前期“暗网下/AWX”测试发现,虽然暗网论坛Dread已经恢复访问,但不是每次都能成功访问,证明DDOS攻击仍在继续。在轰轰烈烈的重新启动仅几天后,著名的专注交流暗网市场的论坛Dread再次下线,原因依旧是:联合管理员HugBunter所说的“资金充足的DDOS攻击”。大流量的DDOS攻击,即使网站已经更新改版,显然还是无法防御。
自去年11月下旬遭受DDOS攻击以来,Dread几个月一直处于离线状态。在“完成代码库的重写工作”后,Dread于3月6日重新启动并大张旗鼓地出现,使许多认为该网站永远不会再出现的批评者感到失望。然而,在重新启动的几个小时内,新的DDOS攻击袭击了该网站,使该网站再次无法访问。
虽然数月来该论坛的多名管理员专门对论坛进行重新编码以及增加基础设施的防护,但是使其更能抵抗DDOS攻击的努力并没有像预期的那样成功。
但是HugBunter的最新创作的导航网站Daunt仍然可以在暗网与明网上同时访问,Daunt在Dread和Reddit上以“DoS攻击到此结束”的口号做广告,它是几个最大的暗网市场的可验证链接的集合,包括Abacus、Archetyp、ASAP、Bohemia、Cypher和Tor2Door等。如果用户手上有该市场的PGP公钥,Daunt上的每个链接都可以通过签名的PGP信息进行验证。Daunt上还包括指向论坛、供应商商店和其他类型的Tor站点的链接。
Daunt的暗网网址:
http://dauntdatakit2xi4usevwp3pajyppsgsrbzkfqyrp6ufsdwrnm6g5tqd.onion/
Daunt的明网网址:
https://daunt.link/
“通过我内置的私有镜像共享概念,这个平台将作为持续的DoS攻击的‘解决方案’,”HugBunter在Reddit上关于Daunt的介绍性帖子中说道。“虽然它不能解决手头的问题,但它应该允许更多的有机流量通过受影响的服务的可能性。从本质上说,是在逃避DoS攻击。”他补充道。
在另一篇文章中,HugBunter承认,私有镜像的概念还没有在Dread上实现,这意味着所有的访问者仍然依赖其主要的URL作为入口点。然而,HugBunter和共同管理员Paris为减轻对主要暗网网址的攻击而采取的措施迄今没有结果,因为该网站自3月6日重新恢复访问以来,继续因DDOS攻击而保持离线状态。
在过去的几天里,HugBunter似乎比平时更沮丧,他提供了一些关于他的DDOS攻击对手的细节,揭示了这个攻击者“现在只有在他的攻击背后有力量,因为他已经从某些暗网市场得到了如此丰厚的回报”,这些市场屈服于勒索要求,停止了对他们的Tor网站的攻击。他还承认,他“一直在定期与攻击者交谈”。
Dread在I2P上的镜像也受到了整个该网络的持续攻击的影响,该网络远不如Tor强大,因此更容易中断。HugBunter说他们目前无法对论坛的I2P门户网站进行新的修复,直到网络上的攻击消退。
3月18日,HugBunter又在Reddit上发布文章称,Dread的暗网主Onion域名已经在线,并发布了最新的信息。HugBunter称Dread主洋葱域名处于在线状态,同时处于满负荷攻击状态,这是抗击DDOS攻击的一个巨大里程碑。
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512Hi everyone, I am so fucking psyched right now because this is a huge milestone in regards to fighting these attacks.
The main onion is ONLINE, while under full attack load. There will still be timeouts here and there and initial connections may be sporadic, be persistent and you should be able to access fairly quickly through the use of a single new identity to clear your descriptors and then possibly switching circuits a couple of times if you cannot connect, you can do this quickly by pressing Ctrl + Shift + L.
Credit goes completely to our resident genius Paris who theorized this method of bypassing the bottleneck, using a modified version of a method that somewhat worked previously but the attacker was able to easily overcome it. If you haven’t experienced fighting these attacks, you will have no idea how INCREDIBLE this is, but seriously, it is completely unprecedented.
This method scales against the intro point bottleneck itself and it is possible that we could remain stable. The downside is that this is fucking expensive on our end.
WITH ALL THAT BEING SAID. It COULD be just as easy for the attacker to bypass this, so while I am hopeful here, we are going to continue to prepare mirror rotation within Daunt and continue to share private mirrors to anyone who is struggling to access.
Use this as an opportunity to get your auth keys so that you can make use of them for accessing other affected services through Daunt, as well as accessing Dread going forward if we do fall back to rotation primarily.
This is a massive FUCK YOU to this sad extortionist.
—–BEGIN PGP SIGNATURE—–iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAmQVRGMACgkQ6GEFEPmm
6SI6Ig/+IGl4Qqzph2QGYvzggO+h2pCgekTICAYFqhY+8Ix0AK3Y+zpLu3j2o80c
Si6rvaMzUM9KZmFJ2ASac231Vo5pYmKi3Z/I9YeholROUaAMWG9ii1BtG+qmPk+M
8jjfHgVmscnsWroYg4jzJ0xG+GJ6yTy58FtafX2wMzDsYeEnkRbf8w9YMr9135xG
vcfE/MbLj5U0M+qBZhp5x6N/+dYjSGwiomK+r7Go7WDYn08afK0iPnFBEL13bHxO
2Hnkct23Gys4/WZsIGDuzZ+V611NZvh3r1R9631Ym3jb+gahEV0X0NK2PhAYq88M
EWl31Nf9pEZ5PouBUN2uijnNcHjQdS3yqoKJ68lSpMovAJgA7/c3PRZet8Bj2qwX
FLANruXvmk680xX1e8xDW5r/rvq5EAuoDCevdN9BYM1hefK5iNXafN5nCWdMCqfN
2nrb0/hwvIcNYdJH3A9YkWsfzQ71xObY9f52Fau9hCYiSS3CLylwyLJu5m+qWw9H
cCBCnz8gS5IXuoCBAjyFeZzSh+0I5BtcNtR4w2RAcmw6KrVufyc8xJrof000kLiU
s/MJyBfr2UKWrIzNMQWTrg6pSux+gmFLXy11vd/YfW89YKcNa9QPPihWS27Mxpf8
3NedGLtTHq1QliF4oNEhAou9R+HZ3QJH/WA1Pp1dph6LsPukAdk=
=9RH5
—–END PGP SIGNATURE—–
但“暗网下/AWX”在HugBunter的新文章发布至今,多次尝试访问,多次使用各种方法刷新,依旧无法打开Dread。Dread何时能扛过并战胜DDOS攻击,真正的恢复访问,“暗网下/AWX”将持续跟进。
更多暗网新闻动态,请关注“暗网下/AWX”。