#1
Posted 13 April 2016 - 02:11 PM
It has come to our attention that this account was misused by our former colleague, then spokesperson.
How so? The forum post demanding the removal of malicious scripts, as well as warning of a potential Distributed Denial of Service attack via Torshammer was not of true consensus between the twelve of us in CC Anons. Instead, it was the improper actions by an member of our CC collective.
Thereof, we apologize for the actions put forth by our user and the obvious discord that occurred as a result. We've reorganized ourselves, and now plan on being normal non-malicious coders on CC.
That being said, the first forum post is now rendered obsolete, as well as any comments posted by him during the period of time he remained in control.
This account will remain active, and we hope on releasing an OS within the next few months (Do not worry, nothing malicious)
Any questions? I, as the new spokesperson, will gladly fix the facsimile bridge that has collapsed between us and you.
To the diverse and (Not Lowly) CC community,
~ signed, MumbaiHHS
We all make mistakes, and ours was trusting people.
We Are Anonymous
We Are Legion
We (Do) forgive
We (occasionally) forget
#2
Posted 13 April 2016 - 04:06 PM
#3
Posted 13 April 2016 - 04:20 PM
#5
Posted 29 April 2016 - 01:10 AM
#6
Posted 29 April 2016 - 09:29 AM
Doesn't CloudFlare protect from DDoSing?
#7
Posted 29 April 2016 - 10:54 AM
There are multiple different types of DDOS attacks, and CloudFlare doesn't/can't protect against all of them, especially on the free package which I use.
edit: and the method mentioned in OP's post exactly fits the profile of what we've been experiencing
#8
Posted 29 April 2016 - 12:21 PM
I am willling to help with any cooperation towards you. Yes, I admit I am a hacker, dan200, but I am not devious enough to go back on my word.
Most likely the user set up a VPS server via Google Cloud, then downloaded the gist of Torshammer.zip. Then he or she typed "python torshammer.py -t computercraft.info -r 256 ". If they did hide the IP, then it would have a -T at the end of the 256. Anyhow, I am willing to help with anything concerning your help. And I doubt it was my friend. He doesn't have the manpower, nor the credit card numbers, to keep creating dummy accounts on Google Cloud VPS, Amazon VPS, or any other paid.
Heres the wierd thing : I happend to be browsing through the DDOS attack maps on Onion sites, and it showed a massive influx of visistors from New Zealand. Is your server located somewhere in the middle of the US?
dan200, on 29 April 2016 - 01:10 AM, said:
Any other info you need for help, contact me via PM. I await your reply.
#9
Posted 29 April 2016 - 01:38 PM
Anonymous, on 29 April 2016 - 12:21 PM, said:
I am willling to help with any cooperation towards you. Yes, I admit I am a hacker, dan200, but I am not devious enough to go back on my word.
Most likely the user set up a VPS server via Google Cloud, then downloaded the gist of Torshammer.zip. Then he or she typed "python torshammer.py -t computercraft.info -r 256 ". If they did hide the IP, then it would have a -T at the end of the 256. Anyhow, I am willing to help with anything concerning your help. And I doubt it was my friend. He doesn't have the manpower, nor the credit card numbers, to keep creating dummy accounts on Google Cloud VPS, Amazon VPS, or any other paid.
Heres the wierd thing : I happend to be browsing through the DDOS attack maps on Onion sites, and it showed a massive influx of visistors from New Zealand. Is your server located somewhere in the middle of the US?
dan200, on 29 April 2016 - 01:10 AM, said:
Any other info you need for help, contact me via PM. I await your reply.
You know that hiding your IP isn't as easy as entering a command and hacking around without having to worry at all, right?
Heck... the FBI even developed software to track down users of Tor now.
The more time passes the more obvious it becomes that you are just a script kiddy.
Edited by H4X0RZ, 29 April 2016 - 01:40 PM.
#10
Posted 29 April 2016 - 06:15 PM
Anonymous, on 29 April 2016 - 12:21 PM, said:
SSLStrip allows you to man-in-the-middle those https connections, we're talking about ddos here, not mitm.
You guys don't even know what you're doing.
Edited by Anavrins, 29 April 2016 - 06:32 PM.
#11
Posted 29 April 2016 - 06:38 PM
Every help appreciated.
#12
Posted 29 April 2016 - 06:53 PM
Anonymous, on 29 April 2016 - 12:21 PM, said:
I don't think you quite understand the concept of DDoS. Perhaps a DoS attack could be feasible by a single IP (unlikely), but DDoS stands for Distributed Denial of Service. It's basically a hell of a lot of computers (usually random consumers' that have been compromised and added to some sort of botnet) slamming the target server with as many requests as possible, to overload the server. It's very difficult to track down the source of a DDoS attack through technical methods. Of course, social methods (such as, I don't know, a random account on the target site threatening such an attack shortly before it occurs?) are far simpler to find.
Anonymous, on 29 April 2016 - 12:21 PM, said:
I seriously doubt that Dan (and the rest of the very capable administrative/moderation staff) would need your help, since you appear to have little knowledge in the area. Even if they would benefit from the expertise you claim to possess, they would be incredibly foolish to allow their prime suspect to help them discover the attacker.
Anonymous, on 29 April 2016 - 12:21 PM, said:
I'm glad you googled Torshammer and its arguments, but if you really think that the exact (supposed) syntax of the command used to attack the server is relevant...
If you know what you're doing, you know the exact command run is irrelevant, and if you don't (as evidenced by your post) then the odds are that you are giving Dan the exact command you ran to initiate the attack.
Anonymous, on 29 April 2016 - 12:21 PM, said:
What... I'm going to address the only thing that makes sense here: why would A) Dan's server be in the U.S., when he lives in GB, or B ) he tell you where it is at all, regardless of whether you've already found out?
Anonymous, on 29 April 2016 - 12:21 PM, said:
I'm flip-flopping between believing that you are too incompetent to come close to attacking the forum server, or the possibility that you are barely effective enough at googling to figure the process out and execute it. Either way, you're making a fool of yourself.
Edit: Damn emoticon, always forget about it
Edited by Tiin57, 29 April 2016 - 06:54 PM.
#13
Posted 29 April 2016 - 08:27 PM
There are legal consequences to DDoSing, and some of them may/may not involve the FBI. hint hint
Edited by Creator, 29 April 2016 - 08:27 PM.
#14
Posted 29 April 2016 - 10:00 PM
If you actually understand some basic level stuff forking it shouldn't be a problem for you. [sarcasm] And spreading the link shouldn't be hard either, judging by your SE skills.[/sarcasm]
Edited by H4X0RZ, 29 April 2016 - 11:53 PM.
#15
Posted 29 April 2016 - 10:53 PM
H4X0RZ, on 29 April 2016 - 10:00 PM, said:
I'd say he's pretty inept when it comes to social engineering, considering the fact we all knew this kid was a script kiddie and a troll from day one.
(Assuming SE stands for Social Engineering, sorry if I assumed wrong)
#16
Posted 29 April 2016 - 11:55 PM
Jiloacom, on 29 April 2016 - 10:53 PM, said:
H4X0RZ, on 29 April 2016 - 10:00 PM, said:
I'd say he's pretty inept when it comes to social engineering, considering the fact we all knew this kid was a script kiddie and a troll from day one.
(Assuming SE stands for Social Engineering, sorry if I assumed wrong)
Yes, I meant social engineering.
I completely forgot that this is "just" a forum. I marked the sarcasm in my post. Thanks for (unconsciously) pointing that out ^^
#17
Posted 30 April 2016 - 02:28 AM
Did you really take your personal twitter account and renamed it anonymous?
http://lmgtfy.com/?q=MumbaiHHS
It's like you're not even trying being actually anonymous.
Edited by Anavrins, 30 April 2016 - 02:39 AM.
#18
Posted 01 May 2016 - 12:40 AM
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users