Latest Announcemnent
New thread

Knowinservers's DDOSing our server. Help needed.

Status
Not open for further replies.
A

Aquickhost

Active Member
810
2011
6
0
Hi WJ members,

Knowinserver's ips/ ie them or their clients are DDOsing our server currently.
Its been about an hour.

Proof:

proof.png


21:00:33.401770 IP 77.79.9.36.http > 174.97.31.72.63593: Flags [.], seq 159140:160600, ack 1, win 7048, length 1460 21:00:33.401876 IP 178.162.227.218 > 77.79.6.166: ip-proto-254 21:00:33.401939 IP 85.17.26.20 > 77.79.6.166: ip-proto-179 21:00:33.401943 IP 85.17.26.20 > 77.79.6.166: visa 21:00:33.401949 IP 85.17.26.20 > 77.79.6.166: ip-proto-179 21:00:33.401992 IP 178.162.175.106 > 77.79.6.166: ip-proto-152 21:00:33.402184 IP 178.162.175.106 > 77.79.6.166: ip-proto-152 21:00:33.402195 IP 178.162.175.106 > 77.79.6.166: ip-proto-152 21:00:33.402196 IP 178.162.175.106 > 77.79.6.166: ip-proto-152 21:00:33.402342 IP 85.17.26.20 > 77.79.6.166: ip-proto-196 21:00:33.402425 IP 178.162.227.218 > 77.79.6.166: tcp 21:00:33.402429 IP 178.162.175.106 > 77.79.6.166: ip-proto-153 21:00:33.402431 IP 178.162.227.218 > 77.79.6.166: igmp 21:00:33.402524 IP 85.17.26.20 > 77.79.6.166: ip-proto-196 21:00:33.402618 IP 178.162.175.106 > 77.79.6.166: ip-proto-155 21:00:33.402622 IP 178.162.175.106 > 77.79.6.166: ip-proto-170 21:00:33.402624 IP 178.162.227.218 > 77.79.6.166: igmp 21:00:33.402657 IP 77.79.12.31.http > 87.51.246.29.49535: Flags [.], seq 164980:166440, ack 1, win 7029, length 1460 21:00:33.402703 IP 77.79.9.36.http > 188.56.57.11.54431: Flags [.], seq 424860:426320, ack 1, win 61, length 1460 21:00:33.402780 IP 85.17.26.20 > 77.79.6.166: ip-proto-211 21:00:33.402785 IP 46.182.123.188 > 77.79.6.166: ip-proto-208 21:00:33.402817 IP 178.162.227.218 > 77.79.6.166: ipencap 21:00:33.402821 IP 178.162.175.106 > 77.79.6.166: ip-proto-171 21:00:33.402849 IP 85.17.26.20 > 77.79.6.166: ip-proto-211 21:00:33.402889 IP 77.79.9.36.http > 188.56.57.11.54431: Flags [.], seq 426320:427780, ack 1, win 61, length 1460 21:00:33.402899 IP 77.79.9.36.http > 188.56.57.11.54431: Flags [.], seq 427780:429240, ack 1, win 61, length 1460 21:00:33.402991 IP 178.162.234.249 > 77.79.6.166: ip-proto-149 21:00:33.403184 IP 178.162.227.218 > 77.79.6.166: st 21:00:33.403189 IP 178.162.175.106 > 77.79.6.166: ip-proto-159 21:00:33.403204 IP 178.162.175.106 > 77.79.6.166: ip-proto-159 21:00:33.403271 IP 85.17.26.20 > 77.79.6.166: ip-proto-195 21:00:33.403274 IP 85.17.26.20 > 77.79.6.166: ip-proto-211 21:00:33.403308 IP 77.79.11.38.http > 78.131.31.122.50027: Flags [.], seq 136800:138240, ack 1, win 15174, length 1440 21:00:33.403357 IP 77.79.11.38.http > 78.131.31.122.50027: Flags [.], seq 138240:139680, ack 1, win 15174, length 1440 21:00:33.403377 IP 178.162.227.218 > 77.79.6.166: cbt 21:00:33.403412 IP 77.79.11.38.http > 78.131.31.122.50027: Flags [.], seq 139680:141120, ack 1, win 15174, length 1440 21:00:33.403463 IP 178.162.234.249 > 77.79.6.166: ip-proto-149 21:00:33.403512 IP 85.17.26.20 > 77.79.6.166: vines 21:00:33.403515 IP 85.17.26.20 > 77.79.6.166: vines 21:00:33.403517 IP 77.79.11.38.http > 78.131.31.122.50017: Flags [.], seq 133920:135360, ack 1, win 15210, length 1440 21:00:33.403565 IP 178.162.227.218 > 77.79.6.166: egp 21:00:33.403570 IP 178.162.227.218 > 77.79.6.166: egp 21:00:33.403624 IP 77.79.11.38.http > 78.131.31.122.50017: Flags [P.], seq 135360:136800, ack 1, win 15210, length 1440 21:00:33.403869 IP 77.79.12.31.http > 213.195.215.190.28049: Flags [.], seq 319740:321200, ack 1, win 115, length 1460 21:00:33.403891 IP 85.17.26.20 > 77.79.6.166: vines 21:00:33.403892 IP 85.17.26.20 > 77.79.6.166: visa 1480 21:00:33.403952 IP 178.162.175.106 > 77.79.6.166: ip-proto-178 21:00:33.403959 IP 178.162.175.106 > 77.79.6.166: ip-proto-166 1480 21:00:33.404030 IP 178.162.227.218 > 77.79.6.166: pup 21:00:33.404126 IP 46.182.123.188 > 77.79.6.166: pnni 21:00:33.404131 IP 178.162.175.106 > 77.79.6.166: ip-proto-179 21:00:33.404133 IP 178.162.175.106 > 77.79.6.166: ip-proto-166 21:00:33.404337 IP 46.182.123.188 > 77.79.6.166: ip-proto-207 21:00:33.404388 IP 178.162.227.218 > 77.79.6.166: pup 21:00:33.404389 IP 178.162.227.218 > 77.79.6.166: nvp 21:00:33.404391 IP 178.162.227.218 > 77.79.6.166: nvp 21:00:33.404438 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 416100:417560, ack 1, win 7014, length 1460 21:00:33.404443 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 417560:419020, ack 1, win 7014, length 1460 21:00:33.404544 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 419020:420480, ack 1, win 7014, length 1460 21:00:33.404595 IP 46.182.123.188 > 77.79.6.166: ip-proto-234 21:00:33.404600 IP 46.182.123.188 > 77.79.6.166: ip-proto-234 21:00:33.404601 IP 46.182.123.188 > 77.79.6.166: ip-proto-207 21:00:33.404603 IP 46.182.123.188 > 77.79.6.166: ip-proto-234 21:00:33.404604 IP 46.182.123.188 > 77.79.6.166: ip-proto-207 21:00:33.404653 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 420480:421940, ack 1, win 7014, length 1460 21:00:33.404726 IP 178.162.234.58 > 77.79.6.166: udp 21:00:33.404762 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 421940:423400, ack 1, win 7014, length 1460 21:00:33.404789 IP 46.182.123.188 > 77.79.6.166: ip-proto-207 21:00:33.404792 IP 46.182.123.188 > 77.79.6.166: ip-proto-221 21:00:33.404795 IP 46.182.123.188 > 77.79.6.166: ip-proto-234 21:00:33.404873 IP 77.79.9.36.http > 68.224.254.16.58436: Flags [.], seq 423400:423565, ack 1, win 7014, length 165 21:00:33.404888 IP 77.79.9.36.http > 92.90.17.5.53043: Flags [.], seq 1:1461, ack 814, win 59, length 1460 21:00:33.404984 IP 85.17.26.20 > 77.79.6.166: ip-proto-210 21:00:33.404998 IP 41.155.90.9.b2n > 77.79.10.71.10022: UDP, length 1 21:00:33.404998 IP 77.79.9.36.http > 92.90.17.5.53043: Flags [.], seq 1461:2921, ack 814, win 59, length 1460 21:00:33.405025 IP 178.162.227.218 > 77.79.6.166: chaos 21:00:33.405028 IP 178.162.227.218 > 77.79.6.166: chaos 21:00:33.405085 IP 77.79.12.31.http > 213.195.215.190.28049: Flags [.], seq 321200:322660, ack 1, win 115, length 1460 21:00:33.405146 IP 85.17.26.20 > 77.79.6.166: ip-proto-210 21:00:33.405300 IP 178.162.175.106 > 77.79.6.166: ip-proto-175 21:00:33.405312 IP 178.162.175.106 > 77.79.6.166: ip-proto-194 21:00:33.405339 IP 178.162.234.249 > 77.79.6.166: ip-proto-156 21:00:33.405341 IP 85.17.26.20 > 77.79.6.166: ip-proto-210 21:00:33.405494 IP 178.162.234.171 > 77.79.6.166: udp 21:00:33.405511 IP 178.162.175.106 > 77.79.6.166: ip-proto-175 21:00:33.405532 IP 46.182.123.188 > 77.79.6.166: pim 21:00:33.405552 IP 178.162.234.171 > 77.79.6.166: udp

and the list goes on and on.....

adding more info soon .
 
Last edited:
52 comments
Zzzzz that's why my site was having trouble loading ( Hosted on knowinservers vps ) ... Someone is fucking up the server with his ddos . Anyway it seems to be ok now :::

P.s : Why you opened 2 same topics ???
 
IP: 178.162.175.106
178.162.227.218
178.162.234.249
belongs to us, I have blocked it.
If you find any more IPs, Please report it to us and i will get them blocked.

Thank you
 
Last edited:
try to protect yourself, instead of going public. if you open thread like this, it will affect your company's reputation and people will think that you are not capable of blocking DDoS
 
Knowinservers (and other hosts) should KEEP their software UPDATED!

There is a vulnerability in old versions of apache that allows remote code execution.
 
Aquickhost said:
The full log.txt has more ips, and that isnt all knowins's ones.
Click to expand...

Exactly,
Some are ours some are not.
I have blocked the ones which belonged to me.
But well, You could have done it via MSN as well.
There was no need for such drama thread, and you may change the Thread title as well.


Thank you
 
.:KnowinGlenn:. said:
Exactly,
Some are ours some are not.
I have blocked the ones which belonged to me.
But well, You could have done it via MSN as well.
There was no need for such drama thread, and you may change the Thread title as well.


Thank you
Click to expand...
IF you think this is drama, that is you problem,

Don't call serious things as dramas please.

Thank you.
 
but Aquickhost, sorry i'm not with Knowinservers nor i'm supporting him, but your thread title says "KnowinServers DDoSing us" which means the owners of KnowinServers DDoSing your site! if you really want to keep this thread away! you should change the title atleast! because the title is wrong you can edit it to "KS Users DDoSing my Site" or any different title instead :)
 
CyberAff said:
but Aquickhost, sorry i'm not with Knowinservers nor i'm supporting him, but your thread title says "KnowinServers DDoSing us" which means the owners of KnowinServers DDoSing your site! if you really want to keep this thread away! you should change the title atleast! because the title is wrong you can edit it to "KS Users DDoSing my Site" or any different title instead :)
Click to expand...

It is not knowinservers neither their users. Its a script kiddie using a vulnerability found in outdated apache servers (like the ones knowinservers is using).
 
CyberAff said:
but Aquickhost, sorry i'm not with Knowinservers nor i'm supporting him, but your thread title says "KnowinServers DDoSing us" which means the owners of KnowinServers DDoSing your site! if you really want to keep this thread away! you should change the title atleast! because the title is wrong you can edit it to "KS Users DDoSing my Site" or any different title instead :)
Click to expand...

Yeah, It's not only KS. You said that.
 
all ips are knowinserers coming from leasweb,rapidspeed and netdirekt.Some ips are not in knowinserver range,all ip belong to them check rdns

its not first time,they ddos my old host all times FUCKERS DIE.Old host want sueing them problem is knowinserver is only virtual company with fake info,no real office or address
 
Status
Not open for further replies.
Back
Top