Tag Archives: bind

Serious fail2ban!

Serious Sam Box ArtIt reminds me of a level of Serious Sam – the one where 1,000s of those headless bomb-toting zombie-soldiers and screamers came pouring at you relentlessly, seemingly to infinity (and beyond).

It was a backdraft. Or the eye of the Zombie-Nado-Cane. When the bad-bots got some air around August 5th – hak4umz.net DDoS or DNS Amplification – fail2ban (and the servers) got burned.

Even the “eye-dee-keff-kuh-may” (TammyBelle’s God Mode Code for DOOM][ ) cheat didn’t help.  fail2ban got clobbered… ‘already banned’ every one second in the log and no more bans happening because 100s or 1000s of times per second from 100s or thousands of bots: bad requests.

Continue reading

Killin’ Zombie Bots DNS Style

The fun post title is the only thing fun about this. Unless you are in hosting, server admin, or run your own DNS servers this is going to be complicated, technical and boring.

First [is first ~LK]: an apology to any “upstream” DNS servers that our pet zombie bots may have passed bad requests to.  Like us, you probably didn’t know it was happening.

“What’s happening?!”
~ Dana (Dominique Dunne, Poltergeist, 1982)

Thousands Hundreds of thousands Millions Hundreds of millions of bad DNS requests.
Continue reading