DDoS attacks and threatening emails


#1

I have been receiving threatening emails about a movie review i wrote about Zero Dark Thirty. Someone didn’t like it. I’ve emailed Dreamhost three times, received one clarifying email, and then nothing since i’ve sent the link to the allegedly offending post eight hours ago. I’ve contacted the police department attached to the university through whose servers the emails are coming. I’ve contacted the third party email server. I’ve texted the poor person with my old phone number with the police case number to report the threatening messages they are supposedly receiving (poor dears).

At first, people thought it might be a harvested script, but the last two threats have been pointedly about things i’ve written - one email posted just two minutes after i uploaded a youtube video with a song addressed to them, to which they responded:

"Really? You@want.more
6:26 PM (34 minutes ago)

to me
Hello
You have been contacted by Really?, their message is as follows:

Really? I don’t like that song. at 1pm your time if it’s not down we’ll attack again. We only stopped so you could get back on to your site…


Other information:
Date: 2013-02-25 18:26:22
Referrer: http://www.maoquai.com/
IP address: 24.47.7.26
User agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22"

So, at this point, it’s getting a bit annoying and i’d like to know what / if there is anything else anyone can suggest. My website did go down incrementally all day (although, they’re convinced they had it down for a full three hours - bully on them, they didn’t succeed - i’ve had traffic to the offending post all day simply because of of their emails - yay! my traffic has gone up! which i’m not sure is what they were actually aiming for…).

Thoughts? Ideas? Suggestions?


#2

It doesn’t look like your site is currently using a caching plugin. Enabling one (like wp-super-cache) will speed it up significantly, especially under load. With that in place, there’s a good chance they’ll just get frustrated and go away.


#3

If they’re coming from the same IP address, you can add that to your blacklist.

Go to /wp-admin/options-discussion.php and add in the bad IP. Be VERY careful when blacklisting because it will take partials. So if you blacklist hoy, it’ll block ahoy and so on.


#4

Thanks gang, i’ve updated my cache plugin and added two IP tracking plugins. I also found out where the hackers were coming from (although, i imagine it might come through a VPN) - but someone in Mount Vernon NY spent nearly two hours on my site just before the first email - so at least i know we can track if absolutely necessary. :slight_smile:


#5

You should also open up a ticket to Abuse and ask if there’s anything they can do to mitigate the DoS.