Statement concerning the attacks on SpywareInfo

Discussion in 'privacy general' started by Mike_Healan, Feb 15, 2004.

Thread Status:
Not open for further replies.
  1. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    As most people know by now, SpywareInfo, TomCoyote.org and merijn.org disappeared last week. This is due to a colossal, ongoing distributed denial of service attack. Several thousand trojaned PCs are throwing millions of HTTP GET requests at the apache server. The attacker is very determined to keep these sites off the net. Every time we filter out the attack, thousand of new machines join in. For now, the server is firewalled and all traffic is being null routed.

    No one has claimed responsibility and there has been no attempt to break into the server. We are examining files from some of the infected machines involved in the attacks. At this time, I cannot confirm or deny the rumors floating around that coolwebsearch.com or one of their affiliated sites is responsible for these attacks.

    TomCoyote.org is up and running again on a new server and the forums there are available to help people: http://forums.tomcoyote.org/. The private mailing list and malware repository for antispyware developers is also up and running on a new server.

    SpywareInfo and merijn.org will continue to be down for the next several days. My hosting service and I are working on setting up a system of multiple redundant proxy servers to shield the main server from these attacks. I hope to have this running within the next week or so.

    There are several mirrors for HijackThis and CWShredder. I believe Majorgeeks.com has the current version of both.
    HijackThis: http://www.majorgeeks.com/download.php?det=3155
    CWShredder: http://www.majorgeeks.com/download4086.html

    If anyone would like to contribute a server, please contact me at mike@tomcoyote.org. There are some minimum requirements for each server. I need a minimum PII 300MHz 128RAM, dedicated IP address, apache 1.3x on linux (preferably red hat) with root access via SSH and minimum of 100GB bandwidth/month. A Virtual Private Server (VPS) will work fine (I don't need a whole box).

    SpywareInfo will be back. It will take more than this to keep us off the net.

    Mike Healan
    SpywareInfo
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    That's the spirit Mike! :) All power to your elbow :D
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    This is (overall) good to hear/read. Tonight, I will toast to the good guys ;)
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Go get em Mike. :mad:

    They will surely be defeated. :D




    snowbound
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Mike - What's a VPS, where do you get one and how do you set it up?

    If, for instance I was thinking about helping you out, I mean. Pete
     
  6. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    X-Block has offered to host merijn.org on one of their servers and Merijn's site should be up and running again in a few days. SWI, TomCoyote, and Merijn will now be separated and no longer vulnerable to any single attack.

    A VPS is an account on a server that looks and smells like a box all to itself and allows for "virtual" root access. More expensive than normal shared hosting but not as expensive as an entire box.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Oh. I think I'm too broke to be of help in that way, then. Sorry. Pete
     
  8. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    No worries Pete. I appreciate the offer ;)

    http://www.merijn.org is ONLINE AND RUNNING!

    If you can't reach the site, add the following to your HOSTS files:

    216.40.225.12 merijn.org
    216.40.225.12 www.merijn.org
     
  9. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Sorry for my ignorance, but how do I add the suggested to my XP Home HOSTS file?
     
  10. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Pretender :)

    Here is a link on host files,

    http://www.accs-net.com/hosts/how_to_use_hosts.html

    u need to use notepad to open your host file.


    Hope this helps.



    snowbound
     
  11. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    Spywareinfo, Tomcoyotes merijn.org and Net-Intergration.net ALL DOWN as we speak

    Dell forum is still open - bookmark now - it has a malware removal board for us to use.

    http://forums.us.dell.com/supportforums

    If all else fails PM me at Dell.
     
  12. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    I can get to Merijn's site okay after downloading HOSTS file as indicated by Snowbound and placing entries as stated by Mike Healan. Not able to access Tomcoyotes site right now.

    I did have a problem with just using the HOSTS file sample by MS and adding the entries stated by Mike Healan in the HOSTS file though. So I had to download the zip/add the entries and it works now. Not real familiar with this HOSTS file thing, but learning quickly.
     
  13. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    I found out why I had a problem with the HOSTS file sample by MS and kicking myself for it. When I went to the site that Snowbound suggested then it gave me a choice of downloading the zip file by the author or downloading a HOSTS file which would allow me to put just my entries into it (MS sample file). I didn't get a download dialog box so I copied the file/put it in a notepad.exe page/and entered it where it should be on XP Home and added the entries stated by Mike Healan. There's my mistake. I should have chosen "save as" and put it in the appropriate folder/added the entries from Mike/and renamed the folder "HOSTS". I've done that now and guess what? It works. :oops:

    "Not real familiar with this HOSTS file thing, but learning quickly." Please have mercy!
     
  14. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    WE'RE BACK!

    http://www.spywareinfoforum.com/
    http://www.spywareinfoforum.com/
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Very cool! [​IMG]
     
  16. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Mike, I get "backing up the database. Come back in 5 min". Oh I am hoping it's just 5 min. :oops:
     
  17. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    LOL :D

    I decided to make a backup since no one was on the board anyway ;)

    FYI, for the moment we're using http://www.spywareinfoforum.com/forums/. There seems to be a DNS problem in some places for the normal address.
     
  18. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    WOW...it was just 5 minutes! LOL

    Yes, I could not get to the regular address, but I can get to the forums now. whoohoo!! Good work Mike! :-*
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Well done MH!, Getting there no trouble at the moment. :)
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands

    Great! Let's hope this time it will be for good :cool:

    regards.

    paul
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Errr, can you guys get any further then just the "main screen"
    Any link I click in there gets timed out. :(

    Pieter
     
  22. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    Yes all OK for me.
     
  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Fine here Pieter at the moment. :)
     
  24. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Pieter, I can log in and move in and out of the forums without any problems (it's fast), but I did notice that there is no "on-line" list at the bottom of the forum. So, I'm not showing up as logged in.
     
  25. Mossback

    Mossback Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    Location:
    The Great Northwest, Or.
    This is great news, have been anxiously waiting for you to get back, I needed a couple of definations.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.