Author |
Message |
meyer
Baiting Guru
Joined: 06 May 2004
Posts: 4012
|
Posted:
Tue Sep 04, 2007 10:13 pm |
|
As some of you may have noticed, aa419.org has been under a severe DDOS attack the last days. The attack is still ongoing. Our fabulous tech specialists were able to block thousands of IP addresses. As a result we can keep the website online despite the attack.
We strongly suspect that a Russian crime syndicate is behind this - apparently they are a bit upset about many, many shut down job scam / money mule scam websites. So in a way this DDOS attack is good news, because it certainly means that we cost these people a LOT of money.
We absolutley intend to keep aa419 online and not give in to them. And we think this is a good time to get some more money mule / job scam websites shut down. |
_________________ "I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.
"Thanks but no thanks as your days are numbered." Paul George
Fake banks killed: 334
Last edited by meyer on Thu Sep 13, 2007 11:55 pm; edited 2 times in total |
|
|
|
MisterHobbs
419Eater is my life
Joined: 25 Jul 2007
Posts: 293
Location: In Diana now. Miss Ouri later.
|
Posted:
Tue Sep 04, 2007 10:30 pm |
|
|
|
|
SumYunGai
Master Baiter
Joined: 04 May 2007
Posts: 139
|
Posted:
Tue Sep 04, 2007 10:36 pm |
|
Rock on! They're spending even more money trying to take you down. Botnet time is expensive. I suppose you've passed the IP addresses on to ISPs so they can take the appropriate action, whether that's warning the user or shutting down their Internet connection. |
_________________ MUGU-baiting for fun, usually not for profit.
Last edited by SumYunGai on Tue Sep 04, 2007 10:38 pm; edited 1 time in total |
|
|
|
Josh
Elite Baiter
Joined: 24 Apr 2007
Posts: 1799
Location: Nu Zilund
|
Posted:
Tue Sep 04, 2007 10:37 pm |
|
Wow that's pretty scary stuff. As you say meyer it's just a sign showing that baiting sites and others like aa419 really do make a difference, otherwise nobody would bother.
I hope you guys get through it sweet as. |
_________________
If you know what is going on here, you will be shock to your marrows - Captain Brian
Ahm3d K4diri: Tamale (Ghana) - Porto Novo (Benin) |
|
|
|
meyer
Baiting Guru
Joined: 06 May 2004
Posts: 4012
|
Posted:
Tue Sep 04, 2007 10:42 pm |
|
SumYunGai wrote: |
Botnet time is expensive. I suppose you've passed the IP addresses on to ISPs so they can take the appropriate action, whether that's warning the user or shutting down their Internet connection. |
Yes, we are passing the IP addresses on to the relevant ISPs. But we are talking about several thousand blocked IP addresses so far.
If you know how much one has to pay for such a botnet of thousands of bots over several days - lemme know. I suspect it is quite a significant amount of money. |
_________________ "I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.
"Thanks but no thanks as your days are numbered." Paul George
Fake banks killed: 334 |
|
|
|
ratter
Master of Master Baiters
Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport
|
Posted:
Tue Sep 04, 2007 11:04 pm |
|
@meyer, unfortunately costs are perhaps not all that significant, considering that these are professional criminal enterprises. There's a Trend Micro white paper on the subject of Botnets in connection with Phishing attacks here that quotes $500-1500 for a DoS attack, and another rate of up to $100/day per 1,000 bots. |
_________________ xseveral
= 56
PayPal Modality |
|
|
|
B. A. Ware
*** BANNED ***
Joined: 14 Apr 2007
Posts: 1828
Location: I've fallen and I can't reach my beer.
|
Posted:
Wed Sep 05, 2007 12:56 am |
|
Quote: |
we are talking about several thousand blocked IP addresses |
Mine was one of them. I was locked out all weekend. |
|
|
|
|
Pyrosoft
419Eater is my life
Joined: 15 Jun 2006
Posts: 493
|
Posted:
Wed Sep 05, 2007 7:49 am |
|
I've just been advised that Alan is still receiving emails that are sent to him, despite the attacks.
So do please keep reporting those bank accounts
EDIT - it's passed 1 terrabyte of bandwidth now...sheesh! |
_________________ 1x
THIS IS MY PRAYERS FOR U. U WIL REMAIN A FOLISH N JOBLESS BASTARD U WIL NEVER MARRY WOMAN N REMAIN A GOAT FUKER - Kamal Candar
u ar a congenital idiot, a beast of no nation and most of all a nicompoop - Susan Kovi Patrick
Mass Mail Tools - How to bank bait
x2
|
|
|
|
Afferbecklauder
Master of Master Baiters
Joined: 08 Jan 2007
Posts: 923
Location: Wide open spaces
|
Posted:
Wed Sep 05, 2007 10:59 am |
|
@ Meyer
Could you list any specific ways that the average Eater could assist? I realise that there are specific skills in shutting down sites, but equally they have to be found before they can be identified. For example I work with a group of Eaters that have considerable mass mail expertise. What is the best way to assist? |
_________________ DEVIL NA E GO KILL YOU THIEF Williams J Spillboard
I will send a photo copy of your draft to your state security agent with all your information that you are using the money to finance TERRORIST in America that you have received one already, and you also involved in the slept 11 attack.
NA BABA GOD GO PUNISH INA LIVES ANY WHERE INA DEY PLUS
UR BASTARD GOMER COS IN NO BE MISTER ATALL U SILLY
SCOMBERGS U NA DEY CUTT MY JOBS ABI.NO WORRY I NO GO
TELL UNA AGAIN,BUT IF UNA TRY AGAIN UNA NO GO WAKE
FROM SLEEP THE VERY NEXT MORNING I MEAN U WILL BE
MURDERED WITHOUT WARNING THE VERY NEXT MORNING NINFO . Walter Savvidez
|
|
|
|
Lord Nelson
Not quite a Newb
Joined: 11 Nov 2003
Posts: 50
Location: I can't remember.
|
Posted:
Wed Sep 05, 2007 1:13 pm |
|
Hi Meyer,
I expect you already know this, but I bumped into this
http://www.anti-aa419.com/?gclid=CMDTsveurI4CFSQWgQodAXUfRQ
under google.
It seems it could be related to the DOS you are having at the moment?
It actually came up as a sponsored link!
Cheers
LN
EDIT - I recall seeing a CIA project recently to see how many bots there
are on the net. I think they estimated some 1 million, so filtering IPs is
going to be a bit of a lengthy process. |
_________________ x3
why do you keep writing back to me fool bastard
"FUCK Y " click. - skype hangup call #250 to Ranti
My late father was among the few blacks-Zimbabwe rich farmers murdered in cold blood by the KILLER SQUERDS
Michael you jumped in to my life and destroyed it.
fuck to you and you Bush sheet
LOOK THE INSULT FROM YOU IS GETTING OUT OF HAND
Last edited by Lord Nelson on Wed Sep 05, 2007 1:18 pm; edited 2 times in total |
|
|
|
Fo'andles
Elite Baiter
Joined: 06 Jul 2007
Posts: 1654
Location: busy doing nothing, somewhere
|
Posted:
Wed Sep 05, 2007 1:16 pm |
|
Hi Meyer
It hasn't shut down Muguito i have it running at the moment.
I have a shortcut from the desktop. |
|
|
|
|
Bam-Skater
Master Baiter
Joined: 05 Sep 2006
Posts: 107
Location: The independant Republic of Scotland
|
Posted:
Wed Sep 05, 2007 1:37 pm |
|
I leave Vampire running when I go to bed quite a lot(when I remember anyways) and for as much as this is a PITA it at least shows the Lads are getting affected enough for them to go to these lengths to shut aa419 down.
@Fo'andles
I may be wrong(a more 'pootery person than me will correct if I am), but from what I gathered from Lord Nelsons link Muguito and Vampire are actually leeching aa419 just now. Somebody has turned them against themselves with the funny coding in the link. It might be better not to run it at the moment!
B-S |
_________________ Still dangling my hook |
|
|
|
ratter
Master of Master Baiters
Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport
|
Posted:
Wed Sep 05, 2007 1:44 pm |
|
^^^^ don't believe everything you read...
...including this.... |
_________________ xseveral
= 56
PayPal Modality
Last edited by ratter on Wed Sep 05, 2007 1:45 pm; edited 1 time in total |
|
|
|
Tae
** REMEMBERED **
Joined: 27 Apr 2004
Posts: 507
Location: Austria
|
Posted:
Wed Sep 05, 2007 1:45 pm |
|
We've been aware of this link for quite a while. It doesn't disturb us. |
_________________ x3
"DO YOU LOVE ME?IF YES THEN CALL ME LETS MAKE LOVE ON THE PHONE." DR.CLIFFORD ANDERSON
Kill a bank a day! |
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
Posted:
Wed Sep 05, 2007 1:47 pm |
|
|
|
|
meyer
Baiting Guru
Joined: 06 May 2004
Posts: 4012
|
Posted:
Wed Sep 05, 2007 2:09 pm |
|
Scampatroller is correct - this comes from a very unprofessional small hoster who had refused to take down a mugu website and chose instead to pick up a fight with us. The best thing we can do with this is to entirely ignore this and target mugus and other criminals instead. Our goal is not fighting with shady hosters who run their business out of their living room, we want to take down genuine criminals.
To comment on the other points: There is no way that the aa419 vampire could be redirected against aa419, since it's directly under aa419's control. And there are no "rogue" vampires out there that have been reprogrammed to target us, either, we've had measures in place for years to prevent such things.
The aa419 administration knows what this attack is (botnet sending bad data requests) and is working with the hoster on getting things sorted. This isn't a bandwidth drain, it's an attempt to melt our server.
@afferbecklauder: if you want to assist, try to find as many new job scam / money mule scam websites as possible and get them closed. You can do this by looking at known scammer websites (you will find these in the aa419 database and forum as soon as the server is back online) and also in the eater fake bank forum. Take text from these and use google to find clones. The same templates are reused all the time, therefore it is quite easy to find the newest scam websites this way. |
_________________ "I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.
"Thanks but no thanks as your days are numbered." Paul George
Fake banks killed: 334 |
|
|
|
meyer
Baiting Guru
Joined: 06 May 2004
Posts: 4012
|
Posted:
Wed Sep 05, 2007 3:52 pm |
|
Allright, the hoster temporarily took down our server. The criminals were pounding our server at 400GB/h. That means, they severaly increased the attack after our excellent tech guys were able to keep aa419 online the last days despite the attack.
We will keep you updated. |
_________________ "I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.
"Thanks but no thanks as your days are numbered." Paul George
Fake banks killed: 334 |
|
|
|
johnny5
Master Baiter
Joined: 14 Jun 2007
Posts: 109
|
Posted:
Wed Sep 05, 2007 4:11 pm |
|
meyer wrote: |
There is no way that the aa419 vampire could be redirected against aa419, since it's directly under aa419's control. |
Sure it can. If it's making http requests to a website then those requests will run through their website, usually apache.
Apache uses .htaccess as a "mapping" file. So sites can use .htaccess to tell apache to tell the browser (the user of vampire) to redirect it to anywhere they like.
They can't control's vampire's code directly, but they can control the requests coming to them.
Good luck beating off the attack from these cowardly bastards. |
_________________ "When you do something right, people won't be sure you've done anything at all" - "God", Futurama |
|
|
|
Jezabelle
*** BANNED ***
Joined: 03 Aug 2004
Posts: 881
|
Posted:
Wed Sep 05, 2007 4:59 pm |
|
@johnny5 and others
Final Answer-- LV and Muguito are *not* and *were not* leeching aa419. |
|
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Wed Sep 05, 2007 5:23 pm |
|
|
|
|
Dr. Max Wieldruk
Master Baiter
Joined: 09 Jan 2004
Posts: 237
Location: The Netherlands
|
Posted:
Wed Sep 05, 2007 5:32 pm |
|
This mail came in from Alan in reply to my sending him a lad bank account:
Alan wrote: |
Wed, 5 Sep 2007 08:32:49 +0100
Can you please tell your friends that in spite of the Russian Bot
attack I am still alive and running normally.
Alan |
|
_________________ - You and your bank are working together in a cyber space country... [Barrister Smith Williams]
- I am suspecting foul play on your side and do not trust you either. [Amina Alman]
- LISTEN CAREFULLY YOU HAVE FOOLED ME SO MUCH I CAN'T TAKE IT ANY MORE GOOD LUCK (Barrister Morris Johnson)
- What happen because we where at the Airport to pick you up as we schadule but we could not found you. (Evans William)
2x| 1x, Amsterdam-Delfzijl, 250 km x12 |
|
|
|
johnny5
Master Baiter
Joined: 14 Jun 2007
Posts: 109
|
Posted:
Wed Sep 05, 2007 5:48 pm |
|
Jezabelle wrote: |
@johnny5 and others
Final Answer-- LV and Muguito are *not* and *were not* leeching aa419. |
I didn't say they were.
I said it can be done, in response to meyer saying it can't. |
_________________ "When you do something right, people won't be sure you've done anything at all" - "God", Futurama |
|
|
|
alan
Not quite a Newb!
Joined: 05 Sep 2007
Posts: 230
Location: Limbo
|
Posted:
Wed Sep 05, 2007 6:47 pm |
|
Yes I am operating normally, but owing to the ferocity of the attack, I have had to move. My new address is alanATfastmail.es
(to minimise spam I have changed @ to AT - to use the address switch it back) |
|
|
|
|
Doctor X
** ACCOUNT CLOSED **
Joined: 15 Apr 2007
Posts: 766
|
Posted:
Wed Sep 05, 2007 6:47 pm |
|
Somebody made that guy cry.
Good.
--J.D. |
_________________ וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה |
|
|
|
Agi Hammerthief
Master of Master Baiters
Joined: 12 Mar 2006
Posts: 671
Location: .de
|
Posted:
Wed Sep 05, 2007 7:13 pm |
|
re: Alans post
so I guess the CC's to the database addy are not going to arrive for a while? |
_________________ in gods we trust - all others pay cash
hug the trolls - maybe it will help them to stop being a worthless piece of trash
x3 |
|
|
|
|