A few nights ago an attacker sent a message via our contact form demanding we send .5 BTC to protect ourselves from a DDOS attack.
Coin Fire is a small site, we are making zero money (we lose money each month) and even if we had the resources to pay we would not give in to these almost terrorist like demands.
We didn’t reply to the message and went about things business as usual. As we can not and will not pay the DDOS attackers who are now sending us messages demanding 5 BTC to make the attack stop.
If you can see this message we are still holding on for dear life.
We’ve been shut down by two different providers in the last twenty-four hours as we have impacted services for other customers and have lost our investment of money on servers and significant levels of time as we have to rebuild on new machines each time we are kicked off and none of the providers will provide us with a refund since we have caused them so much harm.
We refuse to pay these blackmail demands and encourage others who receive the same demands to not give in as well. Giving in just empowers these assholes to keep doing this to you or to others because they profit from it.
The attack vector is using Facebook notes to flood our site using a known exploit on Facebook and we’ve reached out to friends at Facebook’s Cyber Security team who have determined the IP address of the original person hitting the attack vector and are working with law enforcement actively to track this user down.
Soon we hope things will be getting back to normal as our primary focus has been for the last few days to keep our site online as we are kicked from various providers for impacting service for others, securing further with CloudFlare and working on reducing our total site footprint.
We are posting this here as a reminder to others to not pay the demands and also a quick status update as to why we haven’t been responsive as we normally are the past few days.
Congrats, you’ve made the lulzlist for today : http://log.bitcoin-assets.com/?date=24-07-2014#767730
For further clarification this was not the only vector used, they also performed several DNS attacks against us and other methods but this was the one they originally started with. We also LOL’d because it was quite simple to block the Facebook bots but that is when the attacker kicked it up with other methods.
Granted they were pretty stupid though because they did it with Facebook initially and upon speaking with a friend at Facebook it has been found that one user (always same IP) has been doing this to many sites.
They were not using a TOR exit node either, they were using a naked IP likely thinking that Facebook would not investigate the matter and under normal circumstances they likely wouldn’t but having a friend that works in Security at Facebook specifically allowed us to reach out and have help sorting this out a great deal faster.
We will fight them on our routers, we will fight them on our iptables, we will fight them on our hard drives. But we will never surrender. – Future Winston Churchill.