Uncategorized

MalaysiaInternet: We are getting Bot attack from MCMC

- by scamboy

This morning, MalaysiaInternet server crashed as the it got flooded with malicious Bots.

Although the attack itself is not huge, our server crashed due to its limited resources. The attack appears to be similar to a Denial-of-service attack (DDoS attack), disrupting the server every time we restore it back online.

Together with IPServerOne, our web hosting company, we managed to keep MalaysiaInternet.my online since 9.30am.

One particular IP that caught my attention was coming from this IP- 103.222.236.147. The IP appears to belong to MCMC.

The attack from this IP (103.222.236.147) started around 5.40am this morning and ended exactly 5.47pm just now. This same IP were also flooding our server with small amount of Bots since 24 May 2018 but the server managed to stay online.

Here’s a screenshot of the attack:

MalaysiaInternet: We are getting Bot attack from MCMC 1

MalaysiaInternet: We are getting Bot attack from MCMC 2

The IP (103.222.236.147) was just one source of the attack. We noticed similar bots with IP address from ISPs such as V Telecoms (111.221.54.42), Digi, Maxis and Celcom. These malicious bots were sending hundreds of request per minute.

Most of these Bots were targeting one particular page on MalaysiaInternet forum which is a posting about MCMC- https://www.malaysiainternet.my/mwforum/topic/yb-gobind-investigate-mcmc-scandals-remove-mcmc-chiefs-part-1/

We have reported this to……..MCMC…….. and have yet to hear back from them.

—————————————————————————————

Update (26 May, 3.20pm): MCMC has denied the attack in an email this morning. It said, “The Malaysian Communications and Multimedia Commission (MCMC) has launched an immediate investigation upon receiving your complaint.Based on the investigation conducted, we found no suspicious activities that support your allegation that there is an attack originating from the MCMC corporate network. We will however, continue to monitor any traffic from our end to your website. If you are agreeable, we can also assist you further by working with the service provider monitoring traffic from your end.

MalaysiaInternet has decided to publish the logs of this attack, particularly from the IP 103.222.236.147 and from V Telcoms. PDF files below:

MCMC-Bot-1
MCMC-Bot-2
MCMC-Bot-3
MCMC-Bot-4
MCMC-Bot-5
MCMC-Bot-6
VTelecoms-Bot-1
VTelecoms-Bot-2