Continued DDOS attacks and the end result. (IRC users please read)

AnthonySmith · 2017-05-02 21:59:09

Hi Folks,

As a result of the now almost daily ddos attacks and the hours of work having to go in to dealing with them, I am going to be making changes that will block all IRC related activity on all Inception hosting LES servers.

Again I am not trying to single anyone out specifically or if their is just a stronger IRC user community in Italy or if there is something more sinister and coordinated to it all but almost all attacks are hitting IPv6 and can be traced back to IRC related activities from Italian users.

I have had enough, I don't have the 20+ hours a week it takes to deal with it all spare.

1 large attack hits the network, it hurts all users, not just LES, and creates a lot of work for me and my own upstream, it generates a lot of support tickets and it is just not an acceptable risk/reward any more.

I will soon roll out filtering.

I know this will upset a number of people, I am sorry but I do not see any viable alternatives at this time, you are free to make suggestions though.

WSS · 2017-05-03 09:39:31

You really need to charge IRC users for the amount of time and annoyance it causes, even if it's going away (Discord users should be banned on sight).

CheapPatzer · 2017-05-20 16:14:35

Do you have any service that IRC/ZNC users can transition to? I've run ZNC almost exclusively here and have not been the source or target of any of this drama, and now I need to transition hosts. (Granted, it's not a huge loss because the service is not very expensive.)

AuroraZero · 2017-05-20 21:32:48

CheapPatzer wrote:

Do you have any service that IRC/ZNC users can transition to? I've run ZNC almost exclusively here and have not been the source or target of any of this drama, and now I need to transition hosts. (Granted, it's not a huge loss because the service is not very expensive.)

That is the main reason he needs to end the IRC stuff. The costs for him are way to high and it not only makes us other users suffer, but takes money directly out of his pocket. I don't want to see Ant or anyone else lose money at all. This is a nice service and that is exactly what it is a service. I like my little box for what it is and does and the price can not be beat, so this is the only logical conclusion, unless you want the whole service gone.

AnthonySmith · 2017-05-20 22:03:18

From what I can see he.net have removed the irc options from my tunnel anyway.

CheapPatzer · 2017-05-23 12:58:53

AuroraZero wrote:

That is the main reason he needs to end the IRC stuff. The costs for him are way to high and it not only makes us other users suffer, but takes money directly out of his pocket. I don't want to see Ant or anyone else lose money at all. This is a nice service and that is exactly what it is a service. I like my little box for what it is and does and the price can not be beat, so this is the only logical conclusion, unless you want the whole service gone.

I agree. That's why I was asking if there was another service that I could transition to so I could keep paying Ant to get the service that I want, perhaps at a higher price point that keeps out the troublemakers and ensures that he is not losing money on the occasional troublemaker. If I have to go out and move to a different server then I'd rather move to a server run by somebody I trust, even if it costs me more, because I know that it will be done right.

AnthonySmith · 2017-05-23 13:04:40

IRC is welcome in the UK, that is my only compromise, I have IPv6 ddos protection in the UK, if an attack comes in through your service will be terminated regardless of impact, I am not in the business of harboring IRC DDOS magnets.

Toldierone · 2017-05-23 16:11:03

Backtogeek wrote:

you are free to make suggestions though.

So here's the crazy idea, I don't know if the IRC ban/filtering is done on per container basis, or per location as whole, but if it's the former, how about allowing IRC access to customers that had used their boxes without causing any trouble for, say, at least one year?
Or, even crazier, an outright Catch-22, granting IRC access to people that have used IRC without causing trouble for certain time-span, essentially grandfathering IRC access to those whom already use their VPS for IRC and coexist peacefully, without causing any issues, and cutting off a "supply" of potential troublemaker newcomers

I fully understand the decision and the events that led to it, but I'm just thinking out loud some ideas, in case nobody considered it, as it's kinda sad to see all the "good" users punished by single instances of bad behaviour. Maybe there's some hope for the ol' guard of good IRC boys out there

But in the case filtering is done on whole location at once, with no viable whitelisting option, or it is just stupid/naïve/crazy idea, then disregard completely what I said.

mikho · 2017-05-23 16:38:29

Toldierone wrote:

Backtogeek wrote:
you are free to make suggestions though.
So here's the crazy idea, I don't know if the IRC ban/filtering is done on per container basis, or per location as whole, but if it's the former, how about allowing IRC access to customers that had used their boxes without causing any trouble for, say, at least one year?
Or, even crazier, an outright Catch-22, granting IRC access to people that have used IRC without causing trouble for certain time-span, essentially grandfathering IRC access to those whom already use their VPS for IRC and coexist peacefully, without causing any issues, and cutting off a "supply" of potential troublemaker newcomers
I fully understand the decision and the events that led to it, but I'm just thinking out loud some ideas, in case nobody considered it, as it's kinda sad to see all the "good" users punished by single instances of bad behaviour. Maybe there's some hope for the ol' guard of good IRC boys out there
But in the case filtering is done on whole location at once, with no viable whitelisting option, or it is just stupid/naïve/crazy idea, then disregard completely what I said.

since LES shares IPv4 it is better to either block it or allow it on that location.

AnthonySmith · 2017-05-23 20:55:40

I understand the idea and if that was possible without manual work on thousands of containers I would do something like that, in reality, it is an all or nothing situation, I don't have any way to automate it.

laibsch · 2017-09-19 15:22:48

for my education: how is IRC vulnerable? I understand some people like to use znc etc. to keep them connected to IRC even when they are offline. Is it their znc session that gets attacked by a flood of incoming messages or do some of them become part of a botnet and are used to attack others? I use IRC from my laptop and it's the first time I hear about a potential security issue. I googled "IRC ddos" but I still have questions.

mikho · 2017-09-19 17:41:06

A user connects to irc from their LES Server, pisses someone off and gets DDOSed.
On a shared IP that will bring everyone else on that IP down.

laibsch · 2017-09-20 07:50:48

I see. Thank you for the explanation. The DDOS attack itself is via IRC or via http/$someotherprotocol?

mikho · 2017-09-20 10:14:25

laibsch wrote:

I see. Thank you for the explanation. The DDOS attack itself is via IRC or via http/$someotherprotocol?

Often something else

Rajino · 2017-09-26 08:26:42

I just bought one and using it exclusive for irc...badluck

ultrafunk · 2017-11-12 12:47:05

What about allowing irc via ipv6 only?

Last edited by ultrafunk (2017-11-12 12:47:25)

LowEndSpirit Forum

#1 2017-05-02 21:59:09

Continued DDOS attacks and the end result. (IRC users please read)

#2 2017-05-03 09:39:31

Re: Continued DDOS attacks and the end result. (IRC users please read)

#3 2017-05-20 16:14:35

Re: Continued DDOS attacks and the end result. (IRC users please read)

#4 2017-05-20 21:32:48

Re: Continued DDOS attacks and the end result. (IRC users please read)

#5 2017-05-20 22:03:18

Re: Continued DDOS attacks and the end result. (IRC users please read)

#6 2017-05-23 12:58:53

Re: Continued DDOS attacks and the end result. (IRC users please read)

#7 2017-05-23 13:04:40

Re: Continued DDOS attacks and the end result. (IRC users please read)

#8 2017-05-23 16:11:03

Re: Continued DDOS attacks and the end result. (IRC users please read)

#9 2017-05-23 16:38:29

Re: Continued DDOS attacks and the end result. (IRC users please read)

#10 2017-05-23 20:55:40

Re: Continued DDOS attacks and the end result. (IRC users please read)

#11 2017-09-19 15:22:48

Re: Continued DDOS attacks and the end result. (IRC users please read)

#12 2017-09-19 17:41:06

Re: Continued DDOS attacks and the end result. (IRC users please read)

#13 2017-09-20 07:50:48

Re: Continued DDOS attacks and the end result. (IRC users please read)

#14 2017-09-20 10:14:25

Re: Continued DDOS attacks and the end result. (IRC users please read)

#15 2017-09-26 08:26:42

Re: Continued DDOS attacks and the end result. (IRC users please read)

#16 2017-11-12 12:47:05

Re: Continued DDOS attacks and the end result. (IRC users please read)

Board footer