STATEMENT: PP Blog Comes Under Attack Again

Today at approximately 5:18 a.m., the PP Blog came under attack from a swarm of international IPs. The attack appears to have disrupted operations for approximately two hours and 19 minutes.

Functionality was restored at approximately 7:38 a.m., although signatures of the attack continued to appear. The attack appears actually to have begun prior to 5:18, with prelude signatures appearing overnight — prior to the arrival of an insurmountable swarm.

The vast majority of IPs that appeared during the swarm were non-U.S. IPs. The PP Blog is published in the United States and focuses on U.S.-based crime and fraud schemes. Most of its traffic originates in the United States.

After the disabling attack was abated, a second, smaller attack, appears to have occurred. Certain elements of the twin attacks are consistent with efforts to probe the Blog for vulnerabilities and to execute command strings that include thousands of characters. A “normal” command string contains perhaps dozens of characters.

A professional analyst who reviewed a huge command string targeted at the Blog last week said it was consistent with a hacking attempt, meaning the attackers might have sought to break into the Blog’s server. Elements of today’s attacks were consistent with the same pattern. Nothing suggests the break-in bids — if that’s what they were — were successful. In any event, the traffic was so overwhelming that it knocked the Blog offline for more than two hours.

The PP Blog experienced sustained DDoS attacks in October 2010 and November 2010, including one in which more than 6 million “hits” were directed to the Blog in three hours. The Blog also has been subjected to spoofing bids, relentless spam and other efforts designed to disrupt its publishing operations and create havoc.

The image above captures a sudden wave of mostly international IPs that descended on the Blog beginning at 5:18 a.m. The sudden visitors mostly sought to pull “old” stories simultaneously — on a range of topics.

Meanwhile, the image below shows that the PP Blog was knocked offline for more than two hours earlier today. An IP associated with China recorded the last “hit” on the Blog at 5:19 a.m. The next “hit” did not occur until 7:38 a.m. Because of certain signatures left by the visitors, the Blog believes that U.S.-based IPs also were a small part of the attack and that the event was engineered robotically.

About the Author

17 Responses to “STATEMENT: PP Blog Comes Under Attack Again”

  1. Quick note: Another attack appears to have begun at approximately 1:57 p.m.

    An analyst told me a short while ago that the attack earlier today caused the server to operate at more than 1,000 percent of capacity.

    Patrick

      (Quote)

  2. You have definitely put a bee in someone(s) bonnet. I keep thinking back to “little joe” and his claim he would keep you busier than a one-arm paper hanger, and would cause you all kinds of trouble. Kind of makes you wonder doesn’t it.

      (Quote)

  3. Three questions come to mind after reading about these attacks:

    1) Who has the ability to pull off such attacks?
    2) Mechanically, how is it even possible to do this?
    3) What can be done about it?

    These are rhetorical questions, Patrick. I don’t expect you to respond, but I can’t help but ponder them…

    -PWD

      (Quote)

  4. You must admit these people are persistent.

      (Quote)

  5. You are putting the hurt one the scammers and they want to shut you up.

      (Quote)

  6. Patrick Dunn: Three questions come to mind after reading about these attacks:1) Who has the ability to pull off such attacks?
    2) Mechanically, how is it even possible to do this?
    3) What can be done about it?These are rhetorical questions, Patrick. I don’t expect you to respond, but I can’t help but ponder them…-PWD

    Patrick,

    Do a quick Google using the term “Botnet” and you’ll find everything you NEVER wanted to know.

    You can download a report of how a 13 year old boy brought down the website of one of the ‘nets’ foremost internet security experts here: http://www.crime-research.org/library/grcdos.pdf

      (Quote)

  7. Hopefully your servers are robust enough to continue to withstand obvious efforts to disable you as an information source.

      (Quote)

  8. Call Lynn

    Get my phone number and I will coach you. I have been under attack since the birth of the MLM Watchdog… online in blog format since 1997. Maybe it had to to do with the ABC’s 20/20 feature on Equinox or Nightline with other scammers. At that point you not only collect DOS and hacking attacks but also bullet holes in the trunk of your Mercedes Benz SL 600 convertible. Now that really pissed me off……. I have several solutions being experienced at pissing of scum bags. Will be glad to share.

    Keep up the good work, you make me look like a piker dealing with Pyramids when the Ponzi scum bags steal 10x the millions that pyramids do. Amazing…

    Lynn you keep up the good work too!!!!

    Rod Cook
    http://www.mlmwatchdog.com/Bravenet.html

      (Quote)

  9. PP – did any of the traffic come from Asia? Hint: things are cooking again, end of hint.

      (Quote)

  10. Here is an article by John Robb

    If you want to bring down a country’s information infrastructure and you don’t want anyone to know who did it, the weapon of choice is a distributed denial of service attack. Using rented botnets, you can launch hundreds of thousands — even millions — of infobombs at a target, all while maintaining total deniability. In this hypothetical scenario, a single attack launched by China against the US lasts only a few hours, but a full-scale assault lasting days or weeks could bring an entire modern information economy to its knees.

    http://www.wired.com/images/article/magazine/1509/ff_estonia_map_w.jpg

    http://www.wired.com/politics/security/magazine/15-09/ff_estonia_bots

      (Quote)

  11. Lynn said: I keep thinking back to “little joe” and his claim he would keep you busier than a one-arm paper hanger, and would cause you all kinds of trouble.

    I replied: For our newer readers, “little joe,” an advocate for Ponzi schemes, threatened in 2009 to start “fires” we could not put out and to tap into insecure network connections to cover his tracks. He’d come back like a “bad penny” any time he pleased.

    At one point in time, he appears to have leeched off the network of a local government in California to keep a stream of unwanted communications coming to the Blog.

    He eventually authored a magical construction by which he would both continue to commit a crime against the Blog and hold the Blog at ransom by threatening to sue.

    His apparent theory behind the threatened lawsuit was that the use of aliases insulated him from criminal or civil prosecution and gave him a lawful platform from which he could send repeated harassing communications and have them published.

    Under “joe’s” apparent theory, a person is permitted to stalk and harass individuals and businesses on the Internet — and create labor-intensive and time-consuming maintenance work — simply by creating aliases.

    “joe’s” advocacy for the AdViewGlobal autosurf, which collapsed in June 2009, was the precursor for the later events, including the threat to start “fires.”

    Longtime readers will recall that AVG, which had close ties to ASD, was sponsoring a 250 percent “matching bonus” just prior to its collapse — this after weeks and weeks of 200 percent matching offers. They’ll also recall that there was considerable paranoia within the AVG ranks in the final weeks.

    It later was revealed that the grand jury that indicted ASD President Andy Bowdoin began meeting in May 2009 — just as AVG was getting ready to tank.

    On a side note, Club Asteria how has extended a “matching bonus” offer — and some folks say it has more than 230,000 members.

    Patrick

      (Quote)

  12. littleroundman: Do a quick Google using the term “Botnet” and you’ll find everything you NEVER wanted to know.

    You can download a report of how a 13 year old boy brought down the website of one of the ‘nets’ foremost internet security experts here: http://www.crime-research.org/library/grcdos.pdf

    Thanks, LRM; I did both things and am absolutely astounded at what I learned.

    Here’s a snippet from the story about the 13 year old that blows my mind!

    “Contrary to what you might presume, I did not regard any of this as particularly bad news. I felt that I should do what I could do in the legal arena, because I should. But I really didn’t have any desire to be responsible for putting a 13 year-old behind bars. I have since told “Wicked” that if he doesn’t wise up, in five years his “youthful offender shield” is going to dissolve and he could find himself in some serious trouble. He says that he was already in trouble with the FBI when he was eight — for hacking government servers. His computer was taken away until he was ten, then he was carefully monitored for another year until he was eleven. But now he’s right back at it.

    -PWD

      (Quote)

  13. Monday, April 4.

    I’ve just banned six IPs — foreign and domestic. All sought to load the exact same story that is more than two years old. All of the IPs also sought to execute a very long command string.

    Patrick

      (Quote)

  14. Quick note: Have been emailed five executable files since 10:26 a.m. today. The software warns me that the emails contain an executable — and disables them.

    Patrick

      (Quote)

  15. Have banned several more international IPs.

    Patrick

      (Quote)

  16. Well Patrick, you are obviously getting your reports a bit too close to the mark for some of the less than legal “businessmen” and “businesswomen” whose “businesses” you write about.

    Congratulations

    As the majority of the issues you write about are frauds which rely on the power of the internet for their $$$s, your reports are clearly hurting their continued intake of ill gotten gains. They know you only report verified information and they want to stop you. They can’t sue you for libel as their schemes are illegal or sailing very close to the wind and as illegality doesnt seem to bother them, illegal abuse of your website is their remedy.

      (Quote)

  17. [Temporarily deleted with apologies to Tony. Sorry, Tony. You’ve done nothing wrong. The comment to which you’re responding also has been temporarily deleted. I may have something more to say about this later, but I have been advised to take down the comment to which you’ve responded.]

    Patrick

      (Quote)

Leave a Reply