[Imc-web] Re: thwarted DoS

mysarah mysarah at insightbb.com
Tue Jul 5 19:24:36 CDT 2005 

Wow! Ok, first off, I'm not too tech-oriented, but I can tell you what I 
know.

I did visit the ucimc website to read Anna's newest drivel yesterday , and 
then my computer locked up (or the website did), which, unfortunately 
happens to me sometimes.... I was frozen (or so I thought) and I was on the 
View comments page, and I hit a couple of other links there thinking it was 
just chewing on something (I need to add memory, I'm getting low....), and 
then when nothing happened, I left the website. I never *was* able to get 
back. I *was* able to get to it from work today. I still cannot get to it 
from home. I'll do a bunch of stuff on the computer to see if I have 
anything malicious going on. I'm sorry if I sent the website into a 
tailspin....

I *did* sign up for the coalition for police review list cuz after reading 
the front page story on the local rag on Sunday, I realize I need to get off 
my butt a bit more....

Thanks for letting me know. If there is anything I can do to help discover 
what happened or prevent it from happening again, let me know....

Sarah

----- Original Message ----- 
From: "Zachary C. Miller" <zach at chambana.net>
To: <tech at ucimc.org>; <web at ucimc.org>
Cc: <mysarah at insightbb.com>
Sent: Monday, July 04, 2005 11:48 PM
Subject: thwarted DoS


> (Sarah, I'm Cc'ing you on this because our website just got hit by a
> flood of traffic from an IP address that may have once been associated
> with your computer. This is probably a coincidence or else just a
> glitch with your computer or our website but I put a few questions for
> you at the bottom of this email just to see what is up so I can unbann
> the IP address. Don't worry, I have absolutely NO suspicion that you
> meant to do anything bad to the server and you probably weren't even
> involved....you're just a clue. Let me know if this is confusing.)
>
> We just got hit by a flood of hits from 12.223.133.242 that drove our
> load average way up. The hits were to such articles as:
>
> /newswire/display/62151/index.php
> /newswire/display/58110/index.php
> /newswire/display/52687/index.php
> /newswire/display/59544/index.php
> /newswire/display/49493/index.php
>
> As well as numerous hits to our front page.
>
> 12.223.133.242 is a local C-U area Insight cable modem user.
>
> That IP address is temporarily banned while I sort out what happened.
>
> It seems that MAYBE mysarah at insightbb.com subscribed to the cprb email
> list earlier today from this IP address. That person is a known
> community member and active participant in IMC groups and I don't
> think she would purposely DoS our site. I can think of one of three
> things that happened:
>
> 1) Since that is a dynamic address the person who had that IP address
> at noon today and the person who had it for the DoS just now are two
> different people.
>
> 2) The person who DoSed us randomly chose mysarah at insightbb.com as an
> email address to stick into a subscription form as part of probing our
> network.
>
> 3) The Denial of Service was due to a legitimate malfunction of
> Sarah's computer (or perhaps a virus) rather than a directed targetted
> attack.
>
> I think (3) is most likely. I'm Cc'ing this message to
> mysarah at insightbb.com to see if she has any insight into what
> happened.
>
> Sarah,
>
> * Were you accessing the ucimc website around 11pm on July 4th? Did
> you notice any malfunction with your webrowser? Were you accessing a
> whole bunch of IMC articles all at once?
>
> * Did you sign up for the cprb mailing list around noon today? (if
> so...cool! cprb definitely needs more folks involved!)
>
> * Can you access the UCIMC website right now? If you can then it is
> not your IP address that I blocked and (1) above is what happened.
>
> Thanks for helping us get to the bottom of this! We know it absolutely
> wasn't any bad intent on your part, either a glitch or a total
> coincidence that the dynamic IP address was once held by your
> computer. I'm just trying to get a feel for what happened.
>
> -- 
> Zachary C. Miller - @= - http://zach.chambana.net/
> IMSA 1995 - UIUC 2000 - Just Another Leftist Muppet - Ya Basta!
> Social Justice, Community, Nonviolence, Decentralization, Feminism,
> Sustainability, Responsibility, Diversity, Democracy, Ecology

More information about the IMC-Web mailing list