PDA

View Full Version : DECEMBER 16th RONPAUL2008 WEBSITE HACKED OR CRASH SCENERIO




jdrochon
12-10-2007, 11:46 PM
This is the time that big business or special interest groups may wage war. Be advised.

Has any security been beefed up to prevent malicious attacks? Including back up servers in place to prevent the www.ronpaul2008.com website from crashing due to bandwidth issues?

Andrew-Austin
12-11-2007, 12:01 AM
I'm sure they are aware of this threat, don't know how equipped they are to deal with it.

microsect
12-11-2007, 12:21 AM
Iím sure the Ron Paul site is prepared for this.

RonPaulFTFW
12-11-2007, 12:38 AM
and even if they bring it down on the 16th.
we'll just keep donating into the 17th.

and it'll bring even more publicity.

Charles Wilson
12-11-2007, 08:20 AM
We need a plan "B" and "C" just in case it is sabotaged. My Internet provider went down yesterday and said it may be down for 24 to 48 hours -- no explanatiuon. It was actually down only about three hours but it made me realize how vulnerable we are depending on the internet for such a huge event.

Visual
12-11-2007, 12:31 PM
It will be fine, you guys are overly paranoid.

theseus51
12-11-2007, 12:36 PM
It didn't happen on the 5th. It's unlikely to happen on the 16th. What all of us can do is to NOT go to the website on the 16th, other than to donate. Don't be like those people who refresh the ronpaul2008.com website every 5 minutes "to make sure it's still up". As if them knowing it's down is going to help anybody at all. The official campaign monitors their own website, so that's all we can do to not make the problem worse by refreshing their high traffic site on a high traffic day.

Kingfisher
12-11-2007, 12:43 PM
If you cant donate on the 16th, donate on the 17th, 18th, 19th

pahs1994
12-11-2007, 12:47 PM
also, i heard alot of people saying they will donate thier money split up. i wouldnt tell anyone what to do with thier cash but multiple donations will just add to the heavy traffic. if alot of people donate 25 bucks every 30 minutes or something u can imagine that will slow everything down though. try todonate all at once.. unless you get caught up in the moment of seeing that meter go up and decide you want to donate more that you origonally intended of course =)

USMC_IZZY
12-11-2007, 02:41 PM
I dont think having a backup plan is such a bad idea.. would we be able to call the CC companies directly and give them an account number to credit our charge to? I thought about the threat of hacking/DDOS myself and I wouldnt put it past anyone at this point..

jdrochon
12-11-2007, 09:29 PM
It will be fine, you guys are overly paranoid.

par∑a∑noi∑a
Ėnoun
1. Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2. baseless or excessive suspicion of the motives of others.


To build a proper defense is not paranoia. Calculating the desperation of your enemy is good strategy. My Dad always said, "Hope for the best, prepare for the worst."

EvilNight
12-12-2007, 11:01 AM
I'm a lead tech for an IT company, we've got plenty of experience with internet criminal activity. Frankly, if someone decides to organize a distributed denial of service attack, then there is nothing, and I mean *nothing* that can be done about it.

Essentially, tens of thousands of computers spam the system repeatedly with connection attempts, making it so busy that the real people can't get through. There are ways to mitigate the impact of this sort of thing slightly, but frankly TCP/IP itself is so old and simple that there's no true prevention method. Even if your site ignores the attacks from all of those hosts, they still chew up your bandwidth (and your ISP's latency goes to hell).

It would, however, generate a lot of press. The attacking botnet would expose itself, and security professionals would be hounding it to the ends of the earth, just like they did with the Ron Paul mass email to track down how that happened. The attacker would risk losing the botnet, and those are prized possessions on internet black markets. It's not very likely that a botnet operator would put it at risk unless he was getting a LOT of money for the job. Most of the spam you see comes from these kinds of botnets and the operators make a lot of money on that already, and it's not nearly so risky as a focused, single point of attack.

I'd also point out that most botnet operators, despite being criminals, are usually pro-internet, and are certainly aware of Ron Paul and his stances, and I would not be surprised in the least if most botnet operators had a moral problem attacking Ron's campaign.

Now, all of that said, the best way the site can be prepared to deal with this kind of attack is to be ready, at the drop of a hat, to refuse connections from any non-USA IP address ranges in the event of an attack. Most botnets are located overseas, and most Ron Paul donors are located in the USA. Any USA-based botnets probably haven't got the clout to knock the site out. It would be unfortunate because it would prevent Americans abroad from donating, but it's better than losing the entire site for the whole day.

There are also already a slew of trusted-site services that monitor IP addresses and assign a trust level to them based on their past activity for good or bad. We just implemented such a trust service for our own spam filters and saw a resulting 80% drop in total spam getting through. That could also be used to shield from an attack prematurely.

I'd like to think that any ISP running a site like this already knows these things and is prepared. It wouldn't hurt to bring it up, though.

jdrochon
12-12-2007, 11:46 PM
I'm a lead tech for an IT company, we've got plenty of experience with internet criminal activity. Frankly, if someone decides to organize a distributed denial of service attack, then there is nothing, and I mean *nothing* that can be done about it.

Essentially, tens of thousands of computers spam the system repeatedly with connection attempts, making it so busy that the real people can't get through. There are ways to mitigate the impact of this sort of thing slightly, but frankly TCP/IP itself is so old and simple that there's no true prevention method. Even if your site ignores the attacks from all of those hosts, they still chew up your bandwidth (and your ISP's latency goes to hell).

It would, however, generate a lot of press. The attacking botnet would expose itself, and security professionals would be hounding it to the ends of the earth, just like they did with the Ron Paul mass email to track down how that happened. The attacker would risk losing the botnet, and those are prized possessions on internet black markets. It's not very likely that a botnet operator would put it at risk unless he was getting a LOT of money for the job. Most of the spam you see comes from these kinds of botnets and the operators make a lot of money on that already, and it's not nearly so risky as a focused, single point of attack.

I'd also point out that most botnet operators, despite being criminals, are usually pro-internet, and are certainly aware of Ron Paul and his stances, and I would not be surprised in the least if most botnet operators had a moral problem attacking Ron's campaign.


Good info. This is what I was looking for. Thank you for being so informed and sharing that information with us.

Benaiah
12-13-2007, 12:54 AM
877-ron-2008 to donate by phone (for those living overseas if you get cut off!!)

defcreative
12-13-2007, 04:14 AM
It's not very likely that a botnet operator would put it at risk unless he was getting a LOT of money for the job. Most of the spam you see comes from these kinds of botnets and the operators make a lot of money on that already, and it's not nearly so risky as a focused, single point of attack.

You are right on the target there. Botnets and Peas are huge money, a Botnet OP would know that there would be almost a certain loss of the botnet with an attack like that and it would cost him a lot of money unless he was being paid a whole lot.