Along with the grey weather, the weather around our local net is downright annoying at present. There are a massive increase in attempts to break into this site via backend systems and brute force front-end logins, a surge in scans from the search engine spider bots, and a lot of requests for putting up paid content. All of which have been ignored or dealt with.
Just looking through the logs, I’d say that over the last couple of months we have had at least a ten-fold increase in total traffic, and a mere doubling of human traffic heading into our moving election.
Most of which has been handled just by our usual security systems. But I suspect that this is just a side-effect of a more general run on out local net based on news reports of hacking and denial of service attacks.
For instance from Stuff “Govt spy agency has ‘no clues’ on source of cyberattacks on NZX” where amongst reporting on other attacks they detail attacks on media and other financial institutions.
Stuff spokeswoman Candice Robertson said Stuff had been targeted by a DDoS attack on Sunday which it had successfully defended itself against.
“Importantly, the Stuff site remains secure,” she said.
Radio NZ spokeswoman Charlotte McLauchlan said it had also experienced multiple DDoS attacks during the past 24 hours.
“We understand this may have been the same group that has been attacking the NZX and we are currently investigating,” she said.
“Our site remains secure and this has not impacted our audience.”
The country’s biggest banks are tightening security to protect themselves from similar attacks.
It is understood banks have been facing attempted attacks, although the Reserve Bank said it had not been advised of any significant issues over the weekend.
Little said most organisations were prepared for DDoS attacks and were able to “absorb them without disruption”.
“They fizzle out once it is clear they are not going to yield any response that the attacker might want,” he said.Stuff “Govt spy agency has ‘no clues’ on source of cyberattacks on NZX“
The MetService web site went down, as I noticed when I reached for their rain radar before biking to work.
MetService is the latest organisation to be hit by the same cyber attack that crashed the NZX website for five days.
The weather forecaster was hit by a DDoS (distributed denial of service) attack today, but a spokesman said it was dealt with “in a timely manner”.
“As of 5pm today, there has been no notable loss of performance to any MetService digital platforms,” he said.
“MetService also operate a back-up site, this site contains all safety critical information, and includes authorised MetService severe weather watches and warnings, MetService rain radar imagery and brief forecast information.”NZ Herald “MetService latest NZ organisation to be hit by targeted cyber attack, TSB experiences tech issues“
It seems to be ongoing, as I’m getting the same thing today as I’m reaching for my bike helmet.
As this site is purely volunteer (thank you authors and moderators), financed by unsolicited donations (thanks a lot of for the higher donations in August) and my occasional spurts of work, we’re not a high value target. So personally I mostly notice the traffic on the background net by the pitch of the hum of my system fans in our living room.
Of course not all outages are the result of malicious action. While our site had an outage on 23th and 24th of August. That eventually proved to be a failing SSD drive slowing down the RAID array that runs the database of the The Standard on my home server. I sat down over weekend and wrote a routine to low level test for drives that were actually slowing down, but which were not triggering SMART errors so it could retire drives. I also added 3 spare drives to The Standard array to add to the single spare drive still running on it.
It is a case of closing door after the fact – but I’m sure that there has been a lot of that happening elsewhere around the local network this week.
Because of the extra load on my network, I added a feature two weeks ago to be a little more paranoid. The Wordfence utility, that does the bulk of the protection at the The Standard server, has a feature that will block known malicious IP numbers based on attacks coming from those locations. I turned it back on, and the unwanted traffic at the site dropped markedly.
But like all good security features, it is a double sided weapon. It also blocked at least one reader coming from the Flip ISP – probably because they had a dynamic IP from a previous bad actor. They reached out to me and I put in an over ride for the whole of the Flip address range. It anyone else notices a blockage, then could you contact me giving me your internet service provider, and I’ll make a case-by-case exception.
Since the 90% of our human traffic comes from within the NZ network, I’d like to put a free gateway around the local NZ IPv4 and IPv6 addresses – which are accessible here. Does anyone know of a computer readable and accessible list that can be read – I’d add that to the daily tasks.