warning DDoS Attack Blackmail Email

[frank-germany]

hello I received this email today

what can I do?



We are Anonymous hackers group.
Your site xxxxx.com will be DDoS-ed starting in 24 hours if you don't
pay only 0.05 Bitcoins @ xxxxxxxxx

Users will not be able to access sites host with you at all.


If you don't pay in next 24 hours, attack will start, your service going down permanently.
Price to stop will increase to 1 BTC and will go up 1 BTC for every day of attack.

If you report this to media and try to get some free publicity by using our name,
instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Our attacks are extremely powerful - over 1 Tbps per second.
No cheap protection will help.

Prevent it all with just 0.05 BTC @ xxxxxxxxxxxxxx

Do not reply, we will not read. Pay and we will know its you.

AND YOU WILL NEVER AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated.

 

[Paul]

Someone's watching this thread. :~) We just got hit with a spear phishing attempt. Commendable effort on their part; it's pretty convincing. (This isn't the real Cloudflare login page.) Time to call in the big guns?

 

[Paul]

The phishing page is using Cloudflare. It took less than two minutes for Cloudflare to blacklist the domain after we contacted them:

Edit: Actually, looks like they blocked it while we were typing the request. They replied that the issue had been escalated about two minutes later, at which point I noticed the site was blacklisted. Here was the follow-up their safety team sent a few minutes later:

Hello,

Thank you for the email.

We have already addressed this from Cloudflare's side -- a warning interstitial page is in place. We've notified the host and registrar of this phishing page also.

Thank you for your concern, and for reaching out regarding this issue.

Thanks,
Justin

 

[offthehandle]

Wow. This past 6 months have really opened my eyes to a lot.

 

[Kingslayer]

hello I received this email today

what can I do?

Use privacy.

 

[imglobal]

Sounds like a far reaching bluff. But regardless, it's always good to have protection. We built a fence to protect the house, not just to protect against the people who make threats. With what's going on nowadays, we need to built a fortress to protect our sites.

Obtain a public cloud service account at one of the hosting company that come with advanced DDOS protection. Move your site to such host and get a redundant account with replication on a separate IP. Create a round robin configuration on wherever you have the DNS servers. This way if the main site goes down, your second site will stay on until the main site is fixed.

OVH is offer DDOS protections for almost of of their services. I also looked at Google Cloud and others, but so far OVH seems to be the cheapest with the provided features. They are not the cheapest in term of hosting options (memory, disk, etc.).

Stay away from companies like BlueHost. They are among the worst. At the first sign of DDOS, they will shutdown your service and make you move elsewhere. GoDaddy used to do that too but I have not heard about them doing so for the past two years.

OVH also have edge firewall but does not have auto-ban of attacking IPs. You can install a firewall application like pfsense as a virtual machine and enable auto detection to ban the attacking IPs.

It may be a waste of time, but copy the info from the header and forward it to the proper authority in your countries. They may or may not keep track of these scammers/spammers. It takes time to build a defense for your sites, but the effort is so worth it in the long run and keep you a peace of mind.

Hope that helps.

 

[Kel Com]

after cloud bleed, weirdos have been using much of the exploited data to send spam and extortion attempts to customers... cms scripts get a lot of the blame for what many admins/devs fail to do, hardened the site/app/server.
Relying on a browser accessible script to handle content 'securely' is lazy when there are so many default ports/settings/configs that are well known on webservers/firewalls/etc... plus how would one know if the host's iso image is compromised without compiling/verifying personally? how would one know if someone at the host is compromised, selling customer data [in bulk] themselves to 'anonymous'?

on top of that, typically software installed on fcc complaint hardware is already compromised [by law] despite any best efforts made within the software. and nowadays with refrigerators and baby monitors having wifi connections, actors like the dark army can send infinite requests, from home ip addresses whilst creating the nightmare 1TB/sec situation on the fly to any target. and don't forget where most chips/hardware is produced...

 

[MapleDots]

The geek inside of me is loving this thread

 

[mr-x]

how would one know if someone at the host is compromised, selling customer data [in bulk] themselves to 'anonymous'?

1998 a competitor purchase a co-located server with the same company hosting ours. He bribed the owner for access to our server. A guy I worked with for two years, copied then deleted our subscription website.

We moved to a "secure" hosting company. A few months latter, on a long holiday weekend, "someone" launched a duplicate of our website, poisoned the DNS and collected leads and customer information.

 

[Paul]

OVH is offer DDOS protections for almost of of their services. I also looked at Google Cloud and others, but so far OVH seems to be the cheapest with the provided features. They are not the cheapest in term of hosting options (memory, disk, etc.).

OVH has great prices and decent service, but their DDoS protection is garbage, sadly. They've been working hard on improvements, but their peering leaves much to be desired. They picked a lousy location for their American datacenter that requires running lines across international borders. It's taken them years to get the necessary permits, and I don't even know that they've finished that stage. I'm pretty sure they've finally begun construction, but I don't remember for sure.

Stay away from companies like BlueHost. They are among the worst. At the first sign of DDOS, they will shutdown your service and make you move elsewhere. GoDaddy used to do that too but I have not heard about them doing so for the past two years.

Yeah, there are only a handful of good providers out there, and they're all very expensive. OVH offers a good balance between price and quality, but don't expect perfection. If you want reliability, good SLAs, good networking, and high availability, you're pretty much limited to AWS, GCP, Rackspace, Azure, and OpenShift. For the most part, I stay away from anyone that offers shared hosting. If you're not comfortable managing your own servers without the likes of cPanel/WHM or Plesk, shared hosting is acceptable, but it's a sign that a hosting provider is focusing on small sites.

OVH also have edge firewall but does not have auto-ban of attacking IPs. You can install a firewall application like pfsense as a virtual machine and enable auto detection to ban the attacking IPs.

You can't block real DDoS attacks with your own firewall; the hosting provider has to block it either at their edge or upstream, depending on the size. Customer-managed firewalls are for blocking more focused attacks. OVH claims to have a automated system in place to block abusive traffic upstream, but I've never seen it function properly, at least at their American datacenter.

It may be a waste of time, but copy the info from the header and forward it to the proper authority in your countries. They may or may not keep track of these scammers/spammers. It takes time to build a defense for your sites, but the effort is so worth it in the long run and keep you a peace of mind.

Unfortunately, the headers aren't that useful here because it came from a compromised web server. I checked the web server, but it had been used by numerous hackers and was pretty much open to anyone who stumbled upon it; it's impossible to tell who did what after-the-fact. They're important evidence, but they're not going to catch any bad guys on their own.

 

[lock]

There are a few ethics in Anon and this doesn't sound like them more of a mass spam email copy and paste a bit into google see what others are getting.