Attack Of The Bots

May 14, 2013

All Posts, News

The Aging Rebel was offline for about eight hours yesterday due to what was described at the time as “an extremely advanced botnet attack that is targeting WordPress logins. The nature and rate of the attacks make it hard to block, and it can cause host servers to run out of available resources rather quickly.”

It was the third major botnet attack in the last two months and the attacks are probably related. A “botnet” is a malicious network of thousands of “zombie” computers with thousands of separate Internet Protocol, or IP, addresses. Briefly stated, botnets overpower their targets by demanding that the target computer respond to more internet requests than the target can handle.

An attack in the middle of March was aimed at a service called Spamhaus and was probably initiated by spammers in Russia. Spamhaus identifies the IP addresses of known spammers.

An attack on April 15 specifically targeted WordPress sites. WordPress is a content management program that is used by about 16 percent of all websites including UPS, eBay, the New York Times and The Aging Rebel. The April attack was conducted by a botnet comprising about 90,000 computers. In April there was widespread speculation that the botnet used in that attack was intended to find vulnerabilities that would allow the assembly of an even larger botnet.

That larger and improved botnet seems to be what caused yesterday’s shutdown.



, ,

11 Responses to “Attack Of The Bots”

  1. stroker Says:

    Ya don’t think our gubmint had anything to do with it do ya?

  2. Phuquehed Says:

    It means too that all those ‘bot’ computers are people around the planet that have infected systems. That usually means people who haven’t kept up with their anti-virus/spam/trojan/shitware/etc, often because it means they have to think a little bit and might actually have to do something other than what they *want* to do at the time, or simply don’t care and are too fucking stupid to actually deserve using a computer in the first place.

    The number one culprit for needing and *having* to have anti-(you-name-it-ware)…fucking Microsoft OS.

    Another bitch about it is, that the servers that get hit are more than likely M$ servers and the rest of us who *don’t* use that crapware M$ also have to suffer since the server is down and can’t ‘serve’ to *anyone*.

    All this doesn’t mean it’s Rebel’s fault…his site is ‘served’ and we all have to go through that ‘server’ to get to it, so it wasn’t anything to do with the way Rebel has anything setup…he was as much a victim as the rest of us were…he probably couldn’t even do anything with his site either and had to wait until the attack was over also.

    By the way…that shit-stain Bill Gates not only keeps pushing M$ on the world, he’s also the leading proponent pushing our government to let in *more* immigrants to work IT instead of using our own citizens fresh out of American schools.

  3. Dirty Dingus McGee Says:

    Glad to hear it wasn’t the “black helicopter bunch” that shut down the site. Al tho friggin spammers can be just as bad.

    *removes tin foil hat*

  4. Matt Says:

    “Glad to hear it wasn’t the “black helicopter bunch” that shut down the site. Al tho friggin spammers can be just as bad.

    *removes tin foil hat*”

    A few weeks ago a site called silkroad which is an underground marketplace the dea wants shut down was hit with a similar attack. I wouldn’t remove that tinfoil hat just yet. Between the IRS, the AP, and Angelina Jolie chopping her tits off I’m ready to head for the hills.

  5. Nihilist Says:

    Matt, I can personally tell you that the hills are getting more & more crowded. “Why, just the other day I thought I saw a church steeple.” Seems I can’t get far enough away from people; I’ve had five homes in five years go up near me…

  6. Rashomon Says:

    There are a lot of these DDOS attacks now days. If you feel that way disposed, you can have an attack launched on your least favorite website for as little as $25 an hour. The biggest problem is that while these attacks are taking place and the web master or whoever is trying to block them, the sneaky little fuckers launch what they call “low and slow” attacks which are the ones that cause the damage / steal whatever you have worth stealing.

    Heading for the hills looks like a real good solution most days.

  7. RLG Says:

    Finally, a subject on this blog I know something about!

    The bot net is being used for a distributed dictionary attack against Word Press blog log-ins. The bot net is controlled by kids in Eastern Europe and the supporting servers are in China. Fucking Chinese are horrible network citizens. Anyway, Word Press is almost always run on top of the Apache/nginx web server and the Linux operating system.

    The goal of these attacks is to get access to the blog admin account control panel and add some new file includes to the PHP/HTML source code of the blog header template. This header template is displayed on almost every blog page. Once the code has been injected, when a user loads the blog, they are redirected to a server (in China) that is hosting a virus that will infect certain windows PCs using Internet Explorer INSTANTLY with no action taken by the user. Now the web surfer’s PC is infected. The virus secures the PC so no new/rival virus will take over. Then it starts scanning for new WP blogs to do a dictionary attack against.

    Relatively speaking, this is big money for the kids:
    “The Scrap Value of a Hacked PC”

    There is zero percent chance that attacking Word Press blog in this way will lead to full control of the web server, or installation of system software on the server.

    If the government wanted to get access to Rebel’s computer accounts, they would first try to ‘spear fish’ him into giving up his passwords. If that fails they would break into his home and office and install hidden cameras to record his keystrokes he types on his computers. This is what phoebe has done in the past. These brute force attacks are very noisy in the system logs and draw a lot of attention.

  8. RLG Says:

    @Rashomon DDoS is distributed denial of service attack and you are correct, this is a common use of bot nets. But what happened to Rebel’s blog is different in that they were trying to guess his password. It requires a bot net with different addresses or the web host could just block the one attacking IP address.

  9. BadMagic Says:

    I agree with Phuquehed’s disdain of M$ software.

    I’ve been M$ free for more than a decade.

    If anyone would like to try an alternative, I highly recommend OpenSuSE. If you can download an .iso image and burn it to CD or DVD, check out You can download a ‘live’ CD/DVD that will boot the OS/desktop without touching your Harddrive (read: won’t change your computer at all). It ~should~ boot up to a desktop that will be familiar enough to you to use right off the get go. Go to the lower left corner and click the button that you would normally call the ‘Start’ button. Firefox is still Firefox. Dolphin looks just like Exploder. etc.

    For future reference, if you get used to using open source software like Libre Office ( and Firefox (, they will be the same program regardless of the OS/desktop behind it.


  10. Tooj Says:

    TOR. say no more

Leave a Reply