Blogging service WordPress suffered a further series of denial of service assaults on Friday, days after recovering from a particularly debilitating attack. WordPress.com, which serves 18 million sites, traced the vast majority of the attack traffic of the latest assault back to China. Analysis pointed to a Chinese language site …
Get a better firewall...
...and don't leave a chink in your armour.
Coat & rickshaw please.
How to lose credibility
If up and coming countries particularly ones like China, Russia and India want the rest of the world to take them seriously, demonstrating macho attitudes by the way of cyber terrorism is not the answer. The entire world knows that any 14-year old techno-savvy script kiddie can launch DDOS attacks and inject malware into an unsecured system, so by demonstrating the ability to do this is not a demonstration of techno power.
If such actions are politically motivated, it simply shows the immatureness of the authorities and not really credible in the eyes of the world. It would so much better if the authorities (in all countries) clamped down on script kiddies and came down hard on cybercrime and spammers, thereby proving that they understand the meaning and power of technology. The world and all its users therein will soon welcome and embrace their techno-savvy overlord.
What you fail to realise is that China has the largest internet enabled population in the world, Asia has by far the largest internet enabled population of any continent, and with that comes all the problems of having the largest internet population in the world, and problems that every nation has in varying levels.
Infact China alone has more internet users than the whole population of North America and very nearly as many internet users as every nation in Europe has (internet users) combined. It has gone from 22.5 million users in 2000 to an estimated 420 million users in 2010. And that unimaginable growth still means that only a third of the population is wired.
Just as there was a lad hosting his hacking forum in UK there are lads in China doing the same thing.
Sure there's government operation, but if you think that's unique to China you're wearing some wonderful glasses. It may be that the Chinese are just not quite as good as others at it for the moment,
Can't we just cut China off from the rest of the internet? No good ever comes from there.
Much less spam originates from China now, though it still hosts a lot of bad sites.
Fortunately there is a solution that spamassassin can identify websites hosted in China and then quarantine them.
I drop incoming port 25 for China and other countries that my clients don't do business with, so all those zombies can pee into the wind now...
However, for rare cases of a legitimate mail, I open the port for an hour a day for all countries to allow any queued mail to be delivered, then the iptables gate comes down again.
As for ddos, banning China could help, if there are no babies in that bathwater.
Dropping http request packets at the firewall can protect the webserver against being overloaded, but those packets still take up bandwidth, and extreme ddos can saturate bandwidth enough that nothing gets through, regardless of firewalls.
Defeating ddos is difficult, and needs more upstream assistance.
Analysing the traffic and using adaptive dropping is one technique.
I suffered a ddos attack for 18 months against a 50Mb video file, I defeated it by using heuristics and adaptive banning, but by the end of it I had 200,000 rules in an iptables chain.
Why they did it is still a complete mystery.
200,000 rules? Were they all just because of that 50mb vid file?
Made a mess of my web stats, but fortunately had unlimited bandwidth...
Still, 100Gb+ daily bandwidth is not nice even if it didn't have any impact on the servers ability to do its job, and my countermeasures did work.
If I removed the file or renamed it, the hackers would just adapt and find something else to attack, so I just silently dropped the traffic using some .htaccess rules, php and a root process to append to iptables and a db to keep track and expire them.
Luckily iptables can handle so many rules and still function because of hashing, but it involved a lot of effort to identify the rogue traffic.
I still don't get why anyone would attack Wordpress, except either as a test of DDOS capability or because they hate free speech. So I could see the Chinese /government/ attacking it...or actually any number of different governments for that matter...
<Can't we just cut China off from the rest of the internet? No good ever comes from there.>
Fireworks (cleverness), Tianeman<sp> square (some want their freedom), Chinese art (aesthetics), iching (spirituality), Monkey (cool tv show). So, some good.
And, you know, Foxconn built my iPad. So, there's that.
Mind you, the Chinese leaders aren't the only governments who throw their toys (civilians) out of their prams (into secret torture prisons) when they're pissed.
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK