Lazy Man and Money

How I Survived my DDoS Hack Attack

by 7 Comments

Last month I wrote about how my website was being attacked with a distributed denial of service. In the article itself, I purposely left some of the technical details out for a couple of reasons:

1. I presume that a majority of people are interested in personal finance information and aren’t interested in the technical details.
2. I wanted to make sure that my website was up and stable before I gave out specifics of how I stopped the hackers. (This is in itself a dangerous thing for me to do, because it gives them my playbook. However, the more I thought about it, the more I thought that others should have access to this information so that if their website is attacked, they have some assistance).

With that in mind, I reached out to my friend Evan Kline of 40 Tech and offered him a guest post on the topic. Some of the technical details are more suited for his audience anyway. He agreed and last night he posted it:

How to Survive Your Website Getting Hit With a Denial of Service Attack

Even if you aren’t into the technical details, there are some graphs there where you can see pretty lines showing the huge spike in traffic as well as a quote from my new hosting service WP Engine giving a magnitude of how bad it was.

Focus on My DDoS and Timeshares

by 4 Comments

I’m still working with a couple companies to keep this website up and active. In the meantime, I will be giving occasional updates via Twitter (@LazyManAndMoney). I plan to put in some time creating guest posts for various blogs, so look for some content there.

The plan for the next few days is to focus on vacation and timeshare ownership. It’s fresh in my mind as I’ve just returned from a week’s vacation in Maui. I will focus this articles on specifics (Marriott’s Vacation Club for example). While you may not be able to relate to those specifics, I believe larger trends can be extrapolated from them.

MonaVie, Are You Hacking My Website?

by 15 Comments

When I first started Lazy Man and Money, I said that I’d probably write about technology 5% of the time or so. This is one of those times. Don’t be scared. It really is a more of a David vs. Goliath story – one of the few that hasn’t hit the movies yet. (I’m getting word into Morgan Spurlock soon.) If you are willing to bare with me, I’ll make it interesting. I’ll wrap the technology references in real world analogies – like a crushed pill in apple sauce, you won’t even notice.

The Guatemalans Attack!

If you’ve seen my website over the last few days you’ve seen a message of: “Did you find this website slow to load or unresponsive? I have been a victim of a Distributed Denial of Service Attack (DDoS) attack and I have strong evidence that MonaVie is responsible which I will provide in a few days.”

I’ve had a few people ask ask why my website is slow or why they can’t get to it at all. A DDoS attack is when bunches of computers (perhaps hundreds or thousands) overload your website at once. A website is a lot like a tunnel, it can only handle only so many people at once. Big websites like Google have a really big tunnel that can handle just about anyone (billions will get you that). Smaller websites have to decide what is a reasonable size tunnel for the amount of people who typically want to get through. A denial of service attack effectively clogs that tunnel with hundreds or thousands more traffic, which creates traffic jams and crashes. This is what you’ve seen. Typically such attacks come from one other computer, which is easy to block – you just take away the access from that computer to your road.

However, in this case the attacks are coming from tens or hundreds of thousands of computers from all over the world. This makes it difficult – nearly impossible – to take away the access from any one computer launching the attack. Typically someone will write a computer virus that allows them take control of these computers for this purpose. The users of these computers probably don’t even realize it. In this case, I can see that all the computers are coming from Guatemala, Nicaragua, and dozens of similar smaller countries.

What is interesting is that launching these illegal attacks have become surprisingly affordable and common. I found this article on about digital hitmen for hire. The article explains that for about $1200 a month you can hire a Russian group who will launch these attacks for you.

I tried to explain this situation to my wife while fighting the attack. I tend to dumb down the technology aspects as I know that’s not where her interests lie. My over-simplistic explanation, in the heat of defending the attack, came out as something like, “It looks like MonaVie has hired the Russians to send an army of Guatemalans to attack my website.” As soon as I said it, I figured that 99% of society would be fitting me for a straitjacket. My wife in a great moment of levity joked:

“Matate, El Hombre de Cansado, Matate!”

My wife’s Spanish is better than mine, but we are about 15 years removed from our last Spanish class. Nonetheless, I got the joke. She followed it up noting that Jack Bauer is available and this seems right up his alley.

In this world of politically correctness, allow me to fully disclose that I don’t know that any Russians were involved. The “Guatemalans” serve as a convenient shorthand for the tens of thousands of computers in dozens of countries involved in the attack. As for MonaVie, well let’s get to that…

MonaVie Behind the attacks?

On Feb 3, 2012, I found my JuiceScam website attacked. JuiceScam is a consumer advocacy site warning people about the transgressions of MonaVie, a multi-level marketing company that sells $45 bottles of juice. The scam is so complex, with more layers than an onion, that it truly does require a full website to explain. MonaVie, naturally, hasn’t taken too kindly to this. They’ve threatened me with legal action twice complaining about my rankings in Google. Specifically they’ve said:

“When an individual types in MonaVie at www.google.com, in the search box, and clicks on Google Search, the first page of Google that appears is:

https://www.lazymanandmoney.com/monavie-scam-was-my-wife-recruited-sell-snake-oil/.”

MonaVie realized that they had no legal grounds to stop me from publishing the truth about their company. If you are MonaVie, what do you do next? You send a letter to your distributors telling them about your online reputation management including the following:

“One of the many factors that Google uses to determine which websites should rank in the top positions is the popularity of a website. To determine popularity of a website, they look to see how many people link to it. Google treats a link from one site to another as a vote. The more votes you get, the better.

If you have a website, a blog, participate in forums or other people’s blogs, link to official MonaVie websites and social profiles when you have the opportunity.

For example, if you are writing a post in a forum talking about how you love MonaVie Pulse, make sure to link the words “MonaVie Pulse” to the Pulse microsite (www.monaviepulse.com).”

and

“If you link to any negative websites, take down the link. You may have inadvertently linked to a negative site on your website or blog when discussing their website. Just as links will help us promote positive MonaVie sites, they will also help negative sites rank better.

If you see a negative website in the search engine results, don’t click on it. If lots of people are clicking on a negative website on the search engine results page, Google may rank it higher because it sees that so many people are clicking on it.”

(You can read more about how MonaVie Tries to Suppress the Truth.)

That was over 6 months ago and things hadn’t changed. Google still ranked my site very highly.

So let’s recap:

  • MonaVie threatened to sue me to get me out of Google’s rankings.
  • MonaVie enlisted their distributors to try to hide the truth.
  • My site exposing MonaVie’s transgressions was attacked by a DoS attack. Google has openly said that they stop showing websites up when they are not reliable. They believe that such websites shouldn’t be showcased to visitors because it is a poor experience for Google users (which is true).

This attack has given MonaVie has gotten exactly what they have repeatedly stated they were looking for. Someone searching Google for my article would find that it doesn’t exist at all today. The 6000 comments that people spent years writing will not available to most

When I stated that “I have strong evidence that MonaVie is responsible” this is what I was referring to. MonaVie had motive, opportunity, and had shown intent on several previous occasions.

Is that strong evidence? I’ll let the reader be the judge.

Note 1: I’m working with a group to get my site protected against such attacks. It has taken a little time and I thank you for your patience during this time. I hope to have it finished up this weekend, if the organization can give me a few hours of their time. Otherwise look for improvements early next week.

Note 2: Though I use the term “hack your website” in the title, many, including myself, consider a DDoS not entirely a hack. It is not like they break into your website and steal any information. I went with the term because it is better understood by the average person for when someone attempts an illegal technological attack, which is accurate here.

Note 3: I could go into much more detail about the attacks, but in interest of protecting myself from the attackers, I don’t want to give details of what I do and do not specifically know.