Sorry for the Downtime

[Z3R0]

Apparently, there was an attempt to DDOS our server (Someone's scared of us)

We have managed to resolve this issue, and as such, you can see that our forums are now back online.

No files were harmed during the attempt.

Thanks,

Z3R0

[ragnazorg]

You might want to open up the donations for this forums for hosting payments and such or else they'll do it over and over again to make SF remove the privileges given.

Edited November 30, 2011 by ragnazorg

[Protimus]

You are sure that is a botnet? Recently there is a type of attack called 0day.

Another day someone tried this attack in brAthena, but it's just updating apache to correct the problem. If the problem persists and you need help, just ask...

[llchrisll]

Hmm I still couldn't connect until I tested to add "index.php" after the URL and it worked,

when I let "http://rathena.org/board/" then I get the usual

This space is managed by SourceForge.net. You have attempted to access a URL that either never existed or is no longer active. Please check the source of your link and/or contact the maintainer of the link to have them update their records.

I only though of that while I tried Wiki out , and saw it worked so, I tried that^^.

Good luck for finding a new host though .

Regards,

Chris

[Brian]

You are sure that is a botnet? Recently there is a type of attack called 0day.

Another day someone tried this attack in brAthena, but it's just updating apache to correct the problem. If the problem persists and you need help, just ask...

I think it was a botnet because:

• on the board index you can see Most Online = 2,985 (from this morning)
  
• I checked the board's "sessions" table and there were 2,578 guests
  (different IPs, all viewing the board index, and all had the same user agent string)
  
• I looked up the first 3 IP addresses, and 2/3 were listed with "bad behavior from that IP"
  
• two of the botnet zombie IPs have previously posted spam on the old [eathena.ws] forums:
  - 189.52.5.4
  - 198.254.16.200
  

Hmm I still couldn't connect until I tested to add "index.php" after the URL and it worked,

when I let "http://rathena.org/board/" then I get the usual

This space is managed by SourceForge.net. You have attempted to access a URL that either never existed or is no longer active. Please check the source of your link and/or contact the maintainer of the link to have them update their records.

Your browser probably has the page cached.

Try Shift+Refresh or Shift+F5, or clear your browser's cache

Edited November 30, 2011 by Brian

[Protimus]

Well, then that makes things simple, just add a good firewall filter and block the IPs that are effecting the original attack.

If you cannot block, try to find answers that come from an attack address and make connections to an IRC for example. Knowing this, you can contact the IRC server to perform the banning of IPs in the channel ... Giving great job for hacker, wich will exchange all server address in each zombie machines.

But try looking through the acess log and error log, if you see strange GET responses, as it may be out there who are attacking and not by UDP. If still continue to down, the attack must be a SYN Flood ... To soften you can activate the syn_cookies.

Edited November 30, 2011 by Protimus

[KeiKun]

ROFL

2.985 Most Online xD

[Gaypuff]

This is a little ironic. Wasn't it you guys who were accused of threatening to ddos attack eA? xD

I can't get over how immature this is, though. I mean really, petty much?

I'm glad no damage has been done. =]

[Kamion]

The funny thing is, even eA themselves got attacked, too (the site is down, again...), so this makes me wonder... is there someone out there that doesn't like eAthena, and even attacked us, because we were originally trying to be the new eAthena, or in one way, associated with eAthena?

[Gaypuff]

eA is pretty much always down, though. =S But I hope it's not an attack. If it is, no doubt everyone here would get blamed.

Off topic: That's a very nice Link avatar you have there, Kamion.

[Aurora]

Y'all handled it very nicely, I have to say. Last time a forum was DDoS'd, they had no idea what to do and left it up to the web host to figure it out while they sat with their thumbs up their bums.

[Mystery]

• 19,400 Total Posts
  
• 356 Total Members
  
• MWestfall Newest Member
  
• 2,985 Most Online
  

Rofl, just died.

Edited December 1, 2011 by Mysterious

[Protimus]

This has happened several times with my projects, but i do not care... Because if they do it, feel threatened and show how i'm good.

Regardless of who it was, is jealous and afraid. People like that should be ignored. We should think about the future of Rathena, not focus energies at lammers.

Like Johnnie Walker says: Keep walking, haha.

Edited December 1, 2011 by Protimus

[MWestfall]

lol what Mysterious?

[Brian]

• 2,985 Most Online
  

Rofl, just died.

To add to that -- at one point, the board was serving over 60 simultaneous requests per second !

SELECT FROM_UNIXTIME(running_time),COUNT(*) FROM `sessions` 
GROUP BY running_time HAVING COUNT(*) >= 10 ORDER BY COUNT(*) DESC;

Time                   Count

2011-11-30 12:39:56     63
2011-11-30 12:39:59     45
2011-11-30 12:39:57     40
2011-11-30 12:40:02     40
2011-11-30 12:39:41     38
2011-11-30 12:40:03     33
2011-11-30 12:39:47     33
2011-11-30 12:39:50     32
2011-11-30 12:40:00     32
2011-11-30 12:39:51     30
2011-11-30 12:39:19     29
2011-11-30 12:39:54     29
2011-11-30 12:39:53     28
2011-11-30 12:39:46     27
2011-11-30 12:39:43     27
2011-11-30 12:39:44     26
2011-11-30 12:39:32     26
2011-11-30 12:39:22     26
2011-11-30 12:39:29     26
2011-11-30 12:40:01     26
2011-11-30 12:40:04     25
2011-11-30 12:39:13     25
2011-11-30 12:39:25     24
2011-11-30 12:39:34     24
2011-11-30 12:39:38     23
2011-11-30 12:39:58     23
2011-11-30 12:39:15     23
2011-11-30 12:39:28     23
2011-11-30 12:39:16     23
2011-11-30 12:39:10     23
2011-11-30 12:38:48     22
2011-11-30 12:39:40     22
2011-11-30 12:39:45     21
2011-11-30 12:38:36     21
2011-11-30 12:39:35     21
2011-11-30 12:39:37     20
2011-11-30 12:39:31     20
2011-11-30 12:39:52     20
2011-11-30 12:39:23     20
2011-11-30 12:39:55     20
2011-11-30 12:39:03     19
2011-11-30 12:39:49     19
2011-11-30 12:38:54     18
2011-11-30 12:39:26     18
2011-11-30 12:39:39     18
2011-11-30 12:39:33     18
2011-11-30 12:39:48     17
2011-11-30 12:39:04     17
2011-11-30 12:38:39     17
2011-11-30 12:39:21     16
2011-11-30 12:39:11     16
2011-11-30 12:38:46     14
2011-11-30 12:38:49     14
2011-11-30 12:39:42     14
2011-11-30 12:39:07     13
2011-11-30 12:37:38     13
2011-11-30 12:38:55     13
2011-11-30 12:38:24     13
2011-11-30 12:38:58     13
2011-11-30 12:39:30     13
2011-11-30 12:38:52     12
2011-11-30 12:38:08     12
2011-11-30 12:39:12     12
2011-11-30 12:39:06     12
2011-11-30 12:39:00     12
2011-11-30 12:37:31     12
2011-11-30 12:38:56     12
2011-11-30 12:38:51     12
2011-11-30 12:37:28     12
2011-11-30 12:38:45     12
2011-11-30 12:39:17     12
2011-11-30 12:38:27     11
2011-11-30 12:37:56     11
2011-11-30 12:38:03     11
2011-11-30 12:39:27     11
2011-11-30 12:39:02     11
2011-11-30 12:38:12     11
2011-11-30 12:38:57     11
2011-11-30 12:39:36     11
2011-11-30 12:38:33     10
2011-11-30 12:38:14     10
2011-11-30 12:39:18     10
2011-11-30 12:38:59     10
2011-11-30 12:38:40     10
2011-11-30 12:38:09     10
2011-11-30 12:38:41     10
2011-11-30 12:38:23     10
2011-11-30 12:38:11     10
2011-11-30 12:38:06     10

[Mystery]

This has happened several times with my projects, but i do not care... Because if they do it, feel threatened and show how i'm good.

Regardless of who it was, is jealous and afraid. People like that should be ignored. We should think about the future of Rathena, not focus energies at lammers.

Like Johnnie Walker says: Keep walking, haha.

Never heard of Johnnie Walker.. o_O

lol what Mysterious?

Lmao, not about your name/yourself. Just the number of people online and the amount of total people we have registered. And really.. eAthena doesn't even have that much xD

• 2,985 Most Online
  

Rofl, just died.

To add to that -- at one point, the board was serving over 60 simultaneous requests per second !

Damn o_o! That's a lot.

[Triper]

Someone is indeed MAD!! lool

[manabeast]

so childish ark ..... dunno why some ppl so like to do lame thing... not cool at all.

[Emistry]

erm..but it seem this like "Issue" still continue-ing ??

when i try click on other page / reload the page...it will show me this message~

This space is managed by SourceForge.net. You have attempted to access a URL that either never existed or is no longer active. Please check the source of your link and/or contact the maintainer of the link to have them update their records.

LOL..it work now after i refreshing the Cache ~

Edited December 1, 2011 by Emistry

[leadtech]

OMG I'm glad that the board is back online again

geez!

[Diconfrost VaNz]

this scares me xD

[Rhon]

at least everything seems OK !

[TrueNoir]

People with using bot nets to try and take down sites are funny had someone try to do it to our server only they didn't realize its not on the same host so they managed to take down the website and the forums for about 10 mins which our host set up a firewall and blocked the website from accessing the server to prevent any sql problems. It was pretty halarious someone managed to go spend like 200 dollars for a botnet and didn't even do any damage >.>'