MTN suffers a DDoS attack

Connectivity at MTN’s Gallo Manor data centre has been fully restored after the Johannesburg site was hit by a distributed denial of service (DDoS) attack earlier this afternoon. MTN alerted clients just after 3pm today that it had suffered a DDoS attack, which resulted in packet loss and a disturbance to clients’ cloud services.  At the time the company said MTN Business’ network operations centre was working on resolving the problem to avoid any further attacks. This comes less than two days after a power outage at the same data centre caused loss of connectivity. MTN chief technology officer Eben Albertyn says, while the DDoS attack today hampered the company’s ability to provide connectivity services, engineers worked “fervently” to fully restore services and avert further attacks, and connectivity was restored soon after. “The interruption lasted only a few minutes and is completely unrelated to the outage experienced on Monday. MTN wishes to apologise profusely to its customers for any inconvenience caused.” On Sunday evening just after 6pm, MTN’s Gallo Manor data centre went offline, causing major disruptions to clients’ services, including Afrihost. MTN put the outage down to a power outage. The problem persisted until the next day, with services being restored around 11am on Monday. Digital Attack Map defines DDoS attack as: “An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.”  The live data site notes these attacks can target a wide variety of important resources, from banks to news Web sites, and present a major challenge to making sure people can publish and access important information. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=142968:MTN-weathers-DDOS-attack

View original post here:
MTN suffers a DDoS attack

Staffordshire school hit by suspected DDoS attack

A secondary school near Burton-on-Trent in East Staffordshire had admitted that its website was knocked offline at various points by hackers in recent weeks. The attack appears to be denial-of-service (DoS), with hactivism group Anonymous reportedly taking responsibility. Burton Mail reports that John Taylor High School’s website suffered from “significant periods of downtime during the past few weeks”, adding that a member of Anonymous had contacted the newspaper directly to claim responsibility. “It has come to our immediate attention that the security used for school systems is not up to scratch,” the member said when interviewed. “This is putting pupils at risk of being targeted by paedophiles who have acquired the skill to access data which could lead them to being able to collect information and stalk pupils.” The member continued: “We give every school in this country one month to fix their pitiful security systems. If, after that time, we can still achieve penetration at a reasonable level of attack we will personally disable their systems. “We do not expect them to be able to stop us at an advanced level, however the level of hack used on the John Taylor systems highlighted a very serious problem.” Mike Donoghue, head teacher at John Taylor, which has around 1,500 students, confirmed that they were still investigating the incident, and added that the systems are now fully functional. Speaking to SCMagazineUK.com earlier today, Donoghue drilled down into some of the details, confirming that the outage related specifically to The Vault, a virtual learning environment – developed by FROG but hosted on the school’s servers – which is used to host teaching materials, former test papers and other revision guidance. The school, a specialist ‘science and leadership academy;, was first alerted to the downtime by students, on Twitter, who were trying to access the system, with IT technicians subsequently blocking all IP address so no-one could access the service. The second outage lasted a “couple of days” over the Easter Bank Holiday weekend. Donoghue was keen to stress that there was “no breach” of sensitive student data, and said that the school continues to work with providers RM and FROG to monitor the issue, and harden their existing security controls. Students were informed of the issue during assembly, and parents have also been made aware. The principal said that the effect of the incident was “largely mitigated” because the downtime wasn’t overly long, and most of the materials could still be accessed by “just a few more clicks on Google”. He also doubted the possibility of Anonymous being behind the attack, saying that the outages stopped after students were alerted to the situation. Source: http://www.scmagazineuk.com/staffordshire-school-hit-by-suspected-denial-of-service-attack/article/412236/

Read this article:
Staffordshire school hit by suspected DDoS attack

Mounties nab Canadian woman, 27, in webcam hack shenanigans bust

Nefarious pervert hacks parlour cameras for heavy petting pwnage The Royal Canadian Mounted Police has nabbed a Canadian woman believed to have originated a botnet which she used to recreationally terrorise victims.…

More:
Mounties nab Canadian woman, 27, in webcam hack shenanigans bust

Community college targeted ongoing DDoS attack

Walla Walla Community College is under cyberattack this week by what are believed to be foreign computers that have jammed the college’s Internet systems. Bill Storms, technology director, described it as akin to having too many cars on a freeway, causing delays and disruption to those wanting to connect to the college’s website. The type of attack is a distributed denial of service, or DDoS. They’re often the result of hundreds or even thousands of computers outside the U.S. that are programed with viruses that continually connect to and overload targeted servers. Storms said bandwidth monitors noticed the first spike of attacks on Sunday. To stop the attacks, college officials have had to periodically shut down the Web connection while providing alternative working Internet links to students and staff. The fix, so far, has only been temporary as the problem often returns the next day. “We think we have it under control in the afternoon. And we have a quiet period,” Storm said. “And then around 9 a.m. it all comes in again.” Walla Walla Community College may not be the only victim of the DDoS attack. Storm said he was informed that as many as 39 other state agencies have been the target of similar DDoS attacks. As for the reason for the attack, none was given to college officials. Storms noted campus operators did receive a number of unusual phone calls where the callers said that they were in control of the Internet. But no demands were made. “Some bizarre phone calls came in, and I don’t know whether to take them serious or not,” Storms said. State officials have been contacted and are aiding the college with the problem. Storms said they have idea how long the DDoS attack will last. Source: http://union-bulletin.com/news/2015/apr/30/community-college-targeted-ongoing-cyberattack/

Continued here:
Community college targeted ongoing DDoS attack

FBI investigating Rutgers University in DDoS attack

The FBI is working with Rutgers University to identify the source of a series of distributed denial-of-service (DDoS) attacks that have plagued the school this week. The assault began Monday morning and took down internet service across the campus according to NJ.com. Some professors had to cancel classes and students were unable to enroll, submit assignments or take finals since Wi-fi service and email have been affected as has an online resource called Sakai. This is the second DDoS attack on the university this month and the third since November. Authorities and the Rutgers Office of Information and Technology (OIT) haven’t released any details thus far about the possible source of the attacks. Currently, only certain parts of the university have internet service. The school will make frequent updates on to the Rutgers website about its progress in restoring service. Source: http://www.scmagazine.com/the-fbi-is-helpign-rutger-inveigate-a-series-of-ddos-attack/article/412149/

See the original post:
FBI investigating Rutgers University in DDoS attack

One fifth of DDoS attacks last over a day

Some 20 per cent of DDoS attacks have lasting damage that can see them taking a site down for 24 hours or more, according to research by Kaspersky. In fact, almost a tenth of the companies surveyed said their systems were down for several weeks or longer, while less than a third said they had disruption lasting less than an hour. The investigation revealed that the majority of attacks (65 per cent) caused severe delays or complete disruption, while only a third caused no disruption at all. Evgeny Vigovsky, head of Kaspersky DDoS Protection, said: “For companies, losing a service completely for a short time, or suffering constant delays in accessing it over several days, can be equally serious problems. “Both situations can impact customer satisfaction and their willingness to use the same service in the future. Using reliable security solutions to protect against DDoS attacks enables companies to give their customers uninterrupted access to online services, regardless of whether they are facing a powerful short-term assault or a weaker but persistent long-running campaign.” The company highlighted an attack on Github at the end of March when Chinese hackers brought the site down. That attack lasted 118 hours and demonstrated that even large communities are at risk. Last month, another study by Kaspersky revealed that only 37 per cent of companies were prepared for a DDoS attack, despite 26 per cent of them being concerned the problems caused by such attacks were long-term, meaning they could lose current or prospective clients as a result. Source: http://www.itpro.co.uk/security/24514/one-fifth-of-ddos-attacks-last-over-a-day

More:
One fifth of DDoS attacks last over a day

High volume DDoS attacks still persistent

Arbor Networks released global DDoS attack data that shows a continuation of extremely high volume attacks. In Q1 2015, there were 25 attacks larger than 100Gbps globally. In the past year, Arbor h…

Read the original post:
High volume DDoS attacks still persistent

DDoSsers use reflection amplification to crank up the volume to 100Gbps+

Ne’er-do-wells: ‘Hey.’ Dumb servers: ‘WHAT?’ Targets: ‘AAARGH’ DDoS attacks have grown in volume yet again with 25 attacks larger than 100Gbps globally in Q1 2015, according to the latest stats from DDoS mitigation firm Arbor Networks.…

See the original article here:
DDoSsers use reflection amplification to crank up the volume to 100Gbps+

Image Caching11-1024x460.png

Featured article: How to use a CDN properly and make your website faster

Its one of the biggest mysteries to me I have seen in my 15+ years of Internet hosting and cloud based services. The mystery is, why do people use a Content Delivery Network for their website yet never fully optimize their site to take advantage of the speed and volume capabilities of the CDN. Just because you use a CDN doesn’t mean your site is automatically faster or even able to take advantage of its ability to dish out mass amounts of content in the blink of an eye. At DOSarrest I have seen the same mystery continue, this is why I have put together this piece on using a CDN and hopefully help those who wish to take full advantage of a CDN. Most of this information is general and can be applied to using any CDN but I’ll also throw in some specifics that relate to DOSarrest. Some common misconceptions about using a CDN As soon as I’m configured to use a CDN my site will be faster and be able to handle a large amount of web visitors on demand. Website developers create websites that are already optimized and a CDN won’t really change much. There’s really nothing I can do to make my website run faster once its on a CDN. All CDN’s are pretty much the same. Here’s what I have to say about the misconceptions noted above In most cases the answer to this is…. NO !! If the CDN is not caching your content your site won’t be faster, in fact it will probably be a little slower, as every request will have to go from the visitor to the CDN which will in turn go and fetch it from your server then turn around and send the response back to the visitor. In my opinion and experience website developers in general do not optimize websites to use a CDN. In fact most websites don’t even take full advantage of a browsers’ caching capability. As the Internet has become ubiquitously faster, this fine art has been left by the wayside in most cases. Another reason I think this has happened is that websites are huge, complex and a lot of content is dynamically generated coupled with very fast servers with large amounts of memory. Why spend time on optimizing caching, when a fast server will overcome this overhead. Oh yes you can and that’s why I have written this piece…see below No they aren’t. Many CDN’s don’t want you know how things are really working from every node that they are broadcasting your content from. You have to go out and subscribe to a third party service, if you have to get a third party service, do it, it can be fairly expensive but well worth it. How else will you know how your site is performing from other geographic regions. A good CDN should let you know the following in real-time but many don’t. Number of connections/requests between the CDN and Visitors. Number of connections/requests between the CDN and your server (origin). You want try and have the number of requests to your server to be less than the number of requests from the CDN to your visitors. *Tip- Use HTTP 1.1 on both “a” & “b” above and try and extend the keep-alive time on the origin to CDN side Bandwidth between the CDN and Internet visitors Bandwidth between the CDN and your server (origin) *Tip – If bandwidth of “c” and “d” are about the same, news flash…You can make things better. Cache status of your content (how many requests are being served by the CDN) *Tip – This is the best metric to really know if you are using your CDN properly. Performance metrics from outside of the CDN but in the same geographic region *Tip- Once you have the performance metrics from several different geographic regions you can compare the differences once you are on a CDN, your site should load faster the further away the region is located from your origin server, if you’re caching properly. For the record DOSarrest provides all of the above in real-time and it’s these tools I’ll use to explain on how to take full advantage of any CDN but without any metrics there’s no scientific way to know you’re on the right track to making your site super fast. There are five main groups of cache control tags that will effect how and what is cached. Expires : When attempting to retrieve a resource a browser will usually check to see if it already has a copy available for reuse. If the expires date has past the browser will download the resource again. Cache-control : HTTP 1.1 this expands on the functionality offered by Expires. There are several options available for the cache control header: – Public : This resource is cacheable. In the absence of any contradicting directive this is assumed. – Private : This resource is cachable by the end user only. All intermediate caching devices will treat this resource as no-cache. – No-cache : Do not cache this resource. – No-store : Do not cache, Do not store the request, I was never here – we never spoke. Capiche? – Must-revalidate : Do not use stale copies of this resource. – Proxy-revalidate : The end user may use stale copies, but intermediate caches must revalidate. – Max-age : The length of time (in seconds) before a resource is considered stale. A response may include any combination of these headers, for example: private, max-age=3600, must-revalidate. X-Accel-Expires : This functions just like the Expires header, but is only intended for proxy services. This header is intended to be ignored by browsers, and when the response traverses a proxy this header should be stripped out. Set-Cookie : While not explicitly specifying a cache directive, cookies are generally designed to hold user and/or session specific information. Caching such resources would have a negative impact on the desired site functionality. Vary : Lists the headers that should determine distinct copies of the resource. Cache will need to keep a separate copy of this resource for each distinct set of values in the headers indicated by Vary. A Vary response of “ * “ indicates that each request is unique. Given that most websites in my opinion are not fully taking advantage of caching by a browser or a CDN, if you’re using one, there is still a way around this without reviewing and adjusting every cache control header on your website. Any CDN worth its cost as well as any cloud based DDoS protection services company should be able to override most website cache-control headers. For demonstration purposes we used our own live website DOSarrest.com and ran a traffic generator so as to stress the server a little along with our regular visitor traffic. This demonstration shows what’s going on, when passing through a CDN with respect to activity between the CDN and the Internet visitor and the CDN and the customers server on the back-end. At approximately 16:30 we enabled a feature on DOSarrest’s service we call “Forced Caching” What this does is override in other words ignore some of the origin servers cache control headers. These are the results: Notice that bandwidth between the CDN and the origin (second graph) have fallen by over 90%, this saves resources on the origin server and makes things faster for the visitor. This is the best graphic illustration to let you know that you’re on the right track. Cache hits go way up, not cached go down and Expired and misses are negligible. The graph below shows that the requests to the origin have dropped by 90% ,its telling you the CDN is doing the heavy lifting. Last but not least this is the fruit of your labor as seen by 8 sensors in 4 geographic regions from our Customer “ DEMS “ portal. The site is running 10 times faster in every location even under load !

Follow this link:
Featured article: How to use a CDN properly and make your website faster