DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

One month later, pathetic DDoSer keeps trying and failing (1)

Posted on April 9, 2024 by Dissent

By “Dissent Doe, PhD” and “Batman”

March 7 started out fairly normally – until DataBreaches.net was hit with about 11 million requests in less than an hour. Most of them were from Russia, but of course, that didn’t prove anything. But it seemed clear that DataBreaches had ticked someone or some group off.  Again.

Ticking off some ransomware groups or individuals is not exactly rare for this site or blogger. Then again, ticking off some victims is not exactly rare, either.

Did AlphV get mad because DataBreaches reported on their exit scam and fake listings?  Or did LockBitSupp get mad because DataBreaches reported on their repeated failures to leak data after threatening they would?  Or was it some clown this site reported on recently?

Who was behind this attack? DataBreaches still has no idea, but the attacks have continued every day since March 7. If those behind the attack are smart, they’ll never admit they have wasted so much money trying to take this little blog down.

Luckily for DataBreaches, several people—some with “white hats” and some with “black hats”—came forward to offer their help and expertise.

Enter—let’s call him “Batman” for now—stage left. DataBreaches will let Batman explain what happened next.

“I Think We Can Take Them” — Batman

A day or two after the attack started, I got involved. Since then, I have been involved on a daily basis to keep DataBreaches online.

Did I succeed? YES! How did I do it? Magic. Well, not really.  Here’s a bit of how the attack has been mitigated:

The site’s backend server had been on the Akamai/Linode network and the attackers had found the backend.  I moved the site over to  new hosting and added a Content Delivery Network with enough servers to handle the large number of requests that started coming in.  Since then, it has been a game of cat and mouse with the DDoSer. One day the DDoSer upgrades, one day we upgrade. All of his IP addresses are reported to Spamhaus, which has resulted in about 80% of their IPs being blocked.

On a daily basis now, there are about 850-950M Requests Per Hour. Sometimes there are about 30-40M Requests Per Minute, but those are short-term spikes. To mitigate those, we add new load balancers daily and reconfigure our firewall. Some screencaps of analytics at different times appear below. Short spikes generally have little impact.

225 million requests in 15 minutes.
This attack didn’t succeed either.
Some stats from analytics.
Some stats from analytics.

“I’m Still Here” — Batman

Special shoutout to the lame DDoSer: We are able to take more than 5B requests per hour,  so we do not mind you adding more power to your attacks at all. Just kiss your customers goodbye.

To everyone else: What can we say? If you’re thinking of hiring a DDoSer, we would give a 1-star review to the DDoSer whose ToxID is C68B75E6722F0A678FDA7FB0713F60F857F937EA8A8C8B057FAE3752124A932C83CBC097C1D4  and suggest you save your money.

We do not know how much someone has paid him over the past 1+ month to DDoS this site, but they have wasted their money on him.

 


Update 1: It looks like the DDoSer had himself a little hissy fit after the post appeared. There were 24.7 billion requests in a 12-hour period.

Guess the DDoSer didn’t appreciate the post. 

 

Category: Blog

Post navigation

← More Woes for Change Healthcare and Patients
One year after breach, CCM Health notifies almost 29,000 patients →

1 thought on “One month later, pathetic DDoSer keeps trying and failing (1)”

  1. Jeanne Price says:
    April 9, 2024 at 8:33 pm

    I just love this site. It’s far from dull.

    Congrats, Dissent, for your courage and smarts in dealing with this guy. Welcome Batman! You rock.

    Jeanne P.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.