Gorynch HTTP builder discovered

Recently during my time browsing the Internet, I stumbled upon a copy of Gorynch HTTP botnet’s builder. I was abl to download it and test it out, and it worked!
I will be analyzing the builder and the botnet, and I will post the updates back here soon. Meanwhile, stay vigilant.


Why you should not use Cloudflare for your site

Cloudflare is now very attractive to new bloggers and webmasters, especially with their free account features, however, this is not good for your site, and overall Cloudflare will damage your site’s performance.

I am currently hosted on GoDaddy (Moving to DigitalOcean soon, these guys don’t know a thing about updating their system) and I am not using Cloudflare. However, I used to a few months ago, and I will tell you my experience with them.

The first few days was pleasant. My site was faster than usual and the server load was reduced. But after the first few days, performance begins to drop. My site was slowed down to a crawl, and I thought it was supposed to be something server-side, since Cloudflare boosted my site! But no, my server load was still normal, and the speed was fast if I connected directly to my server (Through modification of my HOST file on my local computer). I then checked on Cloudflare’s status, but there seemed to be nothing wrong with the network. I then decided to wait for a week before switching back, since they might be facing a large attack. But after a week, the problem did not stop. I then switched back to no reverse-proxy and performance was back up to an average level again.

Cloudflare’s features also are bad. They only combine Javascript, but not CSS. They allow 3 rules only for free users, which is not enough to do anything. Their Auto-minify had almost no effect on my site’s size at all. Not only that, their security features blocked my Amazon Kindle from accessing the site.

Unless you plan on slowing down your site, never use Cloudflare. I have had a very bad experience with them, and will try other services (Incapsula, try hosting files on Dropbox/Google Drive,…) and post back my results.


The theory of DDoS: Can it be stopped?

A Distributed Denial of Service attack is when someone tries to overwhelm a website/server with a massive amount of traffic, which will consume all of the server’s resources and prevent the server from being able to respond to legitimate users. This is usually mitigated by either getting more resources (RAM, CPU, Bandwidth,…) or relying on a third party (Incapsula, Cloudflare) to help you mitigate and absorb the attack. But are there any possibility of an attack large enough to be able to take down all of these layers of protection?

Cloudflare is one of the largest CDN/DDoS Protection service available currently. They have handled attacks that peaked at 500Gbps/600Gbps while keeping the sites online. They mitigate millions of attacks everyday. But in the future, when 5G comes into play, can Cloudflare handle an attack that comes from a botnet that controls  25000 phones with 500 Mbps connection each? That is around 12.5 Tbps of power hitting their global network, which will probably take their entire network down unless they are preparing to get more servers in and buy more bandwidth. But how much bandwidth will be enough when 50 botnet of this size perform a coordinated attack to bring down a target?

Incapsula and Akamai, however, are much more prepared than Cloudflare to face these challenges. They both already own traffic scrubbing centers. They both own a large amount of bandwidth and probably will be able to withstand an attack of that size. They also are specialized in DDoS protection, while Cloudflare is much more specialized in speed. However, a larger botnet could take them down, since no matter how much bandwidth these companies have, there always is a limit.

The total bandwidth of the internet is increasing, but with that so is the power an attacker can control. Be prepared, because you never know when you are hit.

Now let’s go into theories. Let say the total amount of bandwidth on the internet is xTbps. If an attacker/the attackers have a giant botnet, which is capable of throwing out x/2Tbps, decides to throw an attack on all the Tier 1 internet providers, no matter how much bandwidth you have or how good are your scrubing centers, you and the rest of the Internet is going down. In that case, so will the C&C server of the botnet will be down, since the hosting company they are using will be under attack as well. If their attack setting is ‘until stop is pressed’, then our internet will go under for a really long time until we can root out the infections, clean them up, and get more wires and bandwidth into our datacenters.

DDoS attacks can be mitigated and absorbed, but they can and will grow to a size where they. Maybe it is time to get more bandwidth before it is too late.


The Silencer

The Silencer is a slow POST Denial of Service tool, designed for server stress testing. It is based  upon Torshammer with a few optimization, slight changes that will bypass Torshammer detection without doing damages to the performance. I am currently working on it at https://github.com/haigiang02/the-silencer and constantly optimizing its performance.

Feel free to try it out!

Tips: Try opening thesilencer.py, and change the post length and keep-alive header data to heuristic prevent detections!


How to prevent malware from getting on your computer

In my previous post, I showed you how to know if you are getting malwares onto your system. While this method is not foolproof, it should be able to detect around 90-95 % of all malwares. But, detecting is only a small part of protecting yourself. The big part, however, is to prevent the malwares from getting on your system. Today, I will show you how to filter out 99% of all malwares before even running them.

Step 1: Stop downloading suspicious files.

Guys, 8 Ball  Pool hacks from Youtube won’t  work, no matter how real the video looks. Video editing is a thing anyone can do now. Most online games stores their user data on online servers, not on the computer and therefore are almost impossible to compromise. Don’t trust these. Torrents for cracks should have vouches, and should be tested on the sites I am showing you next

Step 2: Verify your files.

Scanning your files on your own computer? Then you scanned with 1 antivirus. Google-owned virustotal.com will scan against 53 antiviruses, free of all costs. Another useful sites is malwr.com, which will run the file on a virtual windows machine, and shows you what it does. If it adds itself to startup, then it probably is suspicious.

Step 3: Antiviruses

Even after folowing these steps, some malwares might still escapes. Have your antivirus (preferably Kaspersky or Bitdefender) running will detect malwares on the go. Update their dictionary often as well. This will filter out almost all of the malwares before even running. Some Antiviruses features HIPS/Runtime Detection which will detect viruses based on their behaviors, which is even more trustworthy.

So that’s it for preventing viruses from getting on your computer. Stay tuned for more tips and tricks and analysis of malwares.