1. 29
    Someone attacked our company security usefathom.com
  1.  

  2. 33

    This reads like a double barreled advertisement. For Fathom and for AWS Shield Advanced.

    John then identified a pattern in all the IP addresses. I’m sure I could share more details here but I’m reluctant to, so I’ll leave it to your imagination.

    This is typical of the whole article. What MIGHT be interesting information is omitted. The most detail given is a modest AWS bill.

    The only useful information was Fola’s highlighted sentence: “Attackers don’t have unlimited resources.” - that is a good thing to remember when things seem dire.

    I’m real meh oh this post.

    1. 8

      I read the entire article, and it never answered the question asked after the first paragraph:

      But why would someone do this?

      I realize there aren’t answers for many things in life, but if I had someone so determined attacking my company, I’d want to track them down and try to figure out what their motivation is. And now I’m curious. Why ask the question if you’re not going to even attempt to answer it?

      1. 22

        Sixteen years ago I was the target of an attack. Four days after posting that, I got an explanation from the attacker, which I was not expecting. For the attacker, it was just business as usual, as they were hired (most likely by a crime organization due to the nature of the sites that were attacked that I was hired to maintain).

        At first, I thought the attack described here might have something to do with the US elections, given the initial date, but elections were on the 3rd, not the 5th. But like my case, it’s probably just business as usual, either by some unethical competition, or a criminal organization for reasons related to their industry.

        1. 5

          This guy has been blogging since 1999. 👍

          1. 1

            That year, I got my first computer! LOL, I mean okay… I got introduced to computers at age 17, but still…

            UPDATE: This is pure Gold! Check this out:

            Since the server was Mark’s he felt it best for everybody on the server to move their sites elsewhere and take the server down (I now suspect it’ll never go back up).

            You got to love this old pet approach to server management.

      2. 5

        “ We are diving deep into machine learning in PHP and…”

        I’m sorry, what? Why PHP? Why not use Python and the bevy of ML tools already available? I mean, I get adding another language to the stack is not ideal but libraries like numpy are invaluable.

        1. 3

          This site was blocked by my DNS ad blocker. Is this advertising maybe?

          1. 5

            This site was blocked by my DNS ad blocker. Is this advertising maybe?

            Possibly because https://usefathom.com/ is an analytics company, and many analytics services are blocked by ad blockers? I’m not sure what domain list you’re using, but I’ve noticed the default list in uBlock Origin will sometimes block website analytics (even the privacy focused ones).

          2. 3

            As someone who (still) has an analytics product in beta, this is terrifying. spc476’s account doesn’t make me feel better.

            I’m glad Fathom got the attack under control. I’d like to learn more about mitigation techniques.

            1. 2

              Is this something worth contacting law enforcement about?

              1. 2

                My pihole blocks access to this site (standard blocklists + oisd.nl). Might not be kosher?

                Edit: ah, it’s an analytics company.

                1. 2

                  This points to an interesting reality that we’re going to see play out. As more small software service companies enter the ring and threaten bigger to reduce revenues of more established companies, there will be a monetary incentive for custom DoS attacks. Many of these software services provide management APIs, either for their dashboard or directly for their customers. You can create resources, read and delete resources in a poorly optimized system in a manner that could bring the whole thing down. And depending on how many people are dependent on that system, the damage you can cause could be widespread.

                  A bit cynical, but opportunities to make money are seldom ignored.

                  1. 2

                    They subjected us to multiple, malicious, targeted >DDoS (Distributed Denial-of-Service)

                    As opposed to the benign, sprinkled here-and-there variety.

                    1. 2

                      To be honest, if we ran a poll on how many people here have DDoSed their ownservers, services, databases or similar, I can guarantee you the result is above zero. I can’t guarantee of its above 1, but I suspect it might be true.

                      But you’re right, parts of that sentence only serve to raise the drama effect.

                      1. 2

                        Oh yes, certainly. I’d bet it’s over 1 by a bit. It’s basically just a form of load testing. That’s definitely still targeted though haha! I suppose a non-targeted variety could be some kid got his hands on a LOIC and decided to just DDoS some random person. Also it could also maybe be considered apathetic or nihilistic rather than malicious in that case.