It's holiday/DDoS season
If you're wondering why we don't just "do something" about it. We do. We pay a lot of money (right now about $3200 a month and growing) to help against DDoS attacks, but DDoS mitigation is a bit like that scene at the end of Batman Begins where Jim Gordon is talking to batman and he's talking about escalation. "We start carrying semi-automatics, they buy automatics. We start wearing kevlar, they buy armour piercing rounds. And you're wearing a mask...". You can buy a ridiculously expensive firewall that can scrub 20GB/s of malicious traffic on your upstream, then you'll just get attacked by a bigger botnet that attacks you with 50GB/s of malicious traffic. You buy a firewall that can handle 75GB/s, they attack you with 100GB/s. And so on and so forth. And each time it gets more and more expensive to combat against. And it can get really, really expensive after a certain point.
We and our hosts continue to react to the DDoS attacks as and when they happen. If they happen while I'm at my computer then I'm updating the Nexus Twitter account to let people know about the down-time and that we're aware of it. So if you like to be kept in the loop while the sites are down then you can follow us on Twitter. We don't really use that account for anything else right now so you won't get spammed about crap you don't care about!
While the techheads work to sort this out for all of us (and this DDoS is affecting thousands of sites, so we're not the only victims) please sit tight and be patient. At the end of the day, this is one person ruining it or all of us. Well, one person, and hundreds of thousands of computer illiterate people who haven't secured their PC's/routers/Internet of Things hardware against people using their hardware as botnets. So by all means, take this time to review your own system security!
49 comments
Comments locked
A moderator has closed this comment topic for the time beingFor the last three days or so, I haven't been able to access nexusmods.com. It fails with a "no data received" error. But there's no reports of it being down, and using "is it down" type sites it seems to be accessible. Just not for me.
I reinstalled Skyrim and redownloaded all my mods recently, so I'm paranoid I've been blocked for downloading ~15GB in a few hours.
I doubt that's actually the case, but if anyone's got a better idea of why I can't access the site, I'd be happy to hear it.
(and yes, using forums.nexusmods.com seems to work, even though I'd expect it to be a subpart of the same domain...)
edit: So today it allowed me to view a very slow, very broken version of the page, and I figured it might be the browser. I'm using chrome, firefox is similarly not working, but Edge (yes, windows 10) actually worked fine. Has no-one else had the same problem? I don't have problems with other websites using chrome.
Frankly, those people need to get their butts kicked. So hard they never forget the lesson: what you do on the internet is never truly anonomyous so you should treat it like you would real life.
Bet they didn't think that nexus could track them and if actual damages were caused (provable damages) Robin could sue to shirt right off that person's back, or their parents.
anyone in most third world countries can easily ddos the shite out of most websites and face no fear of getting caught due to poor internet surveillance and security. take hackers in India for instance, they never get caught, not because they are "exceptional" (they're not), but because the cyber security department of the country is complacent.
Rather it is just as likely that the hacker(s) responsible for our current inconvenience are from a third world country, as it is likely that they are from any developed nation.
Even trying to claim "But random keys" ignores how computers work and that psuedorandom data just adds an additional level of abstraction by having a random seed and a state array. (Pure memory dumps often create sparse data, which is "weak". In some cases, you can have very predicable patterns occur with memory dump randomization which allows an attacker to easily bypass security.)
BUT, it is even easier just to check for traffic data. You may only be requesting uplink, but you'll still generate far more traffic in a particular area at a specific time than is recorded as the norm. A person who moves around an area thinking he is smart is equally stupid given he likely moves in a circular pattern centric about his residence.
This means that if someone wants to know what you, in particular, are doing; nothing is going to stop that person.
Why doesn't this go to court? Because us American's are Computer Illiterates and don't understand any of this. Do you know how hard they had to fight just to get DNA evidence accepted in courts? Fingerprints? Let alone that we're acting like government spying is worse than corporate spying and these methods of destroying the illusion of anonymity would cause major issues.
I would also add that "Hactivism" doesn't exist. DDoS, in all forms, is for little kids. It is akin to standing outside your "target" and throwing eggs.
Can you cause financial damage? Yep.
Can you upset the people running the buisness? Yep.
Can you even get people to talk about it? Yep.
But will ANYONE give a crap about you, your goals, or even understand WHY you're doing it? Nope.
Even "real" hacking doesn't clean the term, given the government using hacking to find pedophiles is "bad" but a citizen wearing a mask and acting like a hooligan doing the same is "good."
Is spying right or wrong, make up your mind.
I think Ddos attacks and the like are a very good example of why it's bad to let your disenfranchised youth go completely without any direction or available social services. You have to have a moderate income to sustain a botnet. Even just a laptop will do, but it takes time and patience. Anybody willing to go through that level of work would be awesome if they had some direction and a job that needs solving. Find them. Put them to work. Inspire them. Give them a reason to wake up in the morning.
This generation of kids really needs what you just stated beyond anything that most realize !
Yes, that was a long-winded lecture.
The school system, at least here in the US, is a joke. I'm 27, and I don't remember it being particularly good when I was in it. I remember when I lived in Florida and went to a charter school, that was pretty good, challenging, then we had to move in 12th grade to Virginia. The school was extremely easy, I had to retake the state test and I felt like I was back in middle school. It was on the computer, and heck I was even able to find a way to cheat on it (not that I even needed to). My AP computer science class went from having actual lectures, projects, etc to being just "Here's this book, copy all the code from the book to the IDE and compile it." No lectures, no teaching, just busywork. I knew more than everyone (read: Two people) in that Virginia AP comp-sci class because the only thing they did was copy out of a book. No actual drive to learn the stuff, or expand.
The school system gives you no reason to actually want to go. Yeah some of the stuff you learn is interesting, but for the most part it's not. Most of the time you seem to get teachers who have too many students, not enough time to actually come up with compelling course material, etc. You literally have no other drive, short of whatever you come with, aside from getting grades and passing these stupid state tests.
Not really, preforming a DDoS (DoS if it's from a single PC) is extreme simple, once you know a little about batch files you can easily make one, I've made several (to help my minecraft server test for attacks). Other than that there's a simple 12 Kb program called LOIC in which you enter the URL or preferably the IP of the website you want to DoS, you can control the number of packets to send per second, weather you want replies to your packets and much more. A crude term for people who use LOIC and other programs is 'Script Kiddie' as in someone who does no hard work and uses scripts made by professional penetration testers or black/grey hats.
It's people like these guys who basically destroyed the name of hackers and hacking. I have respect for hacktivists but for blackhats who use their skill for the 'lulz' or to steal money etc. that's just wrong.
Their (so far) unidentified cowardice is something that will return to haunt not just their conscience but perhaps and hopefully their sleep or sharply on the highway's fast lane one day.
Know this that even somewhere in this digital world ..... YOU WILL make a serious and stupid mistake and be dealt with!
If you run across anyone elsewhere on the 'Net that claims they were banned from the Nexus network "for no reason", ask their handle and search that forum to see the "no reason".
No, they just download a dDoS program that uses other already-hacked computers to dDoS
The folks who "own" those botnets build them via malware. Some of them doubtless put a fair bit of time, money and effort into compromising thousands of non-secure PCs. Jerks (or sometimes even governments) pay them to take down certain sites.
Here's where you "donate" to Nexus to keep it healthy and running....: http://forums.nexusmods.com/index.php?/store/category/1-premium-membership/