Sustained attack at this website.

[Max]

You may find this surprising, but some Muppet has made a precision, sustained 'Slamming' attack at this website, with the intention of putting a sustained load on the Server CPU, and probably with the hope of bring the site to a halt.

I have implemented measures, so that such an attack of that nature, can not be repeated.

Some details of the attack..

Commenced: 13/Oct/2008

From: IP 86.138.238.2
IP address:   Kent
IP address city:   Dartford
IP address latitude:   51.450001
IP address longitude:   0.216700
ISP of this IP:   British Telecommunications
Host of this IP:    host86-138-238-2.range86-138.btcentralplus.com

and..

IP address:      86.166.167.98
IP address state:    Kent
IP address city:    Dartford
IP address latitude:    51.4500
IP address longitude:    0.2167
ISP of this IP:    British Telecommunications
Host of this IP::    host86-166-167-98.range86-166.btcentralplus.com

Attacker source: Software HTTrack 3.0x (web copier); Windows 98

The Server Hosting Center, others, and I, have been gathering further information, which has now been passed to the the B.T. Customer Security Team Investigators, and we expect sufficient information within the next 3 days, to be able to make an informed choice on whether to involve the Police, with the intent of identifying who the perpetrator(s) is/are, and what or whom has motivated their sustained attack.

If anyone reading this who is involved or has information, who would like to contact me directly first, before we receive the full detail - enabling Police assistance, subsequent arrest, and court action - then please contact us immediately via: security@ samsmiths.info

NOTE: Should further action be instigated regarding this (and previous) attacks, then we will alert all mainstream media to the crimes, and underlying motives.

[passedit]

I think you have no alternative but to inform the police if you can identify the person/people involved

[357maddog]

So, after trying to hack it they are now trying to knack it, shop the t-ats, after all if it was you doing it to them, they would do precisely that.

Roll on the revolution!!

[Max]

I think you have no alternative but to inform the police if you can identify the person/people involved

It's quite likely we'll have the necessary information back from B.T. shortly, and I agree, the Police do need to be involved.

Incidentally, I don't know if I've posted elsewhere on this site - but I have it on good authority that 'Mr H Smith' was so enraged with this site, that had given explicit instruction to a person (or persons) to hack the site.

It will be interesting to see if the 'attacker', can be connected in anyway with the brewery. If so, it will be time for the national press to get an exclusive on their illegal activities. Also, such proof would certainly add weight to any impending industrial tribunal or legal action.

[Max]

Update..

Today, a further attempt was made at attacking this site, using the same attack software from possibly the same computer, but as the attackers previous route was blocked, they attacked via a different route - through a small Internet service provider (businesses to businesses), based in Oxford.

I managed to block the attack at the Server, so the attacking program was met with a 'denial of service' reply. I also contacted the originating ISP.

Unfortunately, whilst their senior network engineer, at CI-Net (the ISP), claimed 'he had dealt with the matter', he refused to provide any further information, regarding 'their client', or what action(s) had been taken. I suppose the Data Protection Act, also protects criminals. It's just the public who have their data routinely misplaced by the Government

Anyway, I suggested that CI-Net retain the appropriate/specific logs/data, for availability to the Police.

Attack details..

Commenced: Fri Oct 17 12:46:44 2008
Originating IP: 92.244.180.3
Host IP: ip3.net92-244-180.ci-net.com
address:        CI-Net
        Network House
        Langford Locks
        Kidlington
        Oxford
       OX5 1GA
Attack software: HTTrack 3.0x; Windows 98
Attempts ceases: Fri Oct 17 15:10:21 2008

Since dealing with the above, I have discovered that the attacker was using an 'open proxy server' - which is a bit like an anonymous relay, as technically speaking, someone at the ISP had accidentally left a door unlocked (metaphorically speaking). No wonder they didn't wan to say what 'action' they had taken. 

The attacker probably found the details from a website like this, which updates each time it finds new routes for fraudsters, scamsters, and filth.

[samsdrinker]

I got told by the manager of my local sams pub that they have all recieved a letter from sams stating that if any are found using this site they will be sacked

[samsdrinker]

I got told by the manager of my local sams pub that they have all recieved a letter from sams stating that if any are found using this site they will be sacked

She is a relief manager and been sacked after 7 months in the same pub simply because no one will eat the rubbish food sams insist on selling

[Max]

I got told by the manager of my local sams pub that they have all recieved a letter from sams stating that if any are found using this site they will be sacked

The full details can be found from the post on the 8^th, including the original memo, here

[centurion]

I got told by the manager of my local sams pub that they have all recieved a letter from sams stating that if any are found using this site they will be sacked

The full details can be found from the post on the 8^th, including the original memo, here

Please read the memo again! It states any 'social networking sites' using any company resources, Not just this one, during working hours. Telephone lines, electricity etc may be construde as resources, working hours? well that can mean any time i suppose.

[freddy]

The Humphrey and FOB letter could be a trap so please use the information with caution. I have contact with an insider who says that each departmental letter is very slightly different and recognizable only to H and FOB. They have a plan to trace the source of the company leak through this carefully laid plan as a specific letter can be traced to a department and the unsuspecting employee snared. So please be cautious as unguarded comments may cost jobs.

[Max]

Thank you Freddy, for the 'heads up'. 

In future we will have to examine the same, from more than one source, and do a comparison - or if any doubt, re-write content.

However, we have also got to assume that 'they' may be spreading such a rumor, to try and discourage the flow of information.

Of course the threat of being given the boot, has no power over those who have left, or already planning to leave - and his lordship will have to assume the latter to be almost anyone, due to the way they are being treated.

If they are hatching such a ploy - it's a crying shame they didn't put more effort into solving the root of the problem - which is the rapid erosion of what was once, a very popular business.

And finally..

Speaking of tracing sources - I'm hoping to have some further information from BT, regarding the hacking attempts. They are still continuing (quite benignly) through various 'open proxy' (anonymous) servers, which I'm constantly blocking. However, I still believe at the moment, that the logged attacks through BT, can be traced to source. Then someone may have to 'go underground' for quite sometime, to hide from the press.

[357maddog]

Well said Admin, they may worry the managers currently working for them, but there are literally hundreds of people who, for whatever reason have escaped.
Together, as a team we can do enough at least enough to bring them to their senses and at least sack the "kiddy catcher" and move on.

I dont hate Sams....I worship Sams pubs and beer, I have drank Smiths for over 35 years and struggle to find anything else that I can drink/enjoy....being a bitter drinker is a nightmare, beleive me, and the price doesn't even figure.

We can only hope and wait until something changes, whether it's young Samuel eventually taking over, or sack the monkey, or something, who knows?

[samsdrinker]

Thanks centurion . I had posted what i had been told but now i have seen the letter i know its not just this site

[Max]

You may find this surprising, but some Muppet has made a precision, sustained 'Slamming' attack at this website, with the intention of putting a sustained load on the Server CPU, and probably with the hope of bring the site to a halt.

Latest..

This was part of a reply I received from BT this afternoon..

I can confirm that I will be carrying out a full investigation of the activities you have brought to our attention. The information you have supplied will help me to identify those responsible so that further action may be taken.

BT Customer Security Team

[357maddog]

Nice one, well lets see who is responsible, or behind it.