DoS-attacks against ModdingZone

Written by Stein Magnus Jodal
Published 4 May 2001

ModdingZone have been attacked by lamers two times this year. First time in January, and last time yesterday evening. The 2 Mbit line connecting the server hosting ModdingZone to Internet transfered 250KB/sec in four hours. To stop this the server was powered down.

The first attack was not pleasant. Back then we where on a radio link, which was not very stable compared to the hardline we are on now. There was a configuration-fault in our Qmail-server which made everybody authorized to send mail through it. Somebody discovered this and sent several houndred thousand mails to a poor guy in USA. This security hole is fixed long time ago, and this will not happen again.

The attack last night was different. Somebody tried to use a security hole in the previous version of OpenSSH, which in theory can give the user root access. We are running the latest version, but have upgraded to FreeBSD 4.3 today to be on the safe side.
Anyway, the attemt to root the ModdingZone-server did not succeed, but they flooded the line with about 250 KB/sec in four hours. This made all the servers on the line pretty unavailable and the server hosting ModdingZone was powered down.
The attack was directed at ModdingZone's own IP-adress, so we know for sure it was aimed at ModdingZone and not at any of the other sites on the server. The attack came from a server using an IP owned by Imperial College of Science, Technology and Medicine in London, Great Britain. Abusemails have been sent to them, and their IP-range of 65 thousand IPs will from now on not be able to access ModdingZone or any other sites hosted on the same servers or other servers on the same line. Too bad for them, lamers.

Discuss this in our forums!