Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / so what EXACTLY happened?

Author
Message
soapyfish
20
Years of Service
User Offline
Joined: 24th Oct 2003
Location: Yorkshire, England
Posted: 30th Jun 2004 04:51
Link
Hey all,
Just wondered what exactly happened, when I saw the message about flooding little me was a little confused, are you saying people were just trying to post too many posts or what, and what's happened to the people whose i.p.'s they are?

Back to top
Profile PM Email Website
Shadow Robert
21
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 30th Jun 2004 05:06
Link
Well what happened was there was a fairy helping Rich out with the new Forums... well her b/f came around and thought they were having an office romance, and seeing as it was a lephrechaun he decided to put a curse on the forum.

Tragic really. But that's what happened without going into detail and embarrasing Rich with what REALLY happened in that photocopier room with the squirrel and tubes of UHU Glu.

Back to top
Profile PM Email Website
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 30th Jun 2004 05:07
Link
code2kill - what it says on this page is all I'm going to say on the subject really: http://www.thegamecreators.com/?m=forum

It sums it all up pretty well I think.

"I am not young enough to know everything."
- Oscar Wilde
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Jun 2004 05:11
Link
code2kill - I can only speculate but it seems by what was said and the symptoms the server was having it was prolly a DDoS (distributed Denial of Service Attack) which is basically a standard http request flood to the server (SYN Flood)

google Syn Flood and/or DDOS for info


* DBP_NETLIB_v1.4 - w/VARIABLE WATCHER & CONSOLE! * Click Logo
Back to top
Profile PM
soapyfish
20
Years of Service
User Offline
Joined: 24th Oct 2003
Location: Yorkshire, England
Posted: 30th Jun 2004 05:19
Link
Ok ok, that'll do me, I'm guessing the less asked about it the btter, almost like some kind of government conspiracy, but I'd best not say that.

Back to top
Profile PM Email Website
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 30th Jun 2004 05:29
Link
It says I was one of the ip's flooding the server? How is that possible? The only flooding I've done is trying to connect to it almost all day and it was so slow when it did connect it wasn't worth it. And now my home PC's IP appears to be banned.

Back to top
Profile PM Email
Powersoft
21
Years of Service
User Offline
Joined: 1st Aug 2003
Location: United Kingdom
Posted: 30th Jun 2004 05:49
Link
well you arent the sort of person i would expect to have maliscious intent


Create or Play? You choose!
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Jun 2004 05:53
Link
@LIT

then whoever was initiating the ddos has a trojan on your machine my friend


* DBP_NETLIB_v1.4.3 - July, 2004 * Click Logo
Back to top
Profile PM
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 30th Jun 2004 06:06 Edited at: 30th Jun 2004 06:08
Link
Thank you. And posting someones IP is not a good idea in my opinion. Couldn't you have posted the member names or something to let us know something was amiss? Or better yet you could have sent us an email then we could have found out what the problem was and corrected it. If I was flooding the server I can assure you it was by some means which are unknown to me. I don't think it was spyware as I update and run AdAware and SpyBot S&D on my machine every other day and find very few problems. Though there are two other computers on my network that I do not check as I do not use them. I have checked them And cleaned off all spyware I could find using the method discribed above. If anyone know a better way to check for spyware, or anything else that could have caused me to flood the sever please let me know. And I know it probably hasn't been long enough for you to get to it but I sent some emails asking you (TGC)about the same thing mentioned in this thread as I could not connect to the site where you asked us not to send any emails (because my IP was apparently banned) At least I can still access the site from work with what little time I have free. I would appreciate it very much if we could find a way to unban my IP (and get it from being displayed on the website) as I use the forums mostly from home. Thank you and good luck with the new server.

[edit] Could be CR but It must be something really new I run Norton 2004 pro once a week (fridays) and it didn't find anything.

Back to top
Profile PM Email
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Jun 2004 07:04
Link
Hmm, well if your machine isn't responsible and there are no trojans anywhere on your network then it is possible someone was spoofing your IP and attacking the TGC server - making it look like the malicious traffic was coming from your IP. I don't know if the person doing the attacks knew your IP belonged to you, or if it was picked randomly from a pool of known live IP addresses. You should run a firewall that can stealth all of your ports. Hiding your ports from internet sweeps keeps your IP from being added to lists of known live ips.

check out http://www.grc.com/default.htm


* DBP_NETLIB_v1.4.3 - July, 2004 * Click Logo
Back to top
Profile PM
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 30th Jun 2004 07:08 Edited at: 30th Jun 2004 07:15
Link
Thx CR I'll have a look into it. But all they have to do now is get my IP from the old forum website It might help me in the future though.
[Edit] Static IP's suck for regular internet use

Back to top
Profile PM Email
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Jun 2004 07:25
Link
at that site run the Shields UP tests to see what your pc's broadcast to the world.




* DBP_NETLIB_v1.4.3 - July, 2004 * Click Logo
Back to top
Profile PM
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 30th Jun 2004 19:11
Link
Yes, its a fairly good test - my home computers are invisible to that...


The place for great plug-ins and things.
Back to top
Profile PM Email Website
flibX0r
21
Years of Service
User Offline
Joined: 14th Feb 2003
Location: Western Australia
Posted: 30th Jun 2004 20:06 Edited at: 30th Jun 2004 21:32
Link
Me like that test

Quote: "Your Internet connection has no Reverse DNS

Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location.

When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address (Hid the IP address from this post). That's generally a good thing."


Good stuff

And because of the proxy server I am behind, i only have the http and ftp ports open, the rest are blocked, so Shields Up says:

Quote: "Attempting connection to your computer. . .

Your Internet port 139 does not appear to exist!

Unable to connect with NetBIOS to your computer."


Take THAT hackers!

EDIT: Also, ALL my ports are in stealth mode. Cool


http://www.jellystudios.tk
Back to top
Profile PM Email Website
las6
22
Years of Service
User Offline
Joined: 2nd Sep 2002
Location: Finland
Posted: 30th Jun 2004 21:25
Link
Quote: "The only flooding I've done is trying to connect to it almost all day and it was so slow when it did connect it wasn't worth it. And now my home PC's IP appears to be banned."


this is exactly why it wasn't that wise to release the ip's. I'd recommend you, Lost in Thought, to upgrade your firewall and such not just for this - but there might be people out there who could target your ip in retaliation.

as for that test, my workplace computer had 1 visible port in the about 1000 it checks... but that was closed too.


| Keyboard not detected. Press F1 to continue. |
Back to top
Profile PM Email Website
Dave J
Retired Moderator
21
Years of Service
User Offline
Joined: 11th Feb 2003
Location: Secret Military Pub, Down Under
Posted: 30th Jun 2004 21:53
Link
lol, that test thing's funny:

Quote: "Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
"



"Computers are useless they can only give you answers."
Back to top
Profile PM Email
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 30th Jun 2004 22:14
Link
Is it not one helluva coincidence that a forum member's PC has initiated an attack on the forum server?

What are the odds that one IP address in a billion picks another IP address in a billion, and they are related as forum and user!?!?

Or do these virae have the ability to look at where you go most and use that as the victim?

BatVink
http://biglaugh.co.uk/catalog AMD 3000+ Barton, 512Mb Ram, 120 Gig Drive space, GeForce 5200 FX 128 Mb, Asus A7N8X Mobo.
Terms & Conditions apply
Back to top
Profile PM Email
Peter H
20
Years of Service
User Offline
Joined: 20th Feb 2004
Location: Witness Protection Program
Posted: 30th Jun 2004 23:21 Edited at: 30th Jun 2004 23:21
Link
@BatVink...hhhmmm...interesting point...

BTW how do i figure out what my IP adress is? So i can make sure i wasn't a "flooder"


Formerly known as "DarkWing Duck"
Back to top
Profile PM Email
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Jun 2004 23:27 Edited at: 30th Jun 2004 23:29
Link
if you were a flooder you would have your ip banned right now, but to find your external IP run IPCONFIG /ALL from the command prompt on WIN2k/XP machines. On 98 based machines go to RUN and type winipcfg.exe, then browse to your adapter in the drop down - also expand the form with the more info button

if your using a NAT based router then go into the router pages and find the current status page (name differs between manf). You will see your dhcp ip address assigned by your isp.


* DBP_NETLIB_v1.4.3 - July, 2004 * Click Logo
Back to top
Profile PM
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 30th Jun 2004 23:42
Link
or goto a website that displays your ip, like this one:

http://www.whatsmyip.org


Boo!
Back to top
Profile PM Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 1st Jul 2004 01:27
Link
heh, yeah, or that -


* DBP_NETLIB_v1.4.3 - July, 2004 * Click Logo
Back to top
Profile PM
Dazzag
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Cyprus
Posted: 1st Jul 2004 02:31
Link
Quote: "What are the odds that one IP address in a billion picks another IP address in a billion, and they are related as forum and user!?!?"

Or someone wanted to frame someone else of course.

Cheers

I am 99% probably lying in bed right now... so don't blame me for crappy typing
Back to top
Profile PM Email Website
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 1st Jul 2004 05:42
Link
I am still banned from my home pc But it is pointless really I could still flood the server if I was so inclined to (which I'm not, nor have I ever been) from my work IP or connecting to the server through my website server (which is how I found out the site was not down as I had thought but my IP was banned). The server should be designed so no one can flood it anyway. If a Quake1 game server can do it then I would think a modern website server would be able to stop it (without banning the IP for extended amounts of time) then send the user an E-Mail letting them know something is wrong and it would reset itself every so often say 15 mins to tell if the IP is still trying to flood. I wouldn't mind registering my IP's with TGC if they are unable to tell which IP's are mine to help fix the problem. And Thank You for removing my IP from being displayed on the website. I appreciate it very much. Let me know what I need to do to get my IP unbanned. Thank You.

Back to top
Profile PM Email
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 1st Jul 2004 09:46
Link
I will ask our hosting company to remove the ban on your IP address - it wasn't us who made the list of IPs - it was them who determined who was causing trouble at the time, so it's possible you were caught up in this without ever doing anything malicious.

Incidently there is no Quake server in the world that couldn't be bought down - DDoS attacks cannot yet be prevented. If they could the likes of Amazon, Yahoo and MS wouldn't have all been compromised by them in recent months.

Cheers,

Rich

"I am not young enough to know everything."
- Oscar Wilde
Back to top
Profile PM Email Website
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 2nd Jul 2004 05:28
Link
Thank you very much.

Back to top
Profile PM Email
Back to top

Login to post a reply

Server time is: 2024-09-22 04:40:21
Your offset time is: 2024-09-22 04:40:21