Incident: DDoS Attack on 2024-05-24

As ever, I’m totally in awe of, and grateful for all you do for us. Thanks VB

Our hero in Heraklion

And everywhere else

Cheers boss

Damn I saw the site didn’t load and tried a couple times, came back the next day. Well done for all your hard work.

got paid so banged an extra 10 into the pot on top of the usual monthly.
🙏

Still looking into things, it appears that just prior to the attack that this was used https://github.com/robertdavidgraham/masscan and that we had been scanned multiple times. Additionally two waves of PHP style attacks were seen just before the DDoS.

I cannot tell if these are linked, the IP ranges do overlap... but then, they are AWS IPs so I cannot rely on that as correlation, this will work pretty well as most people don't modify code they get from the internet and the signatures of generators are usually static for the life of the library that they use.

I cannot prove either of the above were used by the attackers, but hey... extra hardening of the server defences is no bad thing.

The defences I've put in place to ensure only known URIs are accepted will mitigate the PHP style attacks in their entirety (even though we were not vulnerable to them anyway), and I've added the signature for the masscanner to the list of blocked things.