[PSA/Article] The Markets Are being Hit With a "Ransom DDos"

Flooding requests to dynamic URLS such as captchas and asking them to pay Ransom:

http://www.deepdotweb.com/wp-content/uploads/2015/05/screenshot.png

The Admin of TheRealDeal market provided some information about the attack:

http://www.deepdotweb.com/2015/05/11/this-is-the-ransom-ddos-that-is-hitting-the-dark-net-markets/

Sorry for the annoying Cloudflare but the attacker did not like the fact i posted this and is attacking me, and i have no plans to waste my time on petty attacks


Comments


[13 Points] None:

Seems like a good strategy would be to wait until someone else is DDOSing the market, then flood it with simple GETs requesting ransom. Let someone else do the hard work and then you just collect.


[7 Points] Chroncentrates:

Kinda makes me want to start vending on TRD. Admin's seem legit.. and the fact that they are offering advice to other markets makes me believe in their integrity/lack of greed. Good on ya TRD!


[6 Points] Jay-__:

Lol @ screenshot. 'Proxy1, Proxy2' up to 'Proxy 7'.

Damn! That dude is behind 7 proxies! ;)

Edit: spelling yet again.


[3 Points] DankNetMarkets:

Agora admin - Please contact TRD admin ASAP, thanks!


[2 Points] TotesMessenger:

This thread has been linked to from another place on reddit.

If you follow any of the above links, respect the rules of reddit and don't vote. (Info / Contact)


[4 Points] dfdfdkkgk888383u:

You realize most of us are behind tor and you got shitty cloudflare blocking your site?

Markets need to do what BMR did and cycle addresses, they had a clearnet link you could go to to get a new address, the botnets couldnt keep up.

Also this isnt affected BB, which despite all the bullshit remains the only market that has managed to keep its shit together.


[2 Points] sharpshooter789:

This actually looks like a competent admin.


[2 Points] IAmA_singularity:

Put a reverse proxy in front of it and filter out those requests


[2 Points] deepdot:

Another request used for to attack them today, without ransom:

127.0.0.1 - - [11/May/2015:] "PUT / HTTP/1.1" 403 485 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" 


[1 Points] NOT_TeaganLeMaster:

Isn't it more difficult to launch a DDOS through Tor. I mean are there botnets and stuff that can reach deep web content? Or is DDOS done with specific hardware and network setups nowadays or something that can be configured in one go to reach it. Wouldn't it take a lot more effort and resources and wouldn't the culprits be a lot more identifiable--not through their traffic I guess as it's tor, but through their capability.

Edit: Don't worry, not thinking of breaking into the business ;P I'm just trying to get a sense of who can launch this. Is it more likely to be a single blackhat schmoe somewhere or a nefarious group or institution or... something bigger. ...I've always heard the IRS doesn't fuck around. Maybe they are coming in for their cut one way or the other, hah.


[1 Points] tpsmc:

That would be pretty easy to block in the firewall. Its not like they are requesting a new payment address with each get request.


[1 Points] TYPICALKNOWITALL:

Are the culprits of these outages ddos attacks? Does the government ever ddos?


[-7 Points] dfdfdkkgk888383u:

As opposed to cleanet attacks, where mitigation steps could be taken by simply blocking the offending IP addresses,when it comes to tor, the requests are coming from the localhost (127.0.0.1) IP address as everything is tunneled through tor.

Dude youre running a market and you cant even put together how to stop this? Give each person a unique onion that they have to apply for, that removes the target that is your address, then get rid of shitty captchas and make it 2-fa login only, that removes the openside of your site. What are they going to go after then? Or is your plan like every other dipshit admin running these house of cards to wait around until a mouse blows it over?

edit scratch that, if everyone had their own unique onion that came with their account application then the attackers would have nothing left to attack, you wouldnt even need captchas.