Lowyat.NET forums have been under Denial-Of-Service (DOS) attack since noon time today. Forum admin se7en posted the following Facebook messenger exchange with the hacker with the name “Muhd Fahmi”, hinting that the forum admin might have gotten personal details of the hacker with a link to the hacker’s personal Facebook profile page (which has just been taken down).
Somebody gonna be in the balai soon whistling.gif
https://www.facebook.com/profile.php?id=100008886105888
se7en later clarified that the Facebook exchange on ad inquiry happened last year in response to question “How did that evolve from normal advert inquiry to full bot net attack?”
The enquiry was last year
Downtime was a lot longer as the attack was encrypted on https. We had to first ascertain whether it was really an attack, or just a traffic spike. Wasn’t aware of the FB message till much later as the Lowyat FB account is handled by the Editorial team.
A forum user, C-Fu, asked:
so that “haxor” is Swordfish?
selling random gift cards
zenmate vpn
To which Lowyat admin se7en confirmed:
Yes.
He thinks he is hiding behind a VPN. But we have his IP records for the past 9 years long before he became a Zenmate VPN reseller.
Another forumer, tuo850, asked:
so is it a hack or a ddos?
Lowyat admin se7en provided more details:
https://pictr.com/images/2017/05/02/H6HH2.jpg
It was a botnet attack using compromised servers via https. Mostly outside of Malaysia.
Lots of cookies were wasted. Cookie monster is not happy.
AceJunior:
https://archive.fo/UXBEN
https://archive.fo/V0gFu
https://archive.fo/Oy9M0
https://archive.fo/Z2qUD
https://archive.fo/jpNfP
https://archive.fo/vVJn9
kerolzarmyfanboy:
i have something better for u bro…hope it helps…
here’s his CIMB acc, got it from his past fraud carding sale post in FB
https://pictr.com/images/2017/05/02/H6cOj.jpg
So was Muhammad Khaidir Fahmi Bun Sekeeri the hacker behind this DOS traffic attack?
Botnet Is Real: Forum Lowyat.NET ‘Dijatuhkan’ Oleh Botnet ACE-ZEUS
Seawal jam 11 pagi lagi omghackers menerima maklumat dari individu yang mendakwa beliau akan ‘menjatuhkan’ (take down) forum Lowyat.NET dengan menggunakan botnet.
Botnet yang beliau namakan sebagai ACE-ZEUS itu nampaknya berkesan menjatuhkan forum tersebut dalam tempoh beberapa minit sahaja.
Berikut adalah tangkap layar lebih kurang pukul 11 pagi tadi.
Ini pula adalah tangkap layar beberapa minit selepas kami dihubungi.
Ditanyakan apakah motif beliau, katanya ia adalah disebabkan moderator forum yang mengenakan harga iklan yang terlalu tinggi. Berapakah jumlahnya biarlah ia menjadi rahsia, namun boleh dikatakan agak tinggi juga meskipun diakui ahli forum tersebut sangat ramai serta menjadi tempat kunjungan mereka yang meminati teknologi semasa.
Apapun, kita tunggu apakah nanti ada perbincangan positif antara kedua belah pihak.
Penafian: Kami dari omghackers.com hanya menerbitkan artikel sahaja. Kami tidak menyebelahi mana-mana pihak. Kami berkecuali dan hanya bersikap menyampaikan berita. Terima kasih.
Source: OMG! Hackers?
Lowyat.NET forum admin se7en:
So many comments and still so much confusion.
As i have said before, it was a denial of service attack, not a ‘hack’. The attacker made the obvious threat of the attack before he did it via our FB.
A DOS attack is targeted at our servers, and basically jams up the connection via thousands of bogus requests. Think of it as Hari Raya eve at the PLUS highway toll with thousands of extra ghost cars that try to get on the highway.
In this case the extra connections come from thousands of infected drone PC’s from all over the world. We saw a lot of connections coming from local IP’s as well, so if you were not able to access the site during the DDOS mitigation, you might want to check if your device is compromised.
We had excellent help from our provider IPSERVERONE during the attack, and this minimized downtime for the majority of the legitimate traffic that was accessing the forums.