/ omfgoggles

Baby's First DDoS

I've been a sysadmin for 10+ years. I've run lots of systems for my own use, game servers, voice servers, asterisk servers and web servers for production use at work. In all that time, I've never managed to have one of my systems targeted by a DDoS.

That is, until yesterday afternoon.

Some background: I'm a big IRC user, and I have been since I was in middle school. I use it to talk to friends on a private network, chat with likeminded people and to assist other people with *nix and network related stuff (depending on the network).

A month ago, I switched VM providers because the offer of fast disk i/o, reasonable pricing, good network quality, good support, etc. was an alluring proposition. I ported all my content and services over, and was happy enough with the service to provision a second VM in their second DC so I could offload my asterisk server from my home KVM host. I joined the provider's IRC channel so I could be aware of stuff happening on their network, and so I could maybe provide some help to people setting up servers and services.

What I found in their channel is a gaggle of know-it-all kids with entitlement complexes and a gross infatuation with some other kid who runs a shady/shitty hosting service.

Fast forward a couple weeks, and this particular provider has continually reported DDoS attacks on their cheaper (OpenVZ-based) hosts. This made me uneasy, because I'd never seen so many DDoS' pointed against virtual servers. I think part of this is related to the prevalence of Minecraft and other game servers hosted on this provider's network, along with vague policies that don't really discourage users from abusing BitTorrent (beyond "don't do anything illegal", which we all know is really effective at keeping people from doing illegal shit..) and running IRC bots and stuff. The provider is proactive, and they try vigilantly to keep customers happy, but it's hard to be happy with a service when their networks and host systems are constantly under near-unmanageable assault on a regular basis, affecting the network and users on boxes that aren't targeted by attacks.

ONWARD:

On Thursday night, the aforementioned dumb kids were once again babbling about the other dumb kid and his hosting service, and one mentioned they had a SQL dump from the dude's site or something, and that they were building a troll site about this dude. The next day, a bunch of the provider's hosts were going down, taking my services and hobby VM with them. The only thing targeted VMs all had in common was that we each ran an IRC client or ZNC session from our VMs.

If you remember in my previous post I'd been learning Arch Linux...well, as part of my practice and practical use learning, I used some of my account credit with Linode to spool up an Arch VM and moved all my content over to it, got my git repo working and stuff...and left it running, only to have my primary VM taken down by stupid kids.

Naturally, I was annoyed by that whole thing, but realized I could just cut over to the Arch VM for now, so here we are. I said I wouldn't do it, but I guess a DDoS coupled with annoyance just won me over.

Baby's First DDoS
Share this