Over the past few months, I have been getting emails from one of my vps providers informing me that I am constantly under DDOS attack. Sometimes it will happen once a week, other times up to 3 times in one day. Since the server is behind my providers insanely awesome firewall, I seldom notice any performance downgrade. However, there are those rare occaisons when the attacks get really bad, and my provider will shut the server down for a few minutes, which has disrupted my work.
I got an email from them today informing me that I was DDOS'd 3 times yesterday, and once today. They also asked me if I knew why I was being attacked so frequently. That's the first time anyone's ever asked me that. I replied "I have no idea... I wish I knew!" It's remiscant of the 5 day attack on GIthub from China, in that the maintainers of Github had absolutely no idea why they were being attacked. They said something like "that's the frusterating thing about DDOS attacks-- it's impossible to know what the motive is."
Yeah, that about sums it up. It takes an awful lot of effort and cooridation to organize an attack like this, and if its going to be effective, than it will generally require hundreds of machines, at least. I've considering putting a message board on the server with a form, asking "Who the fuck are you, and what do you want?"
... But that would probably just open up another attack vector for them to use against me, whoever they are. It's like holding somebody captive for ransom and failing to send a note explaining what you want... Perhaps there is no message. I thought maybe it's a rival VPS provider that is trying to get customers to switch over to them, but if that is the case, wouldn't it be more effective to attack the VPS farm's gateway instead of one of the clients? I also checked my spam emails, and there are no letters from VPS providers soliciting a service, so that can't be the case. And according to my provider, I am, with certainty, the target.
I only wish that I knew why I am being targeted. Everytime this happens, I ask them if they'd give me the IP address's of the attackers, because I am curious to see which country it's coming from. So far, they have not told me. It's difficult to figure out where the attacks are coming from by looking at the kernel logs, because the attacks are filtered by the provider's firewall before they ever hit me. So I have to resort to guessing, again...
No comments:
Post a Comment