Topic: 🌟🎲🌟 MoneyPot.com - page 88. (Read 119079 times)

The attack is showing on cloudflare. And the attacker does not have our server's ip, ive set the server to 'only' accept request from cloudflare ips found at http://cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6
I've been in contact with cloudflare guys, and they have acknowledge that the attack is targeted on www and blog servers. So having that said, im assuming, that the attack does go tru them.

Also as far as i can understand from the logs, the attack is specifically either a HTTP GET or HTTP POST requests that is targeted at https://www.moneypot.com and https://blog.moneypot.com and not their real ip addresses.  Last week MP IP address was revealed due to a * A record present on our DNS records, and this has been removed and our IP are now changed.

If there's any other recommendation you can think of, do let me know.
Thanks
uni

If the attack isn't showing in cloudflare, it means they have your ip address. If they have your ip address, there is no way you will be able to stop the attack, even firewalls will be completely useless (what they did to BaB was DDoS using spoofed syn packets with cloudflare ip addresses, which allow it to bypass the firewalls) and once it hits a single machine, it will overload it in sheer volume.


The only defense that is going to work is obscurity. You need to change your ip address, and then completely hide it, make sure there's no way for the attacker to know what it is. Make sure that you don't have any DNS entries pointing to the real server etc.

If the attacker doesn't know your real ip address, then they'll be forced to go a) Go through CF   b) by a layer 7 attack.  (Also, ignore the idiots who tell you about "CloudFlare resolvers" and what not, if you configure the service right no one can find your ip address. I for a long time had a 1 BTC open bounty on anyone who could name a bustabit ip address, and it was never claimed)

Just a little update for everyone.

The attack is still on going on both servers www.moneypot.com and blog.moneypot.com. BUT there are additional measures added( yes i know you are reading this), and both sites will now usually LOAD but will be slow (at least this time it loads). If one of them doesnt load or shows cloudflare page, use the other one.

For players that had their ip banned by cloudflare, please send an email to [email protected] with this format:

hi Avirunes

the attackers have set a target but we don't know which target or what they really want to accomplish.
players want to gamble and will go to other sites and this is nothing new. as long as MP will survive those attacks MP will come back much stronger than before and all players will come back and even more will join. I am talking out of experience (not online ddos attacks)
it is a game of patience and my advice is to sit and wait how long the attackers have the resources to attack or MP will find a solution to stop it (dont know if such a solution exists)

When moneypot is down, alot of gambler will be gambling in another site for sure, this actually makes moneypot lose customer which potential earning as well. Downtime in business is not something that the owner will like, it ruin the business no matter how you see it, the ddos could be from some competitor as well

No apps are down.You can play there if you want if you are already signed in with Moneypot to the app.Well DDOS will not cause any change in database stealing or something like that.But still those who are worried can move to get peace in mind.

Wonder what is benefiting DDOS attackers.They are just keeping the site down.They are only wasting their electricity and money and nothing else.I am sure moneypot will come up with something and all of their efforts and time they spent will be wasted.

Sad to see that the only thing you can do on moneypot now is get your funds and run while you have a chance

what about the api users? are external apps like betterbets down?

Just keep trying the site at random times, I was able to get on a little while ago and withdraw funds, a second later the site went down again 

It is really very irritating to see such great app to be render useless by the attackers. I really hope this attack will tone down soon so we can access back to our wallet. Stay strong, they wont attack a useless site so you already have proven them that this is something that is of great importance to the public.

Yes i can confirm that. As I've said above, soon as i announced the new link, this link came under attack aswell, this link was up privately since last night and went fine, but after announcing it to the public, it made it 'known' to the attacker/s.

If there are some things that you guys can recommend, im open for suggestions. But for now, ill do my best to find a solution for this.

Thanks
-uni

Well that was a really cool breakdown of whats going on and I appreciate your efforts to get our money accessible, but the blog site doesnt work either

Hi,yes, https://blog.moneypot.com is only a backup server for people to withdraw their funds.

I login with the  https://blog.moneypot.com one and I am having balance issues.I asked for 10000 satoshis promo om Dust Lottery and Jackpot Racer said he had credited it but my balance is still showing me 0. Is it because i logined with the blog link one?

Hello everyone,

I've been up for more than 48 hours yesterday, and before i went to sleep the attacks where still ongoing. And for fyi, MP is on a paid plan on CloudFlare, and ive already set to to automatically ban the ips of the attacker, but as Ryan have experienced, i have also reached the limit of banning ips.

Here's a bit of an explanation regarding the attack(i know the attacker might be reading this)
What i know about the attack:
1. The attack is a HTTP GET/POST attack, which basically sends a flood of request.
2. The attack is able to bypass cloudflare which makes me think this are botnets.
3. The attack uses multiple ip ranges, which make it hard to ban all of it.
4. The attack is probably manually monitored, because as soon as i add some securities on GET requests, it changes its attack to a POST request etc..
5. The attack is not continues, it sometimes stop for a few minutes(to recharge lol), then resume again.
What we can do:
1. Ive set the server app to auto restart on failure, So whenever it goes down, itll go back up.
2. As ive mentioned above, cloudflare did not help much.
3. We can just wait it out, i know it is frustrating to not be able to get your funds.
4. A separate clone server is setup for you guys to use incase u the main site goes down or is very slow, I know after i post this, this clone server will be the next one to be attacked.
    - https://blog.moneypot.com
    - Again this is a separate server, but uses the same records/database/accounts as the main one.
    - You can use this to get your funds out.

PS: soon as i put this post up, https://blog.moneypot.com got hit.. which makes me think the attacker is reading this post.

I'm doing all in my power to stop and mitigate this attack, but i can only do so much.

Thanks,
uni

i was able to get on just now.  Attacks might be over

Any news on when I can do my withdrawal? Trying to get on waves before it opens on polo dude

Yes, they do hold over 1000 BTC in their bankroll, which is crowdfunded. You can't expect them to use those funds, can you? That would be worse, since no investor agreed for their invested amount to be spent toward DDoS protection.
Yes, their profits are at an all time high. Most of that is just an advertisement though, since Moneypot's bankroll is primarily investor funded (you should know this, considering you said you invested. Maybe just an lie to shill a competitor). Moneypot claims to have a share in the bankroll, but we don't know how much, and that is their personal BTC in the bankroll, not as a company. Their profits from commissions are always at an all time high, and they probably already spend that on Cloudflare protections.

we are like little kids in here.  start jumping and stomping around lol.  Yall need to relax, if you got scammed, you got scammed. but more than 99.9% they are telling us the truth and this is just a huge attack to keep them offline and get players to hate the site.  

Give it some time, the people doing the attack are paying pretty good money to have this done. So it cant last forever.

Good luck with that

I agree the site is kind of basic.  I believe it was purposely designed that way for simplicity sake at first.

We've actually had a new design made for a while now, but the css and coding of the new sections that's involved with it is the hardest part. 

We will get there.