March 28, 2008
Security watchdog site CastleCops is currently under yet another distributed denial-of-service (DDOS) attack. The anti-spam, anti-malware site manned by volunteers has been under siege from waves of botnet traffic since Wednesday.
CastleCops is no stranger to DDOS attacks -- it gets hit regularly, with its most recent attack back in August -- but this one took a different spin on an old trick.
"Typically, attacks involve some sort of HTTP GET, but this one seems to include a POST instead," says Paul Laudanski, founder and administrator for the CastleCops site, who says he first detected the attack on Wednesday morning after noticing some performance problems with the site.
He initially witnessed a rise in the server load and a pattern in the server logs that indicated a DDOS, he says.
The attack hasn’t taken down the site, but is causing occasional connectivity problems for visitors. "It appears we’ve attracted some fresh bots, too," Laudanski says.
"Apache has been saturated a few times already, necessitating manual httpd restarts, while ensuring bots are filtered," he says.
CastleCops, like other anti-spam and anti-cybercrime sites including Spamhaus, has been an obvious target for disgruntled bad guys due to its community-based efforts to investigate malware and phishing attacks, as well as its collaboration with other researchers and law enforcement.
"I think the question is: When isn’t CastleCops under DDOS attack? They are constantly being hit," says Alex Eckelberry, CEO of Sunbelt Software .
To mitigate the DDOS attack, CastleCops has been filtering traffic based on the attack fingerprint, according to Laudanski, and posting the offending IP addresses, which has kept the attack from crippling the site. And one member of the CastleCops community noted on the site's message board that the attack indicates that CastleCops has struck a nerve with the dark side.
"We have been rattling a lot of cages lately and to me, this DDOS shows we are on the right track," writes "Ernstl."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks