Business Community > Gateways > I'm the owner of a botnet that's targeting my own site. AMA
< Gateways

I'm the owner of a botnet that's targeting my own site. AMA

I'm the owner of a botnet that's targeting my own site. AMA

I'm the owner of a botnet that's targeting my own site. AMA
I'm the owner of a botnet that's targeting my own site. AMA
Friday
Tags: #ACL #Controller
Model: ER8411  
Hardware Version: V1
Firmware Version:

So, title aside, the story is I'm on my fourth day of no-sleep, and willing to bow down to more enlightened minds than mine.

Now to the botnet part, my colleague made a couple of signatures for the company where we both work. Signatures get approved and all's fine and dandy since 2024 till now. This person placed the images on the company's webhost. The team grew larger, email's became the preferred method of communication and here's where we get to the botnet part. 8 pictures in the signature, times 90-100 people hammering the webhost with requests for the pictures composing the signature every couple of minutes or so are creating some sort of broadcast storm on the local network and a hard ban on our public ip's on the webhost.

Now, the best option in my humble opinion would be to filter the url's on the router, but I can't do that since it's managed by an old oc200 which doesn't play well with the router at the best of times and freezes when I really need it.

Question is, if I go ahead and remove the router from omada, leave it standalone and then try to filter the URL's for the pictures IE: sitename/picture_name.extension will it work?

 

Please help, as I'm at my wit's end.

  0      
 
  0      
 
#1
Options
3 Reply
Re:I'm the owner of a botnet that's targeting my own site. AMA
Yesterday

Hi  @adyopo_76 

May I know your complete network topology as well as the version of your OC200 to begin with?

It may be a little hard to know your request, so any screenshot would be appreciated.

If the pictures causing network problem has specific URLs, you may try to use the standalone mode and check the network performance again.

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#3
Options
Re:I'm the owner of a botnet that's targeting my own site. AMA
Yesterday

  @Hank21 Managing it in standalone mode is my last option to which I'll sadly have to resort today if implementing a secondary DNS and marking the image urls as ads / undesirable content doesn't achieve what I want. I know I'm probably delaying the inevitable but I can't have this retransmission storm thrashing my entire network because I'm at the point where those packets are doing just that and it may go further to each gateway on my network in search for an alternative route to the website.

  0  
  0  
#4
Options
Re:I'm the owner of a botnet that's targeting my own site. AMA
23 hours ago

  @Hank21 OK, so I solved it by asking nginxproxymanager to resolve the website's image url's locally with a 204 response and rewriting the A record for my website in Windows Server 2022's DNS service to point to nginxproxymanager's ip. The storm died down almost instantly, there's no packets heading towards the hosting ip, and I'm more than greatful.

 

Furthermore, I think this little move added some 200 Mbps to my speedtest result while wired.

 

Now to take it easy, write a letter of apology to my hosting provider, ask them nicely to unblock my ips in their firewall and have the dude that made our email signatures re-do them. I'm tired of fixing other people's mistakes... Thank you @Hank21, thank you very much.

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 117

Replies: 3

Tags

ACL Controller
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.