web analytics

DDOS Attack Advisory

For the past several days, this blog has been a target of a DDOS attack (Distributed Denial-of-Service) which put the site to a crawl.

According to our data center, the DDOS attack was targeted to this domain alone (not the main server IP) so this is obviously a targeted attack at us. We don’t have any idea to the attacker but we have tried a lot of ways to mitigate this.

As a result, you may have experienced the site to load very slowly or completely unviewable.

To those who still cannot access the blog at the moment, I suggest subscribing to the RSS Email blast here (it’s hosted separately by Feedburner and is not affected by the attack).

Abe is the founder and Editor-in-Chief of YugaTech. You Can follow him on Twitter @abeolandres.

You may also like...

29 Responses

  1. Abiel says:

    I don’t see any reason why would somebody will try to attack this blog? Any secret plan in taking over the web? :)

  2. heckiboi says:

    minsan ayaw mag load ng pages kahit ok naman yung connection ng internet ko… yun pala may DDOS attack

  3. Same attack used by hackers in Twitter and Facebook few years ago.

  4. firewall, if its dynamic ip, either you have a mitigation service which can block traffic that looks malicious at your provider, or well you try to just handle the traffic. If you run apache its really hard to handle, better if you use NGINX since it can handle tons of connections easily.

    Here’s a script I use which blocks ips with more than 200 connections using iptables. You can run that one a cronjob :) It might work

    /bin/netstat -npa –inet | /bin/grep :80 | /bin/sed ‘s/:/ /g’ | /bin/awk ‘{print $6}’ | /bin/sort | /usr/bin/uniq -c | /bin/sort -n | while read line; do one=`echo $line | /bin/awk ‘{print $1}’`; two=`echo $line | /bin/awk ‘{print $2}’`; if [ $one -gt 200 ]; then /sbin/iptables -I INPUT -s $two -j DROP; fi; done; /sbin/iptables-save | /bin/grep -P ‘^-A INPUT’ | /bin/sort | /usr/bin/uniq -c | /bin/sort -n | while read line; do oneIp=`echo $line | /bin/awk ‘{print $1}’`; twoIp=`echo $line | /bin/awk ‘{print $5}’`; if [ $oneIp -gt 1 ]; then /sbin/iptables -D INPUT -s $twoIp -j DROP; echo $twoIp; fi; done

  5. CheLauno says:

    @abeolandres whoever did it obviously has hidden agenda. Or sobrang naiinggit lang talaga sayo. You’re Philippines’ TechMan after all,

  6. yodz says:

    hmm, that’s why I can’t access this site a few days ago. I thought you’re doing a site maintenance.
    Well I guess, you’re site is really famous now – that’s why they’re doing it!

  7. RaGe Einzeln says:

    i thought it was just my DNS configuration on my router…but so far it’s fine…

    inggit lang yan…

  8. Kya pala this past few days when i tried to access this blogs its always display’s n0t found or unable to connect using my pc and m0bileph0nes
    s0mebody might want to rule your blog sir abe…
    Because of your blogs popularity
    Mga walang magawa,hehehe mga inggit lang sila sir abe !
    M0re power to you yugatech blog!

  9. JP says:

    I myself thought the site’s bandwidth was being congested. Guess your site can be defaced if the hacker means business.

  10. Karl Ramport says:

    My site was DDoS on and off for 3 weeks,
    it killed my business !!!

    Somebody has to do something about these DDoS

    I eventually had to subscribe to a DDoS protection service called dosarrest, great service and have had no problems since.

  11. Elbert Lo says:

    Perhaps a move to a resilient blogging platform like squarespace.com help?

  12. lolipown says:

    @Karl Ramport
    You can pay for DDOS protection but it will break the bank
    @Elbert Lo
    Not going to be much help if it’s the flooding of requests that’s making the server crawl, not the software that’s running the blog.

  13. Pedro says:

    I thought the problem was my internet service provider, oh well…

    those creeps who had done this sucks… bigtime… :p

  14. Guy says:

    well, if you’re sick and jealous, that’s reason enough to do such sickly act.

  15. Jhay says:

    A mirror site could help. I wonder who would be the next target? We would probably never know who it was and why they did it.

  16. jan says:

    yeah, this site is very slow

  17. Ernie says:

    @abe Talagang ganyan sa showbiz Abe! Masanay ka na…iba na ang sikat!:D

  18. Harley says:

    wow, i really thought that that was the philippine website problem…well at least i know now…keep things interesting always! thanks for keeping us updated!

  19. john alvero says:

    Aside from the script that Andre suggested, you can also go for an apache module mod_limitipconn or if you want to block traffic even before it reaches apache you can go for a netfilter extension namet iplimit. If you have that patch already the command should look something like this:

    iptables -A INPUT -p tcp –syn –dport http -m iplimit –iplimit-above 10 -j REJECT

  20. Olmi says:

    Good suggestions, Anre and john alvero. Abe, good thing your site is loading OK, now. Well, at least here at my end.

  21. Reel Advice says:

    I thought it was a server/ISP problem for the past few days. Shame on whoever did this but this could also be a sign of your celebrity status!

  22. yuga says:

    Hi guys! Thanks for the suggestions. With the help of our DC Engineers, we’ve actually done most of the suggestions you gave as first preventive measures. This is also the reason why some Ips are being blocked from certain IP segments because of the connection limits we’ve put in place.

    Someone from Verisign also contacted me and another provider offering their anti-DDOS services and I’m contemplating on getting them.

  23. Knee Loat says:

    yeah… i noticed your blog loads slowly than the other sites that i visit… hmmmm

  24. google says:

    Welcome back Abe! How’d you get over it?

  25. squishy says:

    why don’t they nuke a site like filipina.com? those hackers should have some ethics in employing DDoS attacks.

    filipina.com is outrightly insulting. the domain name must be bought for our own honor.

  26. Anthony Rodeli dC Guanio says:

    Why would anyone wanna Hack you guys? You need a guy to do offensive security.

  27. flyah says:

    As I can see, you are using Cpanel on your server. Why not use Litespeed to replace Apache?

    Litespeed handles DDOS very well. and RAM consumption is a bit low compared to httpd.

    But its a bit expensive as the licenses is per CPU Core basis.

Leave a Reply

Your email address will not be published. Required fields are marked *