|
Forums
|
|
Sonic Wallpaper
Joined: 05/22/01
Location: San Diego, CA
Posts: 1266
|
|
Frequent attacks from China - now blocked
Wednesday, July 28, 2010 at 11:10 AM
|
Quote
Top Bottom
|
Greetings all,
I have both some good news and some bad news...
The good news, is that the daily attacks we were experiencing the last few months are now over.
Why the attacks were happening is beyond me. We're a positive place on the Web, everyone is treated with respect, artists are our number one priority, and I don't believe we or I have done anything that would cause the attacks to happen.
What were the attacks? This is one of the puzzling parts of the story, the attacks all request the same song, usually sending several requests per second across many IP address' from different ISPs, but always from China. Over the period of time that I was monitoring this, I found they only changed what song they requested 3 times, and even if the song being requested was not available on the site, they would still request the song.
Ok - now the bad news - the only way to put an end to these attacks was to block the whole country of China. Yes, you read that right - if you are in China, ALL the music on ArtistServer is not accessible. So if you were big in China, I'm sorry, but your fans there will no longer be able to access your music. They can hit your artist page, but all music is blocked for them.
I don't expect to remove this block, as I have seen these attacks several times over the years, and every single time it has happened... the traffic was from China.
If you are an ArtistServer user in China, please contact me, if you have a static IP address, I can add it to a 'whitelist' to give you access to the music again.
|
|
|
Subtronik
Joined: 01/14/03
Posts: 1193
|
|
RE: Frequent attacks from China - now blocked
Monday, August 2, 2010 at 7:01 PM
|
Quote
Top Bottom
|
Good job Gid, it really is the only permanent solution.
|
|
|
Sonic Wallpaper
Joined: 05/22/01
Location: San Diego, CA
Posts: 1266
|
|
RE: Frequent attacks from China - now blocked
Monday, August 2, 2010 at 7:08 PM
|
Quote
Top Bottom
|
Thanks man - and thank you for catching a few of the attacks and letting me know  
|
|
|
just john
Joined: 09/27/01
Location: Poughkeepsie
Posts: 110
|
|
RE: Frequent attacks from China - now blocked
Monday, August 2, 2010 at 7:34 PM
|
Quote
Top Bottom
|
Sonic Wallpaper wrote:
What were the attacks? This is one of the puzzling parts of the story, the attacks all request the same song, usually sending several requests per second across many IP address' from different ISPs, but always from China. Over the period of time that I was monitoring this, I found they only changed what song they requested 3 times, and even if the song being requested was not available on the site, they would still request the song.
Hey! That's what I was talking about, here: Anyone noticed increased Stats lately?
Thursday, January 7, 2010 at 2:55 PM ( http://forums.artistserver.com/messages.cfm?threadid=E5BD2455-1143-DBB3-C64ED56D5F264011&page=1 ) Golly, a way to link to specific posts would be nice. Maybe it's there already and I've missed it?
Update to that situation: A couple months ago, I made a Drupal page that accessed www.fbi.gov within an iframe and pointed that URL to it. I took that down a couple weeks ago (kinda worried about bugging the feds,) and now my system logs tell me that I have exactly two bursts, each three times, against the URL.
That's a lot better than five hundred in a row, a couple every second.
But another point: The attackers weren't all in China.
|
|
|
Sonic Wallpaper
Joined: 05/22/01
Location: San Diego, CA
Posts: 1266
|
|
RE: Frequent attacks from China - now blocked
Monday, August 2, 2010 at 10:21 PM
|
Quote
Top Bottom
|
>>>Hey! That's what I was talking about, here:
The traffic I blocked was only for 3 songs on the site by 3 different artists.
A good part of the traffic that generated the stats that are discussed in that thread you linked to was from an Android mp3 app. In that case, I could see something was odd or wrong with the app - in the logs, I would see between 2-5 songs being downloaded at the same time from the same IP (all requests sent the same second). As that app got popular, it began to lock up my servers.
>>>Golly, a way to link to specific posts would be nice. Maybe it's there already and I've missed it?
I'll add that to a todo list.
>>>and now my system logs tell me that I have exactly two bursts, each three times, against the URL.
I didn't understand this part of your post. Does this mean people were attempting to get to the fbi.gov domain and IPs by hitting your page via 2 sessions with 3 hits each?
>>>But another point: The attackers weren't all in China.
We were very fortunate here at ArtistServer, if the number of IPs that were used were distributed across the world, we would still be getting attacked.
|
|
|
leedgyn
Joined: 08/03/10
Posts: 3
|
|
RE: Frequent attacks from China - now blocked
Tuesday, September 28, 2010 at 9:56 PM
|
Quote
Top Bottom
|
Hi Gideon,
i am an Artistserver fan from China. i got addicted with Artistserver...But i cannot access your site from this summer. Today i googled the reason and found your post here:
http://forums.artistserver.com/messages.cfm?threadid=1A3FFFF5-1143-DBB3-C68B4BD96AFD6778
That's terrible to me, really!
and the most unfortunate thing is that i dont have a static IP(ISP's problem)...
I guess that the real source of there attacks againts ArtistServer are not from China but somewhere else...Because:
1. there are few people in China know ArtistServer cuz the music style is not popular here...
2. there are a lot of attacks from China cuz the computers here always be hacked...
Of course, this is just an assumption but the two points above are TRUE! I swear!
So could you please try to find the REAL SOURCE of these attacks? I know this request is very unpolite but I realy cannot help listening tracks here!
Please help me...thanks a lot!
Expecting your reply...
Best regards,
Leedgyn(leedgyn@gmail.com)
|
|
|
Sonic Wallpaper
Joined: 05/22/01
Location: San Diego, CA
Posts: 1266
|
|
RE: Frequent attacks from China - now blocked
Wednesday, September 29, 2010 at 1:26 AM
|
Quote
Top Bottom
|
Hi Leedgyn,
Sorry to hear about your situation. In regards to your request, "So could you please try to find the REAL SOURCE of these attacks" - All I know is that all the attacking traffic came from China. If it originated from somewhere before that, for example, a hacker running a botnet, there isn't a way for me to know. The solution I applied has worked, we no longer have the attacks. I'm sorry I can't provide any other solutions. Possibly in the future I'll raise the block to see if the attacks are still happening.
|
|
|
leedgyn
Joined: 08/03/10
Posts: 3
|
|
RE: Frequent attacks from China - now blocked
Wednesday, September 29, 2010 at 8:38 PM
|
Quote
Top Bottom
|
Hi Gideon,
Thanks all the same. Maybe the only way for me is using proxy/vpn... 
|
|
|
|
|
