Well, folks, it’s true. You just can’t make this shit up.
For the last week, we’ve been under constant attack here at EWOT from all over the place. It’s been a hell of a battle as well and it continues as I type this.
Now, if you’ll remember, we discussed the really lame attempts to hack the site by the Wotlabs idiots almost exactly a year ago. That was rank amateur shit that was flat out laughable, hence the post about it.
But this is different. Somebody has been working hard at attacking the site with SSL’s and DDoS while at the same time trying to back door their way into the admin login of the site, which is hidden from the general public for obvious reasons.
Now, I’m posting a dumbed down version of this shit so that everybody can get it with relative ease. Here we go:
There are basically several ways to go about hiding who you are on the internet:
- Working from behind a Proxy
- Working through a VPN
- Working via a cellular connection
- Running through a firewall provider such as Cloudflare
If you do that, most people wont be able to figure out who you are and where you’re located. But if you have a decent understanding of how shit works, then things are a bit different.
We have a script here that automatically tracks the path to every connection made to this site and logs it. Now what I did was add a filter to that script during the attack these last few days with three location flags in mind: Chicago based IP’s, Moscow based IP’s and Cyprus based IP’s. I think we all know the reasons for that without going into any detail.
I also flagged those locations to only post alerts of people attempting to log in as admin. I mean, there’s no point in logging 1000 bad browser attacks from a Chicago based IP.
You see, I once again assumed that some fucking moron would be stupid enough to think that I leave shit default and don’t enter custom names and passwords for everything and try logging in as admin here and that would put a big fucking dart on the map as to where they were located.
And guess what happened, folks! Go on…guess!
I flat out cold busted the fucking Wargaming office in Chicago for trying to hack us. The hack attempt just yesterday and again this morning came from IP 220.127.116.11. Here’s the shot of the notification I got:
Now if we take that IP and trace it, we can see that it ran through a Cloudflare server from a computer based in Chicago. Right here to be exact:
OK, so that in and of itself doesn’t really mean much until you look at exactly where Wargaming’s office in Chicago is located. It’s about a mile from that mark at 651 W Washington Blvd.
Now then, what we do is look not at the IP that someone is hiding behind that’s hiding shit, but the advertised IP that Wargaming uses every day for its server. That address is 18.104.22.168 and you find that IP traced to…well…THE SAME EXACT FUCKING PLACE!
Now that is one hell of a goddamned coincidence, is it not? Even so, one MIGHT be able to say it is exactly that: a coincidence.
UNTIL you really start doing some homework.
You see, Wargaming is using G Core Labs for all of its hosting World Wide. G Core Labs is actually a competitor of Cloudflare, so there’s no fucking way on God’s green earth that Wargaming would be using Cloudflare, or that their servers would be located in the same, exact fucking place.
That leaves basically two possibilities left:
- A random person that happens to live next door to the Wargaming office, or on it’s fucking roof or in it’s fucking basement, took it upon himself to pay for an extended multi-level SSL/DDoS attack against us while at the same time using a laptop running through Cloudflare to hide himself from us tried to log in to the admin area of the site and got blocked.
- A Wargaming employee at the Wargaming office used their own network while running through a Cloudflare account to try to hack our site during the attack they knew was going on because they paid for it hoping like hell they wouldn’t get caught.
Given Wargaming NA’s history of sending lawyers after us, sending their Wotlabs thugs after us, sending their official forum trolls after us and all the other bullshit they do, I’m going to go with number 2.
What do you think?
Now, there is in all of this yet another two possibilities:
- An employee at Wargaming REALLY hates our fucking guts and is using Wargaming’s servers to fuck with us without Wargaming’s knowledge because…well, shit, it’s not like they have any fucking clue what anybody is doing, is it?
- Wargaming fully planned, sanctioned and conducted the attacks.
Now that one is the hard one. I mean, part of me thinks that there’s simply no fucking way Wargaming is that god damned stupid. I mean, after I turn this all over to the FCC, if it comes to light that it’s number 2 and Wargaming knew about it and conducted the attacks, they’re fucking done. We’ll wind up owning their now worthless, defunct asses.
But if it turns out to be number 1, then some poor, hapless fucker is going to jail for about 12 years with a 3 year minimum and 10’s of thousands of dollars in fines.
Either way, somebody is probably going to get it right in the ass. Both figuratively and in all likelihood literally, eventually. (‘dem ly’s)