• Anything ‘published’ on the web is viewed as intellectual property and, regardless of whether it displays a copyright symbol or not, is therefore copyrighted by the originator. The only exception to this is if there is a “free and unrestricted reuse” statement associated with the work.

    In order to protect our members and TFL from possible litigation, all members must abide by the following new rules:

    1. Copying and pasting entire articles from another site to TFL is strictly prohibited. The same applies to articles from print or other media, and to posting photographs taken of copyrighted pages or other media.

    2. Copyright law provides for “fair use” of portions of a copyrighted work. You can copy no more than a SINGLE paragraph from the article to your post (3 or 4 sentences at most).

    3. You must provide a link to the article along with the name of website. For example: ww.xxx.yyy/zzz (The Lower Thumbsuck Daily News).

    4. You must provide, in your own words, a brief summary of the article AND your reasons for believing it will be of interest to TFL members. Failure to do so may result in the thread being closed or your post being deleted as a “cut and paste drive by.”

    5. Photographs and other images are also copyrighted. "Hotlinking" of images (so that it appears in your message) from other sites is also prohibited unless you own rights to the image. If you wish to share an image, provide a clickable link to it.

    Posts that do not follow these new guidelines will be altered or deleted by staff. Members who continue to violate this policy may lose their posting privileges at TFL.

    Thank you for your cooperation and your participation in TFL, the leading online forum for firearms enthusiasts.

THR is down right now...again

Status
Not open for further replies.
I believe a hacker was brought in by someone from one of those agencies for a little payback. Either with the approval of the front office or an angry individual bringing in a cyber-hitman.

I would be willing to bet that if you walked into any of "those agencies" and asked everyone one on the staff, "What do you think of The High Road"?" you would get one of three possible answers:

A. "What?"
B. "I think we should take it!"
C. "You should take it and I'll take the low road and I'll be in Scotland afore ye."

While THR is a great board and a lot of good is accomplished there, it isn't that high up on anyone's radar. It may just be that someone found it was a server that could be easily taken down. Most of these things, be the DOS or defacements are down because the site vunerable, not because of the site's content.
 
My guess is that it's personal and not related to gun politics at all. Someone who has a grudge against Oleg or some geek who got booted off of THR because he was trolling.

If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.

:mad:
 
I really hope your right, txgho1911 and Jorg. Your reasoning sounds plausible so it may very well be the case.

I certainly hope they catch whoever is responsible.


RNB65,

I'd thought of that, but, the conspiracy theory sites I surf are starting to rub off on me. Does it show? :D
 
THR DoS refugee checking in :)

I popped over here (my first time? probably have read indiv. threads here once in a while when google pointed me here) just to see if it was *me* who couldn't get to THR, or if the site was truly down.

And what the hey, my THR user name was available, so why not register? :) Glad to see so many familiar names here, even if I'm likely to use THR mostly (when it's back up) -- TFL seems like a nice board, but I need to limit my addictions.

As someone (or several) has pointed out, getting past a determined DoS / DDos attack is really tough; I used to work for a site that was attacked pretty much every day, and it took dedicated sysadmins (a job I couldn't do and wouldn't want), a good ISP, and some very smart coders constantly narrowing the gates to even keep things bearable.

timothy
 
Where do we send donations?

Derek Zeanah set up a paypal account for online donations. I have done such and encourage others to do the same, so maybe Oleg and company can move to a more secure host.

Send paypal to derek@zeanah.com. Make a note in the paypal description field that it is for THR maintenance (or APS maintenance, etc.) so he will know what the funds are allocated for.

Derek also made note of an address you could send a check if you wanted. But I didn't note it, as I preferred an online transaction. Maybe someone else here can provide that info. [ETA: See below for physical address at which you may send a check - Thank John for providing that info.]

If it was just gun related, the attacker would also be going after TFL, Glock Talk, ARFcom, etc.
Actually there was one night a few weeks ago that THR, APS, GlockTalk and Arfcom all were down simultaneously. It lasted several hours, IIRC. TFL went down that same weekend as well I think, but not for very long.

That's when I began to think that maybe it was something more organized that just a pimple-nosed goober fooling around. But who knows...
 
Last edited:
DEREK ZEANAH
470 Country Club Road
Statesboro GA 30458

Put a note on the check that it's for THR.

I have got to stop saving every little scrap of paper. :)

I sent my check last week.

John
 
I tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too. :confused:

Also just finished looking up other DoS and DDoS attacks in the last month. There (as of yet) seems to be no pattern.
 
Probably not

Hear of "zombies" used for DDoS?

A compromised server or workstation is running a DoS bot (without the owner's knowledge).

It receives a command to attack a given server.

It launches its attack without further intervention from Doctor Evil.

The attacks don't track back to Dr. Evil, so nobody hits him.

If someone works out it's him and slams his server, it still doesn't kill the DDoS bot, which is running autonomously.

Kinda icky.
 
What would happen if the offending systems were a victim themselves of a DDOS attack? Would THR and APS come back up? :confused:

Not if it's a DDoS attack.

DDoS relies on "Zombie" machines that often don't even know what they're doing. Think of it like SkyNet from Terminator 3. It wasn't some evil super-Cray-computer located in one place, but rather a bug that cell phones, PCs, PDAs, campus networks, etc. had.

There's what, 270 million people in the United States? Now, not everyone has a PC, but several have at least one or two (and let's assume it balances out). If even .1% of them (270,000) sent a measly 1MB of data to THR, that's about 270GB of bandwidth, in one moment, that THR simply cannot (financially) contend with.

A counterattack on those machines responsible would require... let's see... a total of 72,900 Terabytes of information... and it wouldn't even be effective. It'd be easy to pick out another .1% to mount another attack on THR from.

Like dealing with weeds, you can't just clip the leaves. You gotta go for the root. And right now, we have no idea just where that root is. :mad:

Edit: ArfinGreebly explained it more simply...
 
Last edited:
Details

I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.

A very simple "THR" (or whatever) initial log-in or check-in page would need very little capacity when compared to the normal page delivery- 200K vs. 1.5K, maybe, for example. Resistance to any number crunch program would entail a max. number of potential tries before that address should be placed in a "suspended" file, for at least a measure of time, maybe an hour or day, just like the way that bank password files should act.

That type of gateway would entail minimal inconvenience for users, but add an order of magnitude to the difficulty placed in front of "net" attacks.
 
I like that idea. I've seen it in use elsewhere. How hard would it be to set up an initial screen, or to limit ANY access to THR to signed in members--as they've done with some other boards?
 
Or Not

The attacks are not "spam" attacks, where bots pretend to be people.

These attacks are at a lower level.

TCP/IP itself has some vulnerabilities that make it possible to attack using SYN floods and other tricks that force the receiving end to try to "make sense" out of deliberate nonsense.

Imagine your phone ringing every few seconds. The caller doesn't have to have a conversation with you, or even speak, but he can effectively tie up the phone (and you with it) and prevent you from using it for anything meaningful.

It's possible to achieve essentially the same thing on the 'net, by taking advantage of parts of the protocol that are intended to provide connection and reliability and abusing them to the point where nothing useful can happen along that line.
 
The problem is that the basic protocols upon which the Internet is built are flawed and very vulnerable to abuse.

There is nothing flawed about the protocols. More security means less performance and less anonymity (in this case). It is a tradeoff.

The reason that DOS attacks are so hard to stop is because it's very difficult to tell where the packets are coming from. The source addresses on IP packets can be easily forged (one of the weaknesses in the IP protocols) and when the packet arrives at your router, there's no way to tell where it came from if the source address is fake. If you try to filter the packets based on source address, the attacker just changes the source address in the packets and they go right past your filter rules.

No it's easy to prevent forged source IP addresses. Routers just check the source IP of outgoing packets and if not within their subnet they drop them. Again, there is a tradeoff, less performance.

There is no easy way to stop a determined DOS attack without spending BIG $$$.

It all depends on the type of attack.

I have seen the "human-check" at various sites that have claimed to be victims of "ddos".
One uses a check-in that has numbers in a background that makes it impossible for machine readers to pick out the random number that is generated for each go at the entry page.
Another has a simple math problem that must be solved correctly to enter.

They are called CAPTCHAs. May or may not work here, depends on the type of attack. No details.


Finally just want to say, having a cooperative ISP that actually is around 24/7 to work with you will help greatly.
 
All I know is I wish who-/what-ever is resoponsible for these attacks would find a more deserving place to attack. There are a LOT of them on the internet. Actually, I just wish they would grow up, change out of their diapers, and go away, but I know they won't.

Thanks to TFL for taking THR's wanderers!! It does make me wonder how many new members TFL has picked up this weekend.
 
TFL, not just for firearms any more. :D

I have learned more about cyber attacks here than anywhere else, did not expect that.
It just goes to show you, an attack can be at any place, any time, and in any form.
 
Puts on TinFoil HAT!

tried a quick search for anything posted over at DU, along with a Google search. Nothing at DU, and the only results I got for "www.thehighroad.org DOS attack" were here. *shrug*

And now it looks as though DU is down too.
Oooo! Ooooo! It's the goobermint. The JBT's are taking down all the TRUE BELIEVER sites as a test. When the DAY comes they don't want them or us using the internet to organize ourselves to resist them.

[takes off TinFoil Hat]

Hell of a coincidence though...
 
Status
Not open for further replies.
Back
Top