Concerted attack on ex-JW websites

by RayPublisher 87 Replies latest members private

  • Londo111
    Londo111

    They can't take down Youtube, that's for sure.

  • dazed but not confused
    dazed but not confused

    Are (we) individual users at risk? I don’t know much about it but hacking fascinates me.

  • brinjen
    brinjen

    Are these attacks specifically directed at Ex-JW sites or are others also being hacked? As mentioned before, WordPress is known for it's vulnerabilities... hacking/hijacking etc is a global problem.

  • Simon
    Simon

    Specifc attacks are unlikely, what is more common is that a vulnerability is discovered and someone writes a bot to expliot it and if you are running the affected software you suddely get a spike of "attacks" ... but they are not targetted other than at the software being used.

    If someone runs a lot of sites on the same software and especially at the same network IP addresses (e.g. the same server) then it's easy to believe that it's some specific coordinated attack but it usually is not.

    Software needs to be kept constantly updated and servers patched to protect against the constant background level of bots that probe all websites.

  • Simon
    Simon

    Oh, and the hard-to-read text that you have the enter on here prevents exactly this 'bute force' style of password attack. It's called "CAPTCHA" which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It also helps digitize old books as real humans enter the hard-to-OCR entries.

  • brinjen
    brinjen
    Specifc attacks are unlikely, what is more common is that a vulnerability is discovered and someone writes a bot to expliot it and if you are running the affected software you suddely get a spike of "attacks" ... but they are not targetted other than at the software being used.

    Exactly.

  • Juan Viejo2
    Juan Viejo2

    Simon, good pointo about Captcha. I have used Captcha on several of my websites in the past and some of them are effective and others are not. After this round of attacks I'll be reinstalling Captcha on most of my websites again. But you'd be surprised at how many spammers still got past them. I've heard that in Asia there are big factory type installations where human beings actually are paid to sit and enter Captcha codes so that spammy stuff can get through. There is only so much that we can do. But no question, Simon, you've done an excellent job on JWN.

    JV

  • brinjen
    brinjen

    One site I recommend. Been highly useful for my situation...

    http://www.stopforumspam.com/

  • adamah
    adamah

    Simon said-

    If someone runs a lot of sites on the same software and especially at the same network IP addresses (e.g. the same server) then it's easy to believe that it's some specific coordinated attack but it usually is not.

    Yup, I'm guessing a 12 y.o. precocious script-kiddy in Estonia is home from school sick and was lookng for vulnerable sites, and it's not a coordinated attack from Bethel's IT goons trying to take out apostates "who are getting under their skin", LOL! (as if...)

    Adam

  • Juan Viejo2
    Juan Viejo2

    adamah,

    Most of these sites are on different servers and different hosts. Some have redirected domain names from one host to another. JWSurvey, Freeminds, and JWStruggle have nothing in common with each other and yet they are all being hit in one way or another. Even on a good day, we all get a fair amount of traffic from Watchtower locations in Brooklyn, Patterson, and Warwick. Some of those may just be bored Bethelites. Some are clearly identifiable as belonging to the WT Society.

    The problem is that you can never tell by the IP addresses, email addresses, or usernames who these people are. And remember that many professional spammer/attackers have a broad network of "captured" computers that act as "bots" - so one professional spammer can hit a couple of keys and instantly set of his own denial of service attack that can bring down NYSE and Bank of America. Anyone with a couple thousand dollars or euros can buy their services for a day or two to bring down sites they don't like. Scientology is well known for setting up these kinds of attacks. My guess is that the Watchtower borrows ideas from them to do some of their dirty work.

    But the bottom line is that you really never know. Reporting this to the police? Local police do not have the tools and do not care if some bored Nigerian student with a stolen laptop gives us all some grief. The FBI and NASA only care if there is some threat to big business or the government. All we can do is just try to work around it and keep learning as we go along.

    JV

Share this

Google+
Pinterest
Reddit