SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 aa419 under DDOS attack - update 2 - forum back online

View next topic
View previous topic
 
Post new topicThis topic is locked: you cannot edit posts or make replies.
Author Message
meyer
Baiting Guru


Joined: 06 May 2004
Posts: 4012


PostPosted: Tue Sep 04, 2007 10:13 pm Reply with quoteBack to top

As some of you may have noticed, aa419.org has been under a severe DDOS attack the last days. The attack is still ongoing. Our fabulous tech specialists were able to block thousands of IP addresses. As a result we can keep the website online despite the attack.

We strongly suspect that a Russian crime syndicate is behind this - apparently they are a bit upset about many, many shut down job scam / money mule scam websites. So in a way this DDOS attack is good news, because it certainly means that we cost these people a LOT of money.

We absolutley intend to keep aa419 online and not give in to them. And we think this is a good time to get some more money mule / job scam websites shut down.

_________________
"I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.

"Thanks but no thanks as your days are numbered." Paul George

Fake banks killed: 334

Last edited by meyer on Thu Sep 13, 2007 11:55 pm; edited 2 times in total
View user's profileSend private message
MisterHobbs
419Eater is my life


Joined: 25 Jul 2007
Posts: 293
Location: In Diana now. Miss Ouri later.


PostPosted: Tue Sep 04, 2007 10:30 pm Reply with quoteBack to top

Would this be the reason why I have not heard back from A1an confirming receipt of some accounts I sent?

Usually I get a return nod, however over the past week or so, I sent a couple of emails with accounts with no word back. Just want to be sure they are being received. Thx!

_________________
New to baiting and need help getting started? Read this!

New to baiting and want a mentor? Click here!
View user's profileSend private message
SumYunGai
Master Baiter


Joined: 04 May 2007
Posts: 139


PostPosted: Tue Sep 04, 2007 10:36 pm Reply with quoteBack to top

Rock on! They're spending even more money trying to take you down. Botnet time is expensive. I suppose you've passed the IP addresses on to ISPs so they can take the appropriate action, whether that's warning the user or shutting down their Internet connection.

_________________
MUGU-baiting for fun, usually not for profit.

Last edited by SumYunGai on Tue Sep 04, 2007 10:38 pm; edited 1 time in total
View user's profileSend private message
Josh
Elite Baiter


Joined: 24 Apr 2007
Posts: 1799
Location: Nu Zilund


PostPosted: Tue Sep 04, 2007 10:37 pm Reply with quoteBack to top

Wow that's pretty scary stuff. As you say meyer it's just a sign showing that baiting sites and others like aa419 really do make a difference, otherwise nobody would bother.

I hope you guys get through it sweet as.

_________________
Spain United Kingdom
If you know what is going on here, you will be shock to your marrows - Captain Brian
Safari Ahm3d K4diri: Tamale (Ghana) - Porto Novo (Benin)
View user's profileSend private messageYahoo MessengerSkype Name
meyer
Baiting Guru


Joined: 06 May 2004
Posts: 4012


PostPosted: Tue Sep 04, 2007 10:42 pm Reply with quoteBack to top

SumYunGai wrote:
Botnet time is expensive. I suppose you've passed the IP addresses on to ISPs so they can take the appropriate action, whether that's warning the user or shutting down their Internet connection.


Yes, we are passing the IP addresses on to the relevant ISPs. But we are talking about several thousand blocked IP addresses so far.

If you know how much one has to pay for such a botnet of thousands of bots over several days - lemme know. Laughing I suspect it is quite a significant amount of money.

_________________
"I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.

"Thanks but no thanks as your days are numbered." Paul George

Fake banks killed: 334
View user's profileSend private message
ratter
Master of Master Baiters


Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport


PostPosted: Tue Sep 04, 2007 11:04 pm Reply with quoteBack to top

@meyer, unfortunately costs are perhaps not all that significant, considering that these are professional criminal enterprises. There's a Trend Micro white paper on the subject of Botnets in connection with Phishing attacks here that quotes $500-1500 for a DoS attack, and another rate of up to $100/day per 1,000 bots.

_________________
Closed lad accounts xseveral

United KingdomUnited StatesNigeriaSpainSwitzerlandBeninNetherlandsCanadaGhanaItalyIrelandMalaysiaUnited Nations = 56

Goat

PayPal Modality
View user's profileSend private message
B. A. Ware
*** BANNED ***


Joined: 14 Apr 2007
Posts: 1828
Location: I've fallen and I can't reach my beer.


PostPosted: Wed Sep 05, 2007 12:56 am Reply with quoteBack to top

Quote:
we are talking about several thousand blocked IP addresses
Mine was one of them. I was locked out all weekend. Crying or Very sad
View user's profileSend private messageSkype Name
Pyrosoft
419Eater is my life


Joined: 15 Jun 2006
Posts: 493


PostPosted: Wed Sep 05, 2007 7:49 am Reply with quoteBack to top

I've just been advised that Alan is still receiving emails that are sent to him, despite the attacks.

So do please keep reporting those bank accounts Very Happy



EDIT - it's passed 1 terrabyte of bandwidth now...sheesh!

_________________
1x Nigeria
THIS IS MY PRAYERS FOR U. U WIL REMAIN A FOLISH N JOBLESS BASTARD U WIL NEVER MARRY WOMAN N REMAIN A GOAT FUKER - Kamal Candar
u ar a congenital idiot, a beast of no nation and most of all a nicompoop - Susan Kovi Patrick
Mass Mail Tools - How to bank bait

pony pony pony Mortar x2
Jolly Roger
View user's profileSend private message
Afferbecklauder
Master of Master Baiters


Joined: 08 Jan 2007
Posts: 923
Location: Wide open spaces


PostPosted: Wed Sep 05, 2007 10:59 am Reply with quoteBack to top

@ Meyer

Could you list any specific ways that the average Eater could assist? I realise that there are specific skills in shutting down sites, but equally they have to be found before they can be identified. For example I work with a group of Eaters that have considerable mass mail expertise. What is the best way to assist?

_________________
DEVIL NA E GO KILL YOU THIEF Williams J Spillboard
I will send a photo copy of your draft to your state security agent with all your information that you are using the money to finance TERRORIST in America that you have received one already, and you also involved in the slept 11 attack.
NA BABA GOD GO PUNISH INA LIVES ANY WHERE INA DEY PLUS
UR BASTARD GOMER COS IN NO BE MISTER ATALL U SILLY
SCOMBERGS U NA DEY CUTT MY JOBS ABI.NO WORRY I NO GO
TELL UNA AGAIN,BUT IF UNA TRY AGAIN UNA NO GO WAKE
FROM SLEEP THE VERY NEXT MORNING I MEAN U WILL BE
MURDERED WITHOUT WARNING THE VERY NEXT MORNING NINFO . Walter Savvidez

pony
View user's profileSend private message
Lord Nelson
Not quite a Newb


Joined: 11 Nov 2003
Posts: 50
Location: I can't remember.


PostPosted: Wed Sep 05, 2007 1:13 pm Reply with quoteBack to top

Hi Meyer,

I expect you already know this, but I bumped into this

http://www.anti-aa419.com/?gclid=CMDTsveurI4CFSQWgQodAXUfRQ

under google.

It seems it could be related to the DOS you are having at the moment?

It actually came up as a sponsored link!

Cheers

LN

EDIT - I recall seeing a CIA project recently to see how many bots there
are on the net. I think they estimated some 1 million, so filtering IPs is
going to be a bit of a lengthy process. Sad

_________________
Mortar x3
why do you keep writing back to me fool bastard

"FUCK Y " click. - skype hangup call #250 to Ranti Smile

My late father was among the few blacks-Zimbabwe rich farmers murdered in cold blood by the KILLER SQUERDS

Michael you jumped in to my life and destroyed it.

fuck to you and you Bush sheet

LOOK THE INSULT FROM YOU IS GETTING OUT OF HAND

Last edited by Lord Nelson on Wed Sep 05, 2007 1:18 pm; edited 2 times in total
View user's profileSend private message
Fo'andles
Punk Pony


Joined: 06 Jul 2007
Posts: 1610
Location: busy doing nothing, somewhere


PostPosted: Wed Sep 05, 2007 1:16 pm Reply with quoteBack to top

Hi Meyer

It hasn't shut down Muguito i have it running at the moment.

I have a shortcut from the desktop. Smile
View user's profileSend private message
Bam-Skater
Master Baiter


Joined: 05 Sep 2006
Posts: 107
Location: The independant Republic of Scotland


PostPosted: Wed Sep 05, 2007 1:37 pm Reply with quoteBack to top

I leave Vampire running when I go to bed quite a lot(when I remember anyways) and for as much as this is a PITA it at least shows the Lads are getting affected enough for them to go to these lengths to shut aa419 down.

@Fo'andles
I may be wrong(a more 'pootery person than me will correct if I am), but from what I gathered from Lord Nelsons link Muguito and Vampire are actually leeching aa419 just now. Somebody has turned them against themselves with the funny coding in the link. It might be better not to run it at the moment!

B-S

_________________
Still dangling my hook
View user's profileSend private message
ratter
Master of Master Baiters


Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport


PostPosted: Wed Sep 05, 2007 1:44 pm Reply with quoteBack to top

^^^^ don't believe everything you read... Twisted Evil


...including this....

_________________
Closed lad accounts xseveral

United KingdomUnited StatesNigeriaSpainSwitzerlandBeninNetherlandsCanadaGhanaItalyIrelandMalaysiaUnited Nations = 56

Goat

PayPal Modality

Last edited by ratter on Wed Sep 05, 2007 1:45 pm; edited 1 time in total
View user's profileSend private message
Tae
** REMEMBERED **


Joined: 27 Apr 2004
Posts: 507
Location: Austria


PostPosted: Wed Sep 05, 2007 1:45 pm Reply with quoteBack to top

We've been aware of this link for quite a while. It doesn't disturb us.

_________________
Mortar x3

"DO YOU LOVE ME?IF YES THEN CALL ME LETS MAKE LOVE ON THE PHONE." DR.CLIFFORD ANDERSON


Kill a bank a day!
View user's profileSend private message
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Wed Sep 05, 2007 1:47 pm Reply with quoteBack to top

Yeah, the link that Lord Nelson posted is for a site that was made by a disgruntled webhoster, it's been around for quite a while, it wont be anything to do with this attack.

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
meyer
Baiting Guru


Joined: 06 May 2004
Posts: 4012


PostPosted: Wed Sep 05, 2007 2:09 pm Reply with quoteBack to top

Scampatroller is correct - this comes from a very unprofessional small hoster who had refused to take down a mugu website and chose instead to pick up a fight with us. The best thing we can do with this is to entirely ignore this and target mugus and other criminals instead. Our goal is not fighting with shady hosters who run their business out of their living room, we want to take down genuine criminals.

To comment on the other points: There is no way that the aa419 vampire could be redirected against aa419, since it's directly under aa419's control. And there are no "rogue" vampires out there that have been reprogrammed to target us, either, we've had measures in place for years to prevent such things.

The aa419 administration knows what this attack is (botnet sending bad data requests) and is working with the hoster on getting things sorted. This isn't a bandwidth drain, it's an attempt to melt our server.

@afferbecklauder: if you want to assist, try to find as many new job scam / money mule scam websites as possible and get them closed. You can do this by looking at known scammer websites (you will find these in the aa419 database and forum as soon as the server is back online) and also in the eater fake bank forum. Take text from these and use google to find clones. The same templates are reused all the time, therefore it is quite easy to find the newest scam websites this way.

_________________
"I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.

"Thanks but no thanks as your days are numbered." Paul George

Fake banks killed: 334
View user's profileSend private message
meyer
Baiting Guru


Joined: 06 May 2004
Posts: 4012


PostPosted: Wed Sep 05, 2007 3:52 pm Reply with quoteBack to top

Allright, the hoster temporarily took down our server. The criminals were pounding our server at 400GB/h. That means, they severaly increased the attack after our excellent tech guys were able to keep aa419 online the last days despite the attack.

We will keep you updated.

_________________
"I AM VERY MUCH AWARE OF YOUR CONCERNS BUT I HAVE TO LET YOU KNOW THAT IO MA NOT A CRIMINAL AND WONT ACCEPT TO BE TREARTED AS ONE SINCE JUST BECAUSE I HAVE ASKED FOR YOUR ASSISTANCE." " Mrs. Kokou Williams.

"Thanks but no thanks as your days are numbered." Paul George

Fake banks killed: 334
View user's profileSend private message
johnny5
Master Baiter


Joined: 14 Jun 2007
Posts: 109


PostPosted: Wed Sep 05, 2007 4:11 pm Reply with quoteBack to top

meyer wrote:
There is no way that the aa419 vampire could be redirected against aa419, since it's directly under aa419's control.

Sure it can. If it's making http requests to a website then those requests will run through their website, usually apache.
Apache uses .htaccess as a "mapping" file. So sites can use .htaccess to tell apache to tell the browser (the user of vampire) to redirect it to anywhere they like.

They can't control's vampire's code directly, but they can control the requests coming to them.


Good luck beating off the attack from these cowardly bastards.

_________________
"When you do something right, people won't be sure you've done anything at all" - "God", Futurama
View user's profileSend private message
Jezabelle
*** BANNED ***


Joined: 03 Aug 2004
Posts: 881


PostPosted: Wed Sep 05, 2007 4:59 pm Reply with quoteBack to top

@johnny5 and others

Final Answer-- LV and Muguito are *not* and *were not* leeching aa419.
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Wed Sep 05, 2007 5:23 pm Reply with quoteBack to top

Bank killing operations will still continue over here in the meantime.

I have made a post outlining the modalities here:
http://forum.419eater.com/forum/viewtopic.php?p=979802#979802

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
Dr. Max Wieldruk
Master Baiter


Joined: 09 Jan 2004
Posts: 237
Location: The Netherlands


PostPosted: Wed Sep 05, 2007 5:32 pm Reply with quoteBack to top

This mail came in from Alan in reply to my sending him a lad bank account:

Alan wrote:
Wed, 5 Sep 2007 08:32:49 +0100

Can you please tell your friends that in spite of the Russian Bot
attack I am still alive and running normally.

Alan

_________________
- You and your bank are working together in a cyber space country... [Barrister Smith Williams]
- I am suspecting foul play on your side and do not trust you either. [Amina Alman]
- LISTEN CAREFULLY YOU HAVE FOOLED ME SO MUCH I CAN'T TAKE IT ANY MORE GOOD LUCK (Barrister Morris Johnson)
- What happen because we where at the Airport to pick you up as we schadule but we could not found you. (Evans William)

Netherlands 2x| Safari 1x, Amsterdam-Delfzijl, 250 km Mortar x12
View user's profileSend private messageSend e-mailVisit poster's website
johnny5
Master Baiter


Joined: 14 Jun 2007
Posts: 109


PostPosted: Wed Sep 05, 2007 5:48 pm Reply with quoteBack to top

Jezabelle wrote:
@johnny5 and others

Final Answer-- LV and Muguito are *not* and *were not* leeching aa419.

I didn't say they were.
I said it can be done, in response to meyer saying it can't.

_________________
"When you do something right, people won't be sure you've done anything at all" - "God", Futurama
View user's profileSend private message
alan
Not quite a Newb!


Joined: 05 Sep 2007
Posts: 230
Location: Limbo


PostPosted: Wed Sep 05, 2007 6:47 pm Reply with quoteBack to top

Yes I am operating normally, but owing to the ferocity of the attack, I have had to move. My new address is alanATfastmail.es

(to minimise spam I have changed @ to AT - to use the address switch it back)
View user's profileSend private message
Doctor X
** ACCOUNT CLOSED **


Joined: 15 Apr 2007
Posts: 766


PostPosted: Wed Sep 05, 2007 6:47 pm Reply with quoteBack to top

Lord Nelson wrote:
I expect you already know this, but I bumped into this

http://www.anti-aa419.com/?gclid=CMDTsveurI4CFSQWgQodAXUfRQ

under google.


Somebody made that guy cry.

Good.

--J.D.

_________________
וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה
View user's profileSend private message
Agi Hammerthief
Infidel


Joined: 12 Mar 2006
Posts: 668
Location: .de


PostPosted: Wed Sep 05, 2007 7:13 pm Reply with quoteBack to top

re: Alans post

so I guess the CC's to the database addy are not going to arrive for a while?

_________________
only posting Surplus Letters from my personal mailbox

in gods we trust - all others pay cash

hug the trolls - maybe it will help them to stop being a worthless piece of trash

CellphoneCellphoneCellphoneCellphoneCellphone CellphoneCellphoneCellphone Cayman Islands United Kingdom x3 Nigeria
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicThis topic is locked: you cannot edit posts or make replies.


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT