DDoS attacks and Attention Required Issue

Wrick Daz · Dec 9, 2016

So I am using this IP for the past 4-5 years and have never been harassed this way. Everytime I open a website I see this message: "Attention Required!Cloudflare..One more step. Please complete the security check to access extratorrent.cc " . I have attached some pictures. I have no idea what is going on. Everytime I whitelist my IP, it gets blacklisted within a few days.Please help me out with this issue.

https://drive.google.com/open?id=0B_9fctTJCOBqd25oQjQ4dTRMVkU

https://drive.google.com/open?id=0B_9fctTJCOBqOGF6V0xKMHlWV28

https://drive.google.com/open?id=0B_9fctTJCOBqOFZyVDFxYXFUU1U

dgingeri · Dec 9, 2016

Try running wireshark on your network to see if you can find what system is sending that mail or ddos traffic.

https://www.wireshark.org/

greens · Dec 9, 2016

My firewall blocks all IPs coming from India

The website in question likely does something similar, they block based on geography. It is weird that your specifically white listed IP would be compromised... the only logical explanation is you're using a shared VPN to hide your torrent use.

Wrick Daz · Dec 9, 2016

I have a router connection at home and I am using this IP for the past 4-5 years as i mentioned and have never used any VPN client. Just a few hours ago I was able to open extratorrent without any problem and now this error popped up on trying to open extratorrent ( not only extratorrent, almost all websites). I have no ideas about what is going on. Yes I download torrent through uTorrent (no proxy, no VPN).

As per their records my ip was whitelisted 3 times and delisted 2 times. When I called my ISp, they were a bunch of idiots I was talking to as after I said DDoS attack, they said its my router's problem and told me to make a direct line and disconnect the router.

greens · Dec 9, 2016

Again, active IPs from India get banned, its an unfortunate fact. It sounds like a lot of the sites you're visiting are US/EU based. Maybe they can tell you WHY it was delisted? That would give you a clue.

Call your ISP, don't mention anything, and just request a new IP. Don't give them a reason, just request a new IP. Hopefully they give you a dramatically different one that isn't included in any range of blocked IPs.

dgingeri · Dec 9, 2016

I had an issue a few years ago with Comcast. I received two notices that my account would be suspended unless I stopped sharing pirated movies. I knew it wasn't me, so I looked into my router and found someone had hacked my wireless security and was using my wireless, probably the one sharing the pirated movies. So, I changed my wireless password and SSID. He got back on within a day. I changed out my wireless router entirely, and he managed to get back on within another day after that. Turned out he was hacking my wps feature on my router. So, I turned off the wireless entirely and added a small business access point without wps to finally cut him off.

It is not necessarily you that they are banning. It could be someone who got on your network.

greens · Dec 9, 2016

I think it is important to realize it isn't YOU making the attacks, it may not even be people serviced by your ISP, but rather India in general. It is easier to ban an entire country than deal with constant bogus traffic

Wrick Daz · Dec 9, 2016

Nope bro, they are not displaying why it was delisted. They just saying that my ip is detected as a mail server and DDoS attacker. In India, specifically in my areas, all our IPs are Static IPs and taking a new IP we will have to pay a lot of money almost equal amout of that when I took the connection.(around approx Rs 3000 or $43 ) ..

Wrick Daz · Dec 9, 2016

dgingeri, thanks for replying but I dont think it is the issue as I checked my router several times and I see only my Mobile's connection to the router and no-one else's.

Solandri · Dec 9, 2016

What dgingeri said. You're assuming your problems are being caused by an external actor somehow targeting you. The message you are seeing is consistent with a system on your network being compromised and joining a botnet. You are the one spamming and DDoSing other people, not the other way around.

Run virus and malware scans of all computers on your network. If you've got network traffic monitoring tools (even if it's as simple as unplugging ethernet cables to see if the rate the lights blink on your router/switch decreases), use them to try to figure out which computer(s) are generating large amounts of traffic when they should have no network activity. If you have WiFi routers, try temporarily disabling WiFi for a few days to see if the problem computer(s) is connected via WiFi or you have an intruder using your network without your authorization.

Firewalls are useless here as the problem is a computer(s) already in your LAN accessing the Internet at large. Not someone on the Internet trying to access your LAN.

Wrick Daz · Dec 9, 2016

Solandri, u may be right. I myself have not used any antivirus or formatted my PC for the past 1.5 years but yesterday I ran a scan and found 3 threads which were quarantined(they were game crack files). There are so many computers on my network and its almost impossible to scan all of them or detect which one generating more traffic activity as I have no traffic monitoring tools and neither I know about my neighbours what reason they are using the internet for...

dgingeri · Dec 9, 2016

Wireshark can show you all the network traffic, and you can narrow down the traffic through filters to show which IPs are sending mail packets. It's a pretty easy program to learn. Give it a try.

Search

DDoS attacks and Attention Required Issue

Wrick Daz

Distinguished

Solandri

dgingeri

Distinguished

greens

Splendid

Wrick Daz

Distinguished

greens

Splendid

dgingeri

Distinguished

greens

Splendid

Wrick Daz

Distinguished

Wrick Daz

Distinguished

Solandri

Illustrious

Wrick Daz

Distinguished

dgingeri

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page