

Again I am not trying to single anyone out specifically or if their is just a stronger IRC user community in Italy or if there is something more sinister and coordinated to it all but almost all attacks are hitting IPv6 and can be traced back to IRC related activities from Italian users.

I have had enough, I don't have the 20+ hours a week it takes to deal with it all spare.

1 large attack hits the network, it hurts all users, not just LES, and creates a lot of work for me and my own upstream, it generates a lot of support tickets and it is just not an acceptable risk/reward any more.

I will soon roll out filtering.

I know this will upset a number of people, I am sorry but I do not see any viable alternatives at this time, you are free to make suggestions though.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#2 2017-05-03 09:39:31

WSS
Trusted Member
Registered: 2016-12-22
Posts: 286

Re: Continued DDOS attacks and the end result. (IRC users please read)

You really need to charge IRC users for the amount of time and annoyance it causes, even if it's going away (Discord users should be banned on sight).


RbyeR4Nm.png

Offline

#3 2017-05-20 16:14:35

CheapPatzer
Trusted Member
Registered: 2015-05-20
Posts: 12

Re: Continued DDOS attacks and the end result. (IRC users please read)

Do you have any service that IRC/ZNC users can transition to?  I've run ZNC almost exclusively here and have not been the source or target of any of this drama, and now I need to transition hosts.  (Granted, it's not a huge loss because the service is not very expensive.)


No caffeine and no chess make CheapPatzer go something something...

Offline

#4 2017-05-20 21:32:48

AuroraZero
Slacker
From: Slacker Labs
Registered: 2017-04-01
Posts: 60
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

CheapPatzer wrote:

Do you have any service that IRC/ZNC users can transition to?  I've run ZNC almost exclusively here and have not been the source or target of any of this drama, and now I need to transition hosts.  (Granted, it's not a huge loss because the service is not very expensive.)

That is the main reason he needs to end the IRC stuff. The costs for him are way to high and it not only makes us other users suffer, but takes money directly out of his pocket. I don't want to see Ant or anyone else lose money at all. This is a nice service and that is exactly what it is a service. I like my little box for what it is and does and the price can not be beat, so this is the only logical conclusion, unless you want the whole service gone.


The world is full of nuts.....Come join us. smile

Offline

#5 2017-05-20 22:03:18

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,547
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

From what I can see he.net have removed the irc options from my tunnel anyway.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#6 2017-05-23 12:58:53

CheapPatzer
Trusted Member
Registered: 2015-05-20
Posts: 12

Re: Continued DDOS attacks and the end result. (IRC users please read)

AuroraZero wrote:

That is the main reason he needs to end the IRC stuff. The costs for him are way to high and it not only makes us other users suffer, but takes money directly out of his pocket. I don't want to see Ant or anyone else lose money at all. This is a nice service and that is exactly what it is a service. I like my little box for what it is and does and the price can not be beat, so this is the only logical conclusion, unless you want the whole service gone.

I agree.  That's why I was asking if there was another service that I could transition to so I could keep paying Ant to get the service that I want, perhaps at a higher price point that keeps out the troublemakers and ensures that he is not losing money on the occasional troublemaker.  If I have to go out and move to a different server then I'd rather move to a server run by somebody I trust, even if it costs me more, because I know that it will be done right.


No caffeine and no chess make CheapPatzer go something something...

Offline

#7 2017-05-23 13:04:40

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,547
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

IRC is welcome in the UK, that is my only compromise, I have IPv6 ddos protection in the UK, if an attack comes in through your service will be terminated regardless of impact, I am not in the business of harboring IRC DDOS magnets.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#8 2017-05-23 16:11:03

Toldierone
Trusted Member
Registered: 2016-06-09
Posts: 40

Re: Continued DDOS attacks and the end result. (IRC users please read)

Backtogeek wrote:

you are free to make suggestions though.

So here's the crazy idea, I don't know if the IRC ban/filtering is done on per container basis, or per location as whole, but if it's the former, how about allowing IRC access to customers that had used their boxes without causing any trouble for, say, at least one year?
Or, even crazier, an outright Catch-22, granting IRC access to people that have used IRC without causing trouble for certain time-span, essentially grandfathering IRC access to those whom already use their VPS for IRC and coexist peacefully, without causing any issues, and cutting off a "supply" of potential troublemaker newcomers tongue

I fully understand the decision and the events that led to it, but I'm just thinking out loud some ideas, in case nobody considered it, as it's kinda sad to see all the "good" users punished by single instances of bad behaviour. Maybe there's some hope for the ol' guard of good IRC boys out there smile

But in the case filtering is done on whole location at once, with no viable whitelisting option, or it is just stupid/naïve/crazy idea, then disregard completely what I said.

Offline

#9 2017-05-23 16:38:29

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,356
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

Toldierone wrote:
Backtogeek wrote:

you are free to make suggestions though.

So here's the crazy idea, I don't know if the IRC ban/filtering is done on per container basis, or per location as whole, but if it's the former, how about allowing IRC access to customers that had used their boxes without causing any trouble for, say, at least one year?
Or, even crazier, an outright Catch-22, granting IRC access to people that have used IRC without causing trouble for certain time-span, essentially grandfathering IRC access to those whom already use their VPS for IRC and coexist peacefully, without causing any issues, and cutting off a "supply" of potential troublemaker newcomers tongue

I fully understand the decision and the events that led to it, but I'm just thinking out loud some ideas, in case nobody considered it, as it's kinda sad to see all the "good" users punished by single instances of bad behaviour. Maybe there's some hope for the ol' guard of good IRC boys out there smile

But in the case filtering is done on whole location at once, with no viable whitelisting option, or it is just stupid/naïve/crazy idea, then disregard completely what I said.


since LES shares IPv4 it is better to either block it or allow it on that location.

Offline

#10 2017-05-23 20:55:40

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,547
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

I understand the idea and if that was possible without manual work on thousands of containers I would do something like that, in reality, it is an all or nothing situation, I don't have any way to automate it.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#11 2017-09-19 15:22:48

laibsch
Trusted Member
Registered: 2016-09-18
Posts: 17

Re: Continued DDOS attacks and the end result. (IRC users please read)

for my education: how is IRC vulnerable?  I understand some people like to use znc etc. to keep them connected to IRC even when they are offline.  Is it their znc session that gets attacked by a flood of incoming messages or do some of them become part of a botnet and are used to attack others?  I use IRC from my laptop and it's the first time I hear about a potential security issue.  I googled "IRC ddos" but I still have questions.

Offline

#12 2017-09-19 17:41:06

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,356
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

A user connects to irc from their LES Server, pisses someone off and gets DDOSed.
On a shared IP that will bring everyone else on that IP down.

Offline

#13 2017-09-20 07:50:48

laibsch
Trusted Member
Registered: 2016-09-18
Posts: 17

Re: Continued DDOS attacks and the end result. (IRC users please read)

I see.  Thank you for the explanation.  The DDOS attack itself is via IRC or via http/$someotherprotocol?

Offline

#14 2017-09-20 10:14:25

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,356
Website

Re: Continued DDOS attacks and the end result. (IRC users please read)

laibsch wrote:

I see.  Thank you for the explanation.  The DDOS attack itself is via IRC or via http/$someotherprotocol?

 
Often something else

Offline

#15 2017-09-26 08:26:42

Rajino
Trusted Member
Registered: 2016-11-01
Posts: 11

Re: Continued DDOS attacks and the end result. (IRC users please read)

I just bought one and using it exclusive for irc...badluck smile

Offline

#16 2017-11-12 12:47:05

ultrafunk
Trusted Member
Registered: 2017-11-11
Posts: 6

Re: Continued DDOS attacks and the end result. (IRC users please read)

What about allowing irc via ipv6 only?
smile

Last edited by ultrafunk (2017-11-12 12:47:25)

Offline

Board footer