[Imc-web] Re: thwarted DoS

Zachary C. Miller zach at chambana.net
Tue Jul 5 19:34:41 CDT 2005 

Alright, this makes things much more clear. I've unbanned your IP
address so you should be able to access the site from home again.

I suspect this may have been a glitch on our server and it only LOOKED
like you were causing the glitch because you clicked a whole bunch of
links at once while the glitch was happening. All the hits coming from
you were a result of the glitch rather than the cause of it.

I'm sorry if my email alarmed you, I really wasn't sure what was going
on. We really don't do much tracking of the accesses that come in, it
was shear luck that I was able to deduce that you'd signed up for the
cprb list from that same computer. Normally when an "attack" comes in
I don't happen to have that much data about it and so I can't contact
the owner of the computer.

Thanks for helping me figure out what was going on. 

mysarah wrote:
> Wow! Ok, first off, I'm not too tech-oriented, but I can tell you what I 
> know.
> 
> I did visit the ucimc website to read Anna's newest drivel yesterday , and 
> then my computer locked up (or the website did), which, unfortunately 
> happens to me sometimes.... I was frozen (or so I thought) and I was on the 
> View comments page, and I hit a couple of other links there thinking it was 
> just chewing on something (I need to add memory, I'm getting low....), and 
> then when nothing happened, I left the website. I never *was* able to get 
> back. I *was* able to get to it from work today. I still cannot get to it 
> from home. I'll do a bunch of stuff on the computer to see if I have 
> anything malicious going on. I'm sorry if I sent the website into a 
> tailspin....
> 
> I *did* sign up for the coalition for police review list cuz after reading 
> the front page story on the local rag on Sunday, I realize I need to get off 
> my butt a bit more....
> 
> Thanks for letting me know. If there is anything I can do to help discover 
> what happened or prevent it from happening again, let me know....
> 
> Sarah
> 
> ----- Original Message ----- 
> From: "Zachary C. Miller" <zach at chambana.net>
> To: <tech at ucimc.org>; <web at ucimc.org>
> Cc: <mysarah at insightbb.com>
> Sent: Monday, July 04, 2005 11:48 PM
> Subject: thwarted DoS
> 
> 
> > (Sarah, I'm Cc'ing you on this because our website just got hit by a
> > flood of traffic from an IP address that may have once been associated
> > with your computer. This is probably a coincidence or else just a
> > glitch with your computer or our website but I put a few questions for
> > you at the bottom of this email just to see what is up so I can unbann
> > the IP address. Don't worry, I have absolutely NO suspicion that you
> > meant to do anything bad to the server and you probably weren't even
> > involved....you're just a clue. Let me know if this is confusing.)
> >
> > We just got hit by a flood of hits from 12.223.133.242 that drove our
> > load average way up. The hits were to such articles as:
> >
> > /newswire/display/62151/index.php
> > /newswire/display/58110/index.php
> > /newswire/display/52687/index.php
> > /newswire/display/59544/index.php
> > /newswire/display/49493/index.php
> >
> > As well as numerous hits to our front page.
> >
> > 12.223.133.242 is a local C-U area Insight cable modem user.
> >
> > That IP address is temporarily banned while I sort out what happened.
> >
> > It seems that MAYBE mysarah at insightbb.com subscribed to the cprb email
> > list earlier today from this IP address. That person is a known
> > community member and active participant in IMC groups and I don't
> > think she would purposely DoS our site. I can think of one of three
> > things that happened:
> >
> > 1) Since that is a dynamic address the person who had that IP address
> > at noon today and the person who had it for the DoS just now are two
> > different people.
> >
> > 2) The person who DoSed us randomly chose mysarah at insightbb.com as an
> > email address to stick into a subscription form as part of probing our
> > network.
> >
> > 3) The Denial of Service was due to a legitimate malfunction of
> > Sarah's computer (or perhaps a virus) rather than a directed targetted
> > attack.
> >
> > I think (3) is most likely. I'm Cc'ing this message to
> > mysarah at insightbb.com to see if she has any insight into what
> > happened.
> >
> > Sarah,
> >
> > * Were you accessing the ucimc website around 11pm on July 4th? Did
> > you notice any malfunction with your webrowser? Were you accessing a
> > whole bunch of IMC articles all at once?
> >
> > * Did you sign up for the cprb mailing list around noon today? (if
> > so...cool! cprb definitely needs more folks involved!)
> >
> > * Can you access the UCIMC website right now? If you can then it is
> > not your IP address that I blocked and (1) above is what happened.
> >
> > Thanks for helping us get to the bottom of this! We know it absolutely
> > wasn't any bad intent on your part, either a glitch or a total
> > coincidence that the dynamic IP address was once held by your
> > computer. I'm just trying to get a feel for what happened.
> >
> > -- 
> > Zachary C. Miller - @= - http://zach.chambana.net/
> > IMSA 1995 - UIUC 2000 - Just Another Leftist Muppet - Ya Basta!
> > Social Justice, Community, Nonviolence, Decentralization, Feminism,
> > Sustainability, Responsibility, Diversity, Democracy, Ecology 
> 

-- 
Zachary C. Miller - @= - http://zach.chambana.net/
IMSA 1995 - UIUC 2000 - Just Another Leftist Muppet - Ya Basta!
 Social Justice, Community, Nonviolence, Decentralization, Feminism,
 Sustainability, Responsibility, Diversity, Democracy, Ecology

More information about the IMC-Web mailing list