Hi there. I run http://slash.geekizoid.com/ and we are being attacked by one of the regular users of this board. Given the nature of this board (and the attackers popularity here) I have decided not to reveal who it is, but to instead ask your help in locking him out...

Hmmm .. if he's such a popular person on this board he's probably not oblivious to the fact that he may simply have a box that are being 'owned' by other script kiddiez for this purpose?

What I refer to is that these sorts of attacks may not be initiated by the person who rightfully own the box, but other rats that have cracked the box. The owner may be totally unaware of this.

And the scary part is that there are still people out there convinced that they don't need any firewalls for their home system that only hold trivial data like mp3's and such, and that they are perfectly good as long as they have backups.
These are generally the ones that unvoluntarily host such attacks....

Cheers :)

No, I'm sure it's him... He's basically admited it.

Block or ask your upstream provider to block whatever IP addrs that its coming from if this can be figured out.

You could also move to a different IP addr (updating your DNS info). Of course this will cause some to not be able to reach your site due to caching.

Hard to answer w/o more details though.

[ 16 November 2001: Message edited by: thedexman ]

What is the nature of the attack?

Iptables has some very advanced rate limiting features. Sorry have not tried to set them up yet.

If he/she is not on a dialup just add a line to your iptables or ipchains filtering the traffic based on source ip address.
Drop'em like a rock.

How many machines do you think are involved in the attack 1? 10? 100?

Are you sure it's the same guy as here?