Jump to content

Sorry about the server troubles today

SDS

By SDS
in The Stadium Wall Archives

 Share

Recommended Posts

K8prisoner Practice Squad

K8prisoner

Posted
Posted

By definition a shart is messy. In order to win or capture the shart , everything should stink and unexpectedly , at least to outside observers, turn into to a ah&££¥ mess.

Excellent job, if everyone leads by example we will be Edmonton or maybe like Chicago by 7 1 14 . Then we can fly a brown stained sabre flag that is no longer flying upside down with a collective sigh from all involved of "oops, do you have a wet nap". The fact that we don't have a collective wet napkin we can be absolved of any catholic guilt that goes with a large wry smile while we eat our teds and a beef weck in the knowledge of a shart well done. The smile may represent the league wide threat of another franchise with more than hot air to expel in the near future. Well , with a good coaching choice and egos in check there with only be one diaper flying downtown. I will try to not to drive head on over the median on 75 today even though I just bought extra insurance on my health and vehicle in celebration of the first true chl lead up to playoff victory ... And cloud that enveloped the country like messy explosion leading the charge of a new bison path of destruction where no life or career is safe now

Link to comment
Share on other sites
Best Player Available All Pro

Best Player Available

Posted
Posted

don't know if it was a hack or a corrupt database but the database process list was packed with processes from there. Took it offline.

FWIW after a few years of hack free operating. In the past few weeks accounts (not mine) but from a business asociate Linkedin, and allstate insurance who i just had paid premiums were hacked and a breach was tried on all of our devices. Amazingly windows based devices caught them. Apple I-Crap let them in. But we caught them before opening.

 

hacking at all levels i am afraid is the new everyday experience for anything from a gmail account to my personal website. Logs to governments, and just about everything in between for all of us. it will not end and needs to be dealt with by the providers, and otjers. For,the everyday guy buying Norton you are simply burning your money. In the past few months the uptick in hacking worldwide have shown what damage can be done. Most is coming from the eastern bloc. At least in our issues. Fingerprint id is now way worse than using a password for those that use that sort of crap logging in I would not recommend it unless you are a shut in. A retina scan my still be safe. For those experienced with that it can be a major pain in the butt.

Link to comment
Share on other sites
JohnC All Pro

JohnC

Posted
Posted

FWIW after a few years of hack free operating. In the past few weeks accounts (not mine) but from a business asociate Linkedin, and allstate insurance who i just had paid premiums were hacked and a breach was tried on all of our devices. Amazingly windows based devices caught them. Apple I-Crap let them in. But we caught them before opening.

 

hacking at all levels i am afraid is the new everyday experience for anything from a gmail account to my personal website. Logs to governments, and just about everything in between for all of us. it will not end and needs to be dealt with by the providers, and otjers. For,the everyday guy buying Norton you are simply burning your money. In the past few months the uptick in hacking worldwide have shown what damage can be done. Most is coming from the eastern bloc. At least in our issues. Fingerprint id is now way worse than using a password for those that use that sort of crap logging in I would not recommend it unless you are a shut in. A retina scan my still be safe. For those experienced with that it can be a major pain in the butt.

A few months ago someone hacked into my computer and stole my credit card information. That theft was used to buy $23,000 worth of airline tickets. This person or group was so sophisticated that when the credit card company tried to notify me by phone that there was suspicious activity associated with my credit card the call was blocked.

 

When I brought my computer in to be cleaned the technician told me that my computer was loaded with malware. No matter how good your virus protection is it isn't a guarantee that these thieves can't break into your system and wreak havoc.

Link to comment
Share on other sites
GG Hall of Famer

GG

Posted
Posted

Script execution time is under 0.3 seconds and load under 1.

 

Hosting company said it was looked like I was under a DoS attack.

 

Didn't somebody earlier say that Buffalo Range sucked? Could be Rick's jihad?

Link to comment
Share on other sites
SDS Hall of Famer

SDS

Posted
  • Author
Posted

So, this is the garbage being requested incessantly at Sabrespace (100x per second):

 

219.157.129.213 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

74.86.102.229 - - [09/Jan/2015:14:21:56 -0500] "GET /feed/rss/ HTTP/1.0" 404 290 "-" "MagpieRSS/0.61 (+http://magpierss.sf.net)"

118.78.218.110 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=%C0F%1C2%E7F%16%A9%C9%AAb%FDb%85%85%BC%ED%92%D1%BB&peer_id=%2DSD0100%2Dp%C1%F2I%02%A3%DB%0A%1A%1E%ABC&ip=118.78.218.110&port=17187&uploaded=91226112&downloaded=91226112&left=252983681&numwant=200&key=15333&compact=1 HTTP/1.0" 404 299 "-" "Bittorrent"

122.96.31.12 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

61.158.152.181 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

61.158.152.130 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

61.158.152.143 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

123.139.51.131 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

74.86.102.229 - - [09/Jan/2015:14:21:56 -0500] "GET /feed/rss/ HTTP/1.0" 404 290 "-" "MagpieRSS/0.61 (+http://magpierss.sf.net)"

36.32.31.183 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=yf%1E%CF%BC%AF%AD%89%CA%05%9F%D4%F5%1CM%40%C4%98%BAC&peer_id=%2DSD0100%2D%5E%B2%247%CB%26Z%06%100p%CB&ip=10.152.1.67&port=13125&uploaded=989714984&downloaded=989714984&left=198705152&numwant=200&key=30474&compact=1 HTTP/1.0" 404 297 "-" "Bittorrent"

42.236.201.231 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

64.119.44.70 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

211.97.128.175 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

75.126.61.62 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=%9D%A6%85%8BB%A0%E0%AEsi%FFL%B9g%A1%5D%0D%A5%8F%A8&peer_id=%2DSD0100%2D%99%C5%F0C%D6%0B%16%5E%82%A7%7B%DA&ip=60.168.44.150&port=23205&uploaded=0&downloaded=0&left=1146984599&numwant=200&key=13618&compact=1 HTTP/1.0" 404 297 "-" "Bittorrent"

123.131.41.84 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=Ym%86%C4%8F3%CE%18%B1%94%16%87%B6Q%E8%A0N%B4Xx&peer_id=%2DSD0100%2D%93%C8%ED%8DG%C1%09c%5DR%1A%80&ip=123.131.41.84&port=12104&uploaded=700448768&downloaded=700448768&left=0&numwant=200&key=10763&compact=1 HTTP/1.0" 404 299 "-" "Bittorrent"

157.122.178.252 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

67.229.105.95 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

 

 

 

If anyone has any ideas - I'm all ears.

and no, I don't have any of these files and I was not hacked.

Link to comment
Share on other sites
Captain Caveman Veteran

Captain Caveman

Posted
Posted (edited)

So, this is the garbage being requested incessantly at Sabrespace (100x per second):

 

If anyone has any ideas - I'm all ears.

and no, I don't have any of these files and I was not hacked.

 

 

We had similar issues at work this week. Our DoS protection didn't kick in since it's all coming from different IPs. We ended up increasing the number of max connections and decreasing timeout values on our web servers so that each connection would not last as long. We had a few hours where we were seeing a ton of connections, but after that it's been slower (but still coming in.) Someone in our security team did some research and found others reporting similar issues, it looks like there are a few ISPs overseas who have some misconfigurations and are directing this BitTorrent traffic to incorrect IPs.
Good luck :)
Edit: We do business in China, so it wasn't feasible to block a broad section of Chinese IPs, I'm not sure if that would be an option for you. Found some more on it here: http://serverfault.com/questions/658433/mysterious-misdirected-traffic-how-can-i-find-out-what-dns-server-an-http-requ
Edited by Captain Caveman
Link to comment
Share on other sites
TAinLack. Veteran

TAinLack.

Posted
Posted (edited)

So, this is the garbage being requested incessantly at Sabrespace (100x per second):

 

219.157.129.213 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

74.86.102.229 - - [09/Jan/2015:14:21:56 -0500] "GET /feed/rss/ HTTP/1.0" 404 290 "-" "MagpieRSS/0.61 (+http://magpierss.sf.net)"

118.78.218.110 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=%C0F%1C2%E7F%16%A9%C9%AAb%FDb%85%85%BC%ED%92%D1%BB&peer_id=%2DSD0100%2Dp%C1%F2I%02%A3%DB%0A%1A%1E%ABC&ip=118.78.218.110&port=17187&uploaded=91226112&downloaded=91226112&left=252983681&numwant=200&key=15333&compact=1 HTTP/1.0" 404 299 "-" "Bittorrent"

122.96.31.12 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

61.158.152.181 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

61.158.152.130 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

61.158.152.143 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

123.139.51.131 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

74.86.102.229 - - [09/Jan/2015:14:21:56 -0500] "GET /feed/rss/ HTTP/1.0" 404 290 "-" "MagpieRSS/0.61 (+http://magpierss.sf.net)"

36.32.31.183 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=yf%1E%CF%BC%AF%AD%89%CA%05%9F%D4%F5%1CM%40%C4%98%BAC&peer_id=%2DSD0100%2D%5E%B2%247%CB%26Z%06%100p%CB&ip=10.152.1.67&port=13125&uploaded=989714984&downloaded=989714984&left=198705152&numwant=200&key=30474&compact=1 HTTP/1.0" 404 297 "-" "Bittorrent"

42.236.201.231 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

64.119.44.70 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

211.97.128.175 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03" 501 283 "-" "-"

75.126.61.62 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=%9D%A6%85%8BB%A0%E0%AEsi%FFL%B9g%A1%5D%0D%A5%8F%A8&peer_id=%2DSD0100%2D%99%C5%F0C%D6%0B%16%5E%82%A7%7B%DA&ip=60.168.44.150&port=23205&uploaded=0&downloaded=0&left=1146984599&numwant=200&key=13618&compact=1 HTTP/1.0" 404 297 "-" "Bittorrent"

123.131.41.84 - - [09/Jan/2015:14:21:56 -0500] "GET /announce?info_hash=Ym%86%C4%8F3%CE%18%B1%94%16%87%B6Q%E8%A0N%B4Xx&peer_id=%2DSD0100%2D%93%C8%ED%8DG%C1%09c%5DR%1A%80&ip=123.131.41.84&port=12104&uploaded=700448768&downloaded=700448768&left=0&numwant=200&key=10763&compact=1 HTTP/1.0" 404 299 "-" "Bittorrent"

157.122.178.252 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

67.229.105.95 - - [09/Jan/2015:14:21:56 -0500] "\x16\x03\x01" 501 284 "-" "-"

 

 

 

If anyone has any ideas - I'm all ears.

and no, I don't have any of these files and I was not hacked.

I not a computer expert but just seeing the word "Bittorrent" could be a gateway for trouble.

Edited by TAinLA
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...