Move Over (temporarily)

The attack pattern on this website is very interesting. The Russians after almost a week of persistent attempt have stopped. Of course they haven’t lost heart or accepted defeat, of that I am very sure.

And that isn’t guess, but past experience. The attempts goes on in cycle, and that indicates that these people are moving in close co-ordination with each other, like an unending relay race.

First say Russians take over and make their best attempt to break in. If they are unsuccessful, the next weak they pass on the baton to the USA and except sporadic attempts it is their territory for the duration. But they are given only a week to make the breakthrough. If they can’t then for the next week, the cap is on the head of Ukraine and then (and sometimes together) Turkey.  Once they successfully break in and deface the site I don’t know it would be on whose charge (to manage the site) or maybe they would again take turns.

This is exactly what happened as I saw during the last few weeks, even before I gave the welcome message to the Russians. After the attempts by them, last week belonged to the USA and now, atleast for, I can see both Ukraine and Turkey topping in the attempts.

This is one area I can say these people are with a total universal brother-hood. There are no so called national boundaries, nationalistic one-man-ship. They are collaborating despite being from the countries that are supposed to be on unspeakable terms, at least when they speak of each other, (they rarely do to each other) they use the epithets that are unspeakable.

Their approach gives some idea on the mindset of the people too.

The Americans are brazen and well, I should doubt their intelligence ala “Where Angels fear to tread” or may be they are in their smug universe and don’t care. Either way they belong to the same level of mental faculty.  Their attempts have been as numerous as the Russians but from a very limited number of IP addresses (In fact the most notorious, as far as I could see were from 142.54.174.130 and 198.204.247.20 (both in third digit, per day). 

Compare this with Russians, in their week the attempts are from hundreds of IP addresses, and that were diverse too. They have used not only many IP addresses, but many different blocks as well as service providers too. That way, they pre-empt the potential victims from making complaints at the abuse@. After all how many abuse complaints can one make? Each particular IP address makes around say 50 to 60 attempts and then asks the next one to take over. That they work in close cooperation is quite clear since while one IP is trying, the others keep silent in most of the cases, and only after this has stopped the other start. 

The Ukraine and Turkey fall somewhere in between. In fact in their allocated time, even their number of attempts too are quite low, almost negligible, compared to US and Russians. These are the people who work in same IP Address ranges, though not necessarily same IP Address. 

Let me meanwhile enjoy and watch their attempts (till it is the time they enjoy and then probably I won’t even be able to watch).

 

The Russians are Coming !

This is a real Red Letter Day in the history of this blog. Suddenly there is a flood of enquiry (about the username and password) and they are flooding like Tatar Hordes.  Till date there had never been more than a hundred such enquiries, and recently that too had become a trickle (around 10-20 per day). Today suddenly I find that number has grown many folds to already around 400, and rising fast, like the water level of a flash flood or should I say Tsunami (the resemblance to it is more)?

Most of these enquiries are from the Tatar-Red zone (Turkey, Ukraine, Russia). Of these three, two, The Ukraine and Turkey had been regular visitors to log-n, xmlrphp and lost-password screens, but suddenly today I find that the Russians have entered the fray, and that too with a vengeance. Of the four hundred odd, more than half are them.

Are they confused that this is one of the Trump’s or CIA sites? I wonder! Otherwise why they should work in such a close co-ordination trying to break in? Every person (or their bot) makes an attempt till the site is blocked for too many wrong attempts, and then it passes on the baton to another one to start from where it left (exactly like a relay race).

They are quite smart too, since the attempts are not limited to a particular network or service provider. This must be to make sure that the intended target isn’t able to black-list or block a particular network/ IP range.

Smart, aren’t they? The efforts should have been a bit more seamless. I wonder why the attempts are separated by a couple of minutes? After A is stopped, B doesn’t take over immediately, but after a small hiatus (usually of about 2-3 minutes. Most of the attempts are of course brute force, but a few (obviously  who consider themselves smarter) are going through lost-password recovery method. I wonder how would they overcome the multi-factor authentication. They have of course guessed the username (most of them are attempting with it). But that would be the easy one, the least of the hurdle 🙂 For the next step, first they have to guess the length of the password,