Welcome to WebmasterWorld Guest from 34.207.78.157

Forum Moderators: open

Message Too Old, No Replies

anyone else having trouble with the Web right now?

10:30pm California time Sat Jan 24

     
6:35 am on Jan 25, 2003 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12292
votes: 389


I almost feel silly posting this, but I'm having trouble connecting with two different sites I routinely connect with, using two completely different internet connections. From San Francisco Bay Area. Browser cached refreshed and all that...

Anyone else having problems? I continue to connect with WebmasterWorld and much of the rest of the Web just fine.

11:24 am on Jan 25, 2003 (gmt 0)

Senior Member

joined:Nov 20, 2000
posts:1336
votes: 0


This isn't geographically focused. My missing sites are in London.

... and the site Mat mentions is down from here.

Anyone other than Lawman back up yet?

11:33 am on Jan 25, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 5, 2002
posts:173
votes: 0


All my sites are down as are my hosting company to. Just about the only thing I can access is webmasterworld! My servers are in London.

mat

11:33 am on Jan 25, 2003 (gmt 0)

Preferred Member from IT 

10+ Year Member

joined:Apr 5, 2002
posts:633
votes: 0


The link I posted is talking about massive Ddos attacks in the US, so this might be about DNS servers again, at least partially. If you switch DNS server, are the sites still 'down'? Can you ping your sites on IP number, or even bring them up in a browser on IP?

Mat

11:36 am on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Oct 31, 2001
posts:278
votes: 0


I have been told by my ISP that a large section of the UK is down right now. Went down at 4,30 this morning, lots of engineers running around like headless chickens from what I hear.
Interested in how many of us in the UK are down.
11:40 am on Jan 25, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 28, 2001
posts:3615
votes: 75


Mine are back down again. Grrr.

lawman

11:43 am on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Oct 31, 2001
posts:278
votes: 0


This seems to be a Global Problem.
11:52 am on Jan 25, 2003 (gmt 0)

Senior Member

joined:Nov 20, 2000
posts:1336
votes: 0


It's getting worse. Sites that were up an hour ago are now down. I'm hoping WebmasterWorld stays up, as its the only place left that I can find to communicate on the problem.

And yes, it's global. I have sites down in the US, UK and the Far East.

The ONLY blessing is that some of my competitors are down.

I could have done without this!

11:55 am on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 19, 2002
posts:423
votes: 0


This thread sheds some light ...

Just for the moment would anyone posting URLs pointing to news of what's happening please post a synopsis as well because I for one can't reach any of the sites so far mentioned. It's amazing I can get to WebmasterWorld....

Cut and paste the news please.

11:59 am on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Oct 31, 2001
posts:278
votes: 0


I think we could all do with out this. But at least with it being so widespread if Goggle is doing a major crawl it might be delayed. I too hope and pray that WebmasterWorld stays up.

It does make you question what is going on!

11:59 am on Jan 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 16, 2002
posts:2010
votes: 0


[news.google.com...]
[cnn.com...]

AP newswire reported around 6:45am EST and all news channels are carrying it

It's believed to be a world-wide attack
(though you know how the newspeople like to say "virus" when its really other means).
They say its very similar to the "Code Red" virus (isn't that a microsoft server only issue?)

Bush's internet advisor, Howard Schmidt, is quick to say its not "debilitating"
(but he's probably not trying to get work done on the internet right now eh?)

Cert is supposedly monitoring this, but there is no update on their site as of 7:15am EST.

[edited by: amznVibe at 12:17 pm (utc) on Jan. 25, 2003]

mat

12:01 pm on Jan 25, 2003 (gmt 0)

Preferred Member from IT 

10+ Year Member

joined:Apr 5, 2002
posts:633
votes: 0


OK, I'll not cut and paste as I don't think the TOS allows that, but I've just read that this is being compared to Code Red.

The attack is going after SQL Server, but the scale of scanning and probing is so enormous that it's drowning servers indiscriminately.

Block port 1434 to stop it, if you're able to. This is apparently exploiting a bug that was discovered in July 2002 - MS released a patch, but it doesn't look to have been widely applied.

Mat

[edited by: mat at 12:13 pm (utc) on Jan. 25, 2003]

12:12 pm on Jan 25, 2003 (gmt 0)

Senior Member

joined:Nov 20, 2000
posts:1336
votes: 0


OK.... we know a hefty percentage of the web is down.

The question is, how long will it take to recover? Has anyone any feel, based upon previous similar incidents?

The ISP I spoke to thinks that we can probably forget about the best part of today, but should be up before tomorrow. He admits it's a guestimate based on other incidents.

12:16 pm on Jan 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Seems there is a decided lack of several regular posters too.....

Pendanticist.

12:19 pm on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 19, 2002
posts:423
votes: 0


I expect cutting and pasting news-wires breaks some copyright laws but in exceptional circumstances I should imagine they will take a benign view.

mat

12:22 pm on Jan 25, 2003 (gmt 0)

Preferred Member from IT 

10+ Year Member

joined:Apr 5, 2002
posts:633
votes: 0


Of course the b*stards choose the weekend. Who's likely to have a not-patched-up-to-the-minute MS server? - smaller set-ups. Who's unlikely to have a server-tech in at weekends? Ditto.

This, I would guess, will reduce in scale enormously before too long - once the routers and pipelines have blocked the probing activity - but it ain't going away overnight.

12:25 pm on Jan 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member nick_w is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 4, 2002
posts:5044
votes: 0


So its an M$ security exploit huh? -- Gee, that's a shocker...

Nick

12:33 pm on Jan 25, 2003 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 10, 2002
posts:937
votes: 4


Yahoo quote Schmidt as saying - "People need to do a better job about fixing vulnerabilities".
Can say that again....
12:39 pm on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 5, 2003
posts:380
votes: 0


It is caused by a vuln, that allows 2 mssql servers to pingflood eachother, creating a network storm.

Looks more like a worm than a bunch of people actually doing it, but it kinda sets of a chain reaction..

[online.securityfocus.com...]

Trust crappy MS software to bring down the internet..

12:45 pm on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 30, 2002
posts:404
votes: 0


Seems the bandwidth is still increasing..my servers router in Florida is reporting about 75 Mbs coming in, up from 65 an hour ago - definitely alot being shutdown (MS that is) Did anyone ever confirm anything about the fiber cut or was that just a speculation at an isp?
1:10 pm on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Oct 31, 2001
posts:278
votes: 0


Back up in London, but maybe on off for a while I have been informed.
1:13 pm on Jan 25, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38246
votes: 108


>out crawling hard today

Sorry Robert - it was short lived. They sucked about 3k pages in an hour and called it quits. Either they shut it off because of the problems associated with the virus and net traffic, or it was just a 404 checker.

1:23 pm on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 30, 2002
posts:404
votes: 0


Looks like the BW eating is dying off...hopefully it will stay that way
2:12 pm on Jan 25, 2003 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator ianturner is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 19, 2001
posts:3663
votes: 54


I am still completely down, anytime we reconnect we are flooded out.

In the middle of writing this I have news that the attacks are now less intense and we may have some kind of service up soon.

2:18 pm on Jan 25, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 7, 2001
posts:608
votes: 0


try this [securityresponse.symantec.com] Symantec link

what a night.....

[edited by: lawman at 4:38 pm (utc) on Jan. 25, 2003]
[edit reason] fix sidescroll [/edit]

2:38 pm on Jan 25, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 29, 2002
posts:89
votes: 0


I see the problems too -- the Symantec link has good information on the subject. The problem is the DoS (excessive traffic) caused as the worm infects systems across the InterNet -- I have been getting more "hits" to my firewall (@port 1434) than anything else -- the web DNS services seem to have the most trouble, as I'm getting a lot of failed name resolutions.

The bad part of this is that it's a weekend here in the US, and I'm afraid that many of the infected systems may not receive attention until Monday -- unless the worm crashes their server... (anyone use AlertPage?).

In my case, my DNS provider is down, so name resolutions on my sites are all failing :( -- I too thought initially that someone kicked a cable somewhere because the problems appear to be widespread at this point --- blocking ports will only prevent the "spread" (propagation) of the worm --until patches are applied, and victims are cured, it could be a rough weekend... (or an opportunity, if you're lucky enough to be unaffected)... cjw

3:01 pm on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Nov 17, 2002
posts:313
votes: 0


This W32/SQLSlam-A/SQLSlammer DoS Attack ground my network to a standstill at 5.35am this morning (UK).
Tech guys resolved it by 9.55am by bringing the infected MSSQL server off-line, and blocking all requests to port 1434UDP on the entire network.

More info here:
[microsoft.com...]
and BBC report here:
[news.bbc.co.uk...]

Things back to normal now - but even WorldCom, our most major backbone provider got stuffed!

Ouch!

mat

3:07 pm on Jan 25, 2003 (gmt 0)

Preferred Member from IT 

10+ Year Member

joined:Apr 5, 2002
posts:633
votes: 0


It would appear that things are starting to ease - enquiries through our main site are back up towards a reasonably normal level again.

Our server was never down, so the lack of traffic must have been down to people not being able to get 'out' to the site, as opposed to finding it down.

Mat

3:13 pm on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Nov 17, 2002
posts:313
votes: 0


Mat,
The co-locate MS-SQL server on our network was filling ALL our available bandwidth, and so, even though the Unix (and all other) servers were up & running, the huge reduction in available bandwidth (to virtually none) meant it was near impossible for anyone to connect to any server on our network!

Nice to know that M$ found this bug last July!

Will

3:25 pm on Jan 25, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 10, 2002
posts:42
votes: 0


Hi all

I'm in L. A. and had no problem connecting.
Out of curiosity I tried two of the posted links.
The second one I tried (www.internetpulse.net/)
caused ZoneAlarm to cease all connections which
in turn caused IE to return a fatal error message.

Had to do a reboot and after all checks were made
the system is fine.

I can't say if worm tried to invade but if there was
an attempt, it failed. :)

<added>No emil access though</added>
jaybee

3:59 pm on Jan 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Nov 17, 2002
posts:313
votes: 0


ish,

posted that link about 4 posts earlier - interesting read!

regards,
will

This 131 message thread spans 5 pages: 131
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members