Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
joined:Nov 11, 2000
Anyone else having problems? I continue to connect with WebmasterWorld and much of the rest of the Web just fine.
joined:Nov 20, 2000
... and the site Mat mentions is down from here.
Anyone other than Lawman back up yet?
joined:Nov 20, 2000
And yes, it's global. I have sites down in the US, UK and the Far East.
The ONLY blessing is that some of my competitors are down.
I could have done without this!
This thread sheds some light ...
Just for the moment would anyone posting URLs pointing to news of what's happening please post a synopsis as well because I for one can't reach any of the sites so far mentioned. It's amazing I can get to WebmasterWorld....
Cut and paste the news please.
AP newswire reported around 6:45am EST and all news channels are carrying it
It's believed to be a world-wide attack
(though you know how the newspeople like to say "virus" when its really other means).
They say its very similar to the "Code Red" virus (isn't that a microsoft server only issue?)
Bush's internet advisor, Howard Schmidt, is quick to say its not "debilitating"
(but he's probably not trying to get work done on the internet right now eh?)
Cert is supposedly monitoring this, but there is no update on their site as of 7:15am EST.
[edited by: amznVibe at 12:17 pm (utc) on Jan. 25, 2003]
The attack is going after SQL Server, but the scale of scanning and probing is so enormous that it's drowning servers indiscriminately.
Block port 1434 to stop it, if you're able to. This is apparently exploiting a bug that was discovered in July 2002 - MS released a patch, but it doesn't look to have been widely applied.
[edited by: mat at 12:13 pm (utc) on Jan. 25, 2003]
joined:Nov 20, 2000
The question is, how long will it take to recover? Has anyone any feel, based upon previous similar incidents?
The ISP I spoke to thinks that we can probably forget about the best part of today, but should be up before tomorrow. He admits it's a guestimate based on other incidents.
This, I would guess, will reduce in scale enormously before too long - once the routers and pipelines have blocked the probing activity - but it ain't going away overnight.
Looks more like a worm than a bunch of people actually doing it, but it kinda sets of a chain reaction..
Trust crappy MS software to bring down the internet..
Sorry Robert - it was short lived. They sucked about 3k pages in an hour and called it quits. Either they shut it off because of the problems associated with the virus and net traffic, or it was just a 404 checker.
The bad part of this is that it's a weekend here in the US, and I'm afraid that many of the infected systems may not receive attention until Monday -- unless the worm crashes their server... (anyone use AlertPage?).
In my case, my DNS provider is down, so name resolutions on my sites are all failing :( -- I too thought initially that someone kicked a cable somewhere because the problems appear to be widespread at this point --- blocking ports will only prevent the "spread" (propagation) of the worm --until patches are applied, and victims are cured, it could be a rough weekend... (or an opportunity, if you're lucky enough to be unaffected)... cjw
Things back to normal now - but even WorldCom, our most major backbone provider got stuffed!
Our server was never down, so the lack of traffic must have been down to people not being able to get 'out' to the site, as opposed to finding it down.
Nice to know that M$ found this bug last July!
I'm in L. A. and had no problem connecting.
Out of curiosity I tried two of the posted links.
The second one I tried (www.internetpulse.net/)
caused ZoneAlarm to cease all connections which
in turn caused IE to return a fatal error message.
Had to do a reboot and after all checks were made
the system is fine.
I can't say if worm tried to invade but if there was
an attempt, it failed. :)
<added>No emil access though</added>