Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

spywareinfo, merijin, and tomcoyote servers got hacked

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
kao321
Warrior


Joined: 26 May 2006
Last Visit: 14 Dec 2007
Posts: 183
PostPosted: Sat Oct 21, 2006 7:26 pm    Post subject: spywareinfo, merijin, and tomcoyote servers got hacked Reply with quote
Here is the link: http://www.castlecops.com/a4849-Spywareinfo_Hacked_By_Meanies.html

Here is an article i read about this:

I received this in an email from lockergnome.. and thought that it would be useful here.
By Meryl K. Evans
Februrary 23, 2004

I talked with Mike Healan, the editor of SpywareInfo, a resource providing the latest spyware threats, forums, and links to related articles and information so that your system can stay free and clean.

Mike has a dedicated server in Atlanta which hosts spywareinfo.com/net/org, merijn.org, tomcoyote.org, dogreader.com and mikehealan.com. On Feb 6, there were a few sporadic DDoS attacks that were easily filtered out.

On Feb 11th about 8am, several hundred PCs infected with some sort of trojan started hammering the server with bogus traffic to port 80 (HTTP). Mike's Web host started blocking IPs trying to open too many connections and brought the server up. 10 minutes later, 2,000 more PCs hit the server and knocked it down again. The data center started blocking wide ranges of IP addresses and stopped the attack again. They attacked again after that and the data center finally firewalled the IP address of the server.

On Feb 12, we switched IP addresses and brought the server back up. 2,000 - 3,000 PCs brought the server down again about 15 minutes later and the data center firewalled the new IP address at port 80 (HTTP). That's why Mike's e-mail works, but not the site.

On the 13, Mike moved tomcoyote.org to hostpc.com and merijn.org to xblock.com. He put out a newsletter using tomcoyote.org explaining what was going on and asking for some donations to help cover costs. The next day, several thousand PCs attacked merijn.org and knocked down merijn and xblock. Several thousand more hit tomcoyote.org and knocked it down along with one of hostpc's servers. Both sites are still down, xblock is back up, and the status of hostpc is up in the air.

On Feb 18, the crew put up two proxy servers that pulled data from the server in Atlanta and used a round robin DNS failover system to load balance traffic between the two proxies. Spywareinfo was running again and dogreader was partially working the next day. The bad guys hit the servers with about 2,000 PCs and the proxies lasted about 36 hours before they were knocked offline. Both servers have been shut down by their data centers.

On the 19th, the meanies also attacked Net-Integration.net, which hosts the support forums for Spybot S&D. A lot of the moderators and helpers at SWI are also admins or moderators for that support board. N-I is back up.

That's where they currently stand.

Starting tonight or tomorrow (hopefully), spywareinfo will have dozens (maybe hundreds) of redundant proxy servers provided by a new corporate sponsor (that can't be named yet). They will provide however many servers and IP addresses it takes to keep the site running in exchange for a newsletter plug and an ad on the main site.

At this point, we don't know who is responsible or what they're using. There is a suspect, but we can't prove it yet.

One guy wrote to say his firewall was logging an enormous number of connections to Mike's site and he couldn't figure out why. He contacted Norton's tech support and they said they were also showing something making connections to his site, so we may be about to get our hands on whatever they are using.

He has been in touch with the FBI about this, but they're playing phone tag. Unfortunately, he's used up $2,500 so far, hostpc about $1,400, xblock at least $2,000, plus some losses for their other customers on their server. Lord knows what it's going to cost overall.

Mike appreciates all the support from his readers and from other antispyware companies. Donations (or plug paypal@spywareinfo.com into paypal) are appreciated as these are free resource sites that have to pay their bills like everyone else.
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
PostPosted: Sat Oct 21, 2006 7:48 pm    Post subject: Reply with quote
This is old. This happened back in February, 2004

Also, the servers didn't get hacked. they went down because of a denial of service attack. In short, so many computers kept trying to connect to the server, that it couldn't process them all and the websites went offline. No one got access to the server and info, they just knocked them offline.
_________________
Nick's Security Ticker

Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group