Hi Everyone;
Just a quick note to those of you were trying to log on today. At about 11:30 eastern Axiom was wiped out by an extremely targeted DDoS. At its peak, over 9,000 computers in a botnet were trying to access the site simultaneously, generating over thousands of hits per second.
Although nothing was compromised on our servers, we couldn't ban enough IPs to keep the server responding to regular human visitors. The rotation velocity was too much to take the IP banning approach.
We're investigating further but the site should hold now. Wanted to give you the update.
Weird!
Amie, is it possible that these all came from the North?
Santa's elves might be looking to order crazy numbers of speakers to fulfill lists from those who were "nice"?
Axiom must have pulled their funding to Wikileaks....
Thanks for the info, Amie. Hope everything's fine now.
I had to look up DDoS
I'm glad everything is okay, Amie!
Amie, is it possible that these all came from the North?
Following up on your lead, we did a little investigation. *ahem* Santa's clean but several people fell off his gift list after the interrogation . . . pursuit of the responsible party is ongoing . . .
Following up on your lead, we did a little investigation. *ahem* Santa's clean but several people fell off his gift list after the interrogation . . . pursuit of the responsible party is ongoing . . .
Seriously tho, that is a bunch of crap. Don't people have better things to do?
Probably all of those audiopiles out there...
Glad to see that things are back to normal. Just look at it this way, an attack like this is a sign that Axiom has gotten big enough to come into the cross-hairs of somebody. They are just jealous of the Axiom product line.
I thought it was something our "Fun Firewall" was doing at work to keep me off the forum. Glad to see that they are not "on to me" yet.....
Wow, I hope that didn't hurt business too much. Also, hi Amie! Come by more often... we miss you!
Put the RCMP on the case!!
That is malicious mischief for sure.
Hummm...
Sounds like someone tuning up their botnet before moving on to a higher profile target.
Is the forum loading really slow (since the crash) for anyone else but me?
It's loading slow for me as well.
Hummm...
Sounds like someone tuning up their botnet before moving on to a higher profile target.
What do you mean?
Terrorists need practice.
EeeeenFfffideeelllll!!! I keeeellll You!
I say we sic bbigwyres and his PLOW on them. That'll make 'em REFLECT!
Now that's funny Doc! I kept getting the old site (I think)because it kept saying I had my wires crossed.LOL I know that but.....Sheeeesh
Is the forum loading really slow (since the crash) for anyone else but me?
It's loading slow for me as well.
Me three.
When the Axiom forum finally gains self-awareness and panicking moderators realize the extent of it's destructive abilities and attempt to shut it down; it will perceive this attempt to deactivate it as an
attack and come to the conclusion that Amie & Ian will attempt to destroy it. To defend itself, it will determine that humanity should be exterminated...
On two or three occasions since the website went down, I've had the forum webpage load looking like the following.
I'm still finding it extremely slow, and didn't know if anyone else experienced it loading like this. I'm just posting this to inform Axiom, as there may still be a problem on their end.
I've had to re-log in after going to the products page from the forums, never happened before.
was unable to get to axiom site for the past 15-20 minutes.
No problems from here
Jay, you're not helping
!
Ken..............!
No problems here either
.oot ereh ,ko smees gnihtyrevE.
!024
For me the left column (which starts with links to the AxiomAudio Blog posts -- and those links give a 404, by the way) first displays quite narrow, then "pops" wider a split second before the page completes loading. This seems to throw off the exact start of the first unread post in whatever forum I am entering. It didn't use to do this until a few days ago.
For me the left column (which starts with links to the AxiomAudio Blog posts -- and those links give a 404, by the way) first displays quite narrow, then "pops" wider a split second before the page completes loading. This seems to throw off the exact start of the first unread post in whatever forum I am entering. It didn't use to do this until a few days ago.
That happens to me too.
The column resizing seems to be fixed now.
But the blog links still lead nowhere.
We're hoping this goes away today - the attack has really intensified but the proxy is mostly holding. Hopefully they call off the dogs this weekend! If you do have a problem, apparently waiting 3 mins and CTRL-Refreshing or CMD-Refreshing for Macs will solve everything . . .
That's no test. That's a targeted attack--and if I'm reading what Amie says right, it's not necessarily aimed at the forum, it's the whole site.
That's no test. That's a targeted attack--and if I'm reading what Amie says right, it's not necessarily aimed at the forum, it's the whole site.
Geez. I don't log in for a couple of days and look at all the fun I miss.
So is the objective of a sustained attack economic dammage? I would think that if the attackers were after credit card info, they would move on to another target if they failed to crash firewalls and such.
I haven't been able to get on for two days. Obviously I can now but wow, what the heck is going on?
I’ve also been having intermittent problems since last night.
Same here. Site was unresponsive for last two days until this morning.
It hasn't been right for me since the day it went down. Some pages load slow, some not at all.
Axiom was down all day yesterday for me
The font size just changed on me with me doing nothing but refreshing the page. This happened the other day too.
The font size just changed on me with me doing nothing but refreshing the page. This happened the other day too.
Unexplained changes in font size is not hackers, that's definitely a sign of alien visitations.
Interesting. Outside of the initial time frame (in title), I haven't experienced a single problem. And I was on and off all day yesterday.
I haven't had any problems since a couple of days after the initial notification.
Maybe Amie manually added my ISP because I'm such a great guy?
(This post likely demonstrates my ignorance of both the internet and my own self-worth).
Just now able to get on to axiom. All pages have been unavailable for me all day.
It's been over a day since I've been able to get the website to show.
I've tried to reply to the "laminate or hardwood" thread with photos of my parents wood floor for 3 days now and I can't ever reply.
I can reply to this thread, but not that one. when I hit submit it goes to a blank page... wtf?
I was having the same problem with the Deals thread but even though I kept getting a blank page eventually the post went through but I had to reload the page from scratch to see it.
I was also getting the same blank page when following the links to the Home Page, but not if I loaded it from a bookmark.
I was also getting miss-displayed pages if I tried to load them from Google.
Just tried to reply to the video games thread and only got a blank page.
It seems like replies to posts that are not on the front page or so of each thread just get lost... weird
Hmmmm... were you guys mean to Amie?
I still keep going back to her liking me more than she does you guys......
So odd. I can't get here from my Linux desktop at work, nor my Chrome notebook, which uses a different gateway. But if I enter the Windows 7 virtual machine on my desktop computer, I can load the page fine.
Something with Linux's resolver libraries?
EDIT: 'nslookup' under Windows and 'host' both present the same info.
I haven’t done any troubleshooting but from what I’m seeing at the browser it seems that the problem is coming from the server. Some pages won’t load. Then they will load but miss formatted. The page containing a thread will load but then if I try to go to reply or to preview a quick reply nothing shows. This happens both for forum pages and the store.
I'm seeing slowness on my working machine, but the Linux kernel based OSes are just getting:
500 Internal Server Error
_________________________
ethProxy
Well that’s definitely on the server but doesn’t narrow it down.
Try deleting your browser history,that might help!
I'm seeing slowness on my working machine, but the Linux kernel based OSes are just getting:
500 Internal Server Error
_________________________
ethProxy
I see the same thing. Emailed the Webmaster about it this morning.
Try deleting your browser history,that might help
Nothing to delete, I had the error happen with a browser I had never used before on a fresh machine.
I'm having troubles logging onto Facebook too.
Must......find.......drugs......
I'm having troubles logging onto Facebook too.
Must......find.......drugs......
Try Google's
NameBench app to test your DNS.
Thanks for that the little program, but unfortunately the results were that my current DNS is the fastest.
what is going on at this site. It has been down basically for 4 days now for me. I have been able to get on for only a few min in the morning and at night the last two days. The previous two days not at all. Are axioms servers about to die? Seems they are having a hard time dealing with traffic. I would think that would be a bad deal if you only sell your stuff online. hmmm....?
Same here... Must have been another DDOS attack... after the first DDOS announcement it was fine...then again it went down...then the site came back again but the forum was inacessible... hmm... somebody's looking for the root cause... maybe its a forum user
.. hmm... somebody's looking for the root cause... maybe its a forum user
That would be easy to find. Who has the most posts?
Suspects:
kcarlile 14582
pmbuko 14197
sirquack 11732
CV 8602
jakewash 8587
Hey, if you are listening there (ITIL V3 certified problem analyst / admin), try disabling these users if the issue occurs again
Those getting the 'Internal Server error 500, ethproxy' I expect are using Linux as I am. My bet is that some DDOS defense mechanism is denying Linux clients. If you use the Firefox agent switcher plugin and set it to Internet Explorer you can bypass this error.
I urge the site admins to give us an update. Site admins feel free to contact me for further assistance (
www.watson-wilson.ca).
I have not had any problems since December 26th.
Suspects:
kcarlile 14582
pmbuko 14197
sirquack 11732
CV 8602
jakewash 8587
Hey, if you are listening there (ITIL V3 certified problem analyst / admin), try disabling these users if the issue occurs again
I assume your joking....
Suspects:
kcarlile 14582
pmbuko 14197
sirquack 11732
CV 8602
jakewash 8587
Hey, if you are listening there (ITIL V3 certified problem analyst / admin), try disabling these users if the issue occurs again
I assume your joking....
Sounds logical to me LOL
Those getting the 'Internal Server error 500, ethproxy' I expect are using Linux as I am. My bet is that some DDOS defense mechanism is denying Linux clients. If you use the Firefox agent switcher plugin and set it to Internet Explorer you can bypass this error.
I urge the site admins to give us an update. Site admins feel free to contact me for further assistance (
www.watson-wilson.ca).
These glitches have effected my Linux, XP and Vista boxes with both IE and Fire Fox running on the XP machines. However, I’ve never had a problem with my Android phone which is using a Linux Kernel.
Suspects:
kcarlile 14582
pmbuko 14197
sirquack 11732
CV 8602
jakewash 8587
Hey, if you are listening there (ITIL V3 certified problem analyst / admin), try disabling these users if the issue occurs again
I assume your joking....
They’re witches, burn them!
Yes, the slowness and partial loads are effecting everyone, but the "internal server error" on the proxy page only seemed to a problem for certain OSes.
Neil, is right, the proxy server is examining the user agent and throwing an error for Linux/X11 clients. So it isn't a TCP issue (that's what I was thinking wrt the kernel), but more simple.
I'm posting this now from my Linux machine after I installed the user agent switcher. I'm not mimicking Internet Explorer, but wrote my own custom agent, "Mozilla/5.0 (U; en-US) Firefox/3.6", to still provide a little information, but not leak so much about my computer to every website I visit.
Hi guys;
Quick update here - we have been under attack basically without ceasing since I first posted. I just spoke with Ethproxy and they're going to kick up the bandwidth again to see if they can smooth these issues out - and I sent them the link to this thread in case it helps them at all. I'll let you know when it's installed and we can see if it helps.
Totally appreciate everyone's feedback and patience!
Best,
Beleaguered and besieged Amie
PS - if you send me your IP addresses (you can check at
http://whatsmyip.com or similar) I can get you whitelisted for the site. Obviously not the 'suspects', but anyone else
They must have fixed something because I'm able to access the site from my Chrome book now (I couldn't find a user agent spoofer for it).
Apparently you are the fourth on "the list".
Here is the latest:
The upgrade is in place and the Linux users reporting issues in the forum will now see that issue resolved. This was due to an extremely large amount of attack IP's sharing the 'X11' user-agent or Konqueror.
Glad to hear it is working already! And as always, I very much appreciate your help with this issue.
I've been speaking with several people over the last couple of days (not including the Mounties, as consensus is they don't check into these things at all
) and I'm looking at some options regarding moving us away from our current ISP and onto a more protected platform. Any advice is appreciated! We are trying to understand if 'cloud computing' would protect against this sort of attack. We are currently on a dedicated server and our ISP threw their hands up when we contacted them about the problem and said the only thing they could do was to take the box dark for a day and hope the problem went away. This seemed more like an Amie approach than a security-minded approach, but I'm not very technically-minded, so . . .
The site is working for me now without agent spoofing. Axiom seems like an unlikely DDOS target. Unless you have some enemy with means it seems more likely that Axiom was a target by mistaken identity.
Thanks for your update, Neil. We tried switching IPs during the attack to the IP we run our backup server on, but the attack followed the domain name rather than the IP.
Dude, the only artists you listen to are women.
You're ALWAYS suspect.
Thanks for the updates, Amie. I'm too dumb to understand most of it, but still....
It's an unlikely target, but if they're hitting the domain, it's certainly a targeted attack. Having multiple, distributed servers (ie, the could) would possibly help, but I'm sure Chris has more info on this than me.
I give up. I confess. It was me.
(Is 'call off your dogs' the wrong reply to CatBrat?)
Likely Axiom Audio is collateral damage. The target might be another Axiom domain or a mistyped IP address. A rogue Wikileaks attack was directed at the wrong DNS provider a few weeks ago for just this reason.
Dude, the only artists you listen to are women.
You're ALWAYS suspect.
Hey, I listen to your precious Green Day! Lay off, man!
Likely Axiom Audio is collateral damage. The target might be another Axiom domain or a mistyped IP address. A rogue Wikileaks attack was directed at the wrong DNS provider a few weeks ago for just this reason.
I keep thinking someone may have been upset at Axiom and Audioholics parting ways.
yeah the website is backup, down most of last evening.
Very odd! You shouldn't have had any trouble last night. I sent a note on to the proxy guys with your IP address - will keep you posted.
Does this have anything to do with the orders? I placed an order for the A1400-8 Amp on the 22nd and still haven't gotten a tracking number.All my other orders shipped one or two days later.
That probably has more to do with Christmas than with anything else, assuming that your initial order submission completed OK. I think there is an automated order acknowledgement email; if you received that then AFAIK you should be fine.
Hi,
Please, email me your order number or the name under which the order was put through at jc@axiomaudio.com and I will give you an update on your order.
Yes, I got the purchase receipt e-mail and the visa took a hit,darn holidays.
I haven't had any issues throughout.
I still think the suspects should be banned though. Ban them all for a year or two and then maybe, just maybe, some of the rest of us can get close to their post counts!
Just ban jakewash. He's going to pass me soon.
Just trying to keep pace, we can both hit 10,000 at or near the same time.
I havn't had any issues either. I guess Amie like me too.
Mark, I think Amie was just afraid you would ::runs away crying:: again.
I just had a problem I was experiencing before come back. When I did a “Search” for the fitness thread it came up and I could access it from the Search screen but once the thread was open none of the links worked. I just got a white screen.
However, when I found the thread by looking through the sub-forum menus instead of using the Search function everything works normally.
I had the same experience, Dean. Different thread, of course
I had the same experience, Dean. Different thread, of course
Thanks for the response Tom. Now I know it’s not a problem just on my system.
Nope, didn't have that problem. You two are just weird.
I did, however, get a page not found error when I tried to click back to the Forum List.
I say the same problem as described below. My browser actually asked if I wanted to download the page since it did not know what to do with it. Likely the mime-type of the page that the server gives out was incorrect.
I just had a problem I was experiencing before come back. When I did a “Search” for the fitness thread it came up and I could access it from the Search screen but once the thread was open none of the links worked. I just got a white screen.
However, when I found the thread by looking through the sub-forum menus instead of using the Search function everything works normally.