Paid Advertising
web application security lab

DoSing the DDoSer

Well, it was a long Sunday. I was planning on going and hitting some balls on the golf course, but no, instead I spent the better part of the day dealing with a DDoS attack. Before it was completely killed 73 IPs were used to perform a flood of GET requests against sla.ckers.org. Thankfully we were able to thwart the attack by writing some tricky software to detect the attack and firewall it. But it was still the better part of a day dealing with it.

The end result was we found the attacker (the owner of www.au-p2p.info who apparently was made fun of at some point a year ago on the board). When pride goes too far, eesh! More on this user here. Cyberhacker665 is in at least some way affiliated with or owns evilzone.org. The attacker did a vanity search for himself before initiating the attack. The original IP was tracked back to the attacker’s ISP, who was sent an abuse email and now the user is offline for the time being. We effectively DoSed the DDoSer. It’s too bad, I had long forgotten about that post - apparently he hasn’t.

This wasn’t the first high volume traffic incident we’ve received (we’ve been slashdotted several times, and reached the front page of Digg and Reddit as well) and we get tons of attacks per day. But this was probably one of the worst. Just another day on ckers.org… Golfing would have been better use of a Sunday, even if I suck at it.

8 Responses to “DoSing the DDoSer”

  1. digi7al64 Says:

    I can’t wait for the video describing in detail how he practically disabled the entire Internet with GET requests.

  2. Null Says:

    Those evilzone punks do a lot of damage. Their forum openly flaunts all sorts of criminality. Good you reported it.

  3. Turkish_OG Says:

    Cyberhacker655 AKA netsplitter real name Alexander is the owner of evilzone.org

    Evilzone came about 2 years ago owned by evil.io he chose cyberhacker655 as co-admin because he was at the forum for a long time…Then cyberhacker655 attempted to take over promising the members a new dedicated server costing over 100 euros a month, he would have torrent trackers, seeders, radio, better forum everything better and more efficient…This was all lies, in a bid to take over as admin…..He is not skilled in anything, he has breifly gone over python and C language but he still isnt capable of creating anything that could damage you…the only thing he has experience in is using milw0rm exploits, and cocksucking for botnet sources and then compiling them…He managed to take over the forum because he was more active and chatted frequently to the members, along with lies…he managed to take over…and manipulate everybody to come to his forum evilzone.org and leave the previous evilzone site…since then the forum went down….full of skiddy n00bs who dont know jack shit and actually dont care..fuck they are their for the DOS tools, some of its members actually admit that…and if you look in the club showoff….every single hack is a milw0rm exploit…there isnt one…not one…out of the hundreds of pages that required more than 15 mins….10 of which finding out what to do with the script….and 5 cocksucking for help on how to use the exploit saying that they dont understand the simple comments…made for them to fucking understand…

    Netsplitters email addresses are cyberhacker655@gmail.com something like quantum-junkie@yahoo.com that may not be it but if U see an email related to him something along those lines it would be that…and the one he uses for MSN is webmaster@evilzone.org he is 16, and is Romanian but lives in some shithole estate in greece…

    He is also a backstabber and a moral less dickhead, he and his forum is a fucking joke…

    I do have more info. but I may need to use it as blackmail so wont publish it publicly….luckily for him ;)

    he is a total n00b and dickhead, and will surely be going down soon.

  4. RSnake Says:

    The attack continues where it left off. Cyberhacker665 is continuing his attack against the site. This time it was using 350 IPs instead of 70. The site appears to be stable for the moment, but we’re keeping a close eye on it.

  5. Emma Says:

    Is the attack him bombarding you from many IP’s or what’s coming from the IP’s?

  6. mybeni websecurity Says:

    haha, entertaining shit is going on here… congrats

  7. TURKISH_OG Says:

    @ Emma ‘73 IPs were used to perform a flood of GET requests against sla.ckers.org.’

    and yes his yahoo is quantum_junkie by the way this was ages ago….

  8. shwack13 Says:

    he has recently try’d to hack www.sykopainkilla.com
    and has been unsucsessfull so me and my admin hacked his website .
    http://forum.evilzone.org
    Connection Problems
    Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.
    and were also at the moment stealing his latest db. and not giving it back. and the date is may 7 ,08 10:02 pm.

Leave a Reply Or Discuss On the Forums