Busby SEO Challenge under enemy fire

Until now, Busby SEO Challenge was a funny contest, with two Busby teams challenging one against the other with fun. But changes seem to have happened on the Busby SEO Challenge those days, and not towards the good direction…

Those who have followed the Seocontest2008 SEO Challenge, have heard that our page had been hacked by someone, and defaced at this time. This demonstrated us that either some people really disliked Seo challenges, or that the Challenge pole position, could be aimed by jealous people.

Things seem to go on, on the Busby SEO Challenge, because since a few days, someone (probably several people) is attacking our Sphereteam Busby site, in different ways :(

Three weeks ago, a Busby SEO Challenger of our team noticed that our server logs were showing weird and unhappy commands, that were supposedly XSS attacks. Our Busby SEO Challenge page was on 1st position at this time, and we supposed this was a “natural” thing to attract jealousy and rancor since we already won the last SEO challenge… But the fact is that even while we are on the third position of Busby, we seem to keep frightening some people, as soon as our Busby is under attack, for several hours (a bad process which is still occurring while I speak, I guess)…

Indeed, yesterday evening, while I checked the server logs, just as a routine, I noticed that there were a lot of strange requests on our full site. The analytics service we use on our Busby also showed that our site was under a heavy and unusual activity. After having exposed this fact to the rest of the team, we think this activity represents an attempt to kill our server bandwidth, by executing aggressive and simultaneous loads on the server this Busby SEO Challenge is hosted on.
I say “simultaneous”, because, from the logs, it seems that several different IP, from different countries are doing the same requests, again and again, recursively… The effort seems major to down our site, but we still have no clue on who could be behind this attack.

Another really weird thing (and mostly what we don’t understand) is that within the different IP from whom come those attacks against our Busby SEO page, many are from France. From what we analyzed, even most of the requests were done from IP all over our country… There are also incoming requests from Germany, Belgium, NL, Spain, UK, etc., but also non-European countries like US or Japan. We are conscious that proxies could have been used to simulate IPs, but it seems that the original providers come from our own country (or try to make us believe that)… We have enemies around there, or people who don’t really appreciate what we do, in France, but none of us could have imagined that they could go that far !!

On former SEO contests, such as Sorcier Glouton, Tiger l’osmose or V7ndotcom, anti-contests activists (mostly from Europe and USA) had shown their disagreement towards SEO challenges, by doing really aggressive articles against competitors, by doing Google bombing against the contest organizers, or also many other ugly things, but I thought, all this was over. This could obviously not be the case after all…

Our response

Since on the last attacked we suffered, on Seocontest2008, from a leak in the Wordpress script (we guess), we now are attentive on being up-to-date with the latest version, to avoid being defaced again.
But this time, things are really different… We banned as soon as we noticed it, the IPs who were attacking us, but those seem to be numerous and this could be a long process.
They are trying to kill our bandwidth, the only good thing is that we have plenty of it (the bandwidth allowed for our Busby SEO Challenge is really huge, since we have it on our own server). Yet, we begin to be afraid of what could be their next move against us, because some of us think that all this request wave is just made to hide the real bad things…

After analyzed a part of the kilometer-long logs to our Busby SEO website, it appears that several bots are crawling or sucking repeatedly our whole site, but also that XSS or not-understandable commands were done in parallel. Some of them seem to aim WP vulnerabilities, and some seem to aim other more general security leaks on our server settings. Whatever, the bandwidth thing could be a kind of “red scarf” to attract our eye, and prevent us from seeing the real bad stuff. Well guys, we are not that naive, and what you do won’t work on our Busby SEO Challenge !!

The Busby SEO Contest ends in about 20 days… It’s a real shame that this challenge is dirtied this way, at the end. We know (hope ?) that our Busby website will manage to resist to all this crap, but many of us seem to be disappointed by such a way of doing, and consider not to participate to newer contests, if things keep evolving that way… What about the time were SEO contests were not implying money, or were just made to have fun and get friends. At this time, even if the rules were “there is no rule”, things happened in a better way. But now that SEO is such an important thing, and since there is money in balance, it appears that many as**oles are using all the baseness of their brain to sink competitor’s sites and motivation !

We still hope we will win this Busby SEO Challenge, but this may be our last participation as a team, if anti-contest, or other competitors still play such a dumb game. It’s a real shame !! :(

Good luck to our Busby, because we’ll win, whatever you do against us !

Edit @ 1:59am : One of the Sphereteam member made me a really interesting (yet not really reassuring) remark by noticing that Pogung’s site was down today, with a message showing “Bandwidth limit exceeded“. This is kind of a bad news, I guess.

I didn’t want to say it, but many amongst our team, thought that this attack against our Busby, could have been orchestrated by our main opponent : the Indonesian team. We thought that the French IPs were simulated to make us confused, as part of a psychological warfare strategy against us… But obviously, it’s not the case !

We know they are good enough, but to me, it appears clearly that they are not behind all this, since this would be impossible that they “shoot” their best chance, just for fun or to prove “I-don’t-know-what”… and I don’t think it could be just a coincidence !

Busby SEO Challenge under attack

So we seem to be both (or more) under the same attack, which is a premiere, I think. I personally checked (and asked other teammate to do it also) my page logs, to see if the attack was only aiming the Sphereteam’s Busby SEO Challenge page, or others too. My secondary page logs seem clean, which means that this massive attack is clearly aiming us (and Pogz too), but not all competitors.
What I don’t understand, is why none claimed being the author of this ? If this was an aggression from anti-contest people, I guess they would have claimed it, but it doesn’t seem to be the case yet.

So either they are frightened that we could strike back to their websites, or this is a competitor (who seem to have friends, anyway) or another team who really wants to prejudice our efforts to win. But whoever is behind this, he/they should consider stopping ASAP, because if we manage to know who did this, we’ll be a pain in your a*s, believe me ! (and besides, none of your efforts will prevent us to win)

If someone has a clue or idea about who could be behind this, just know that we would really be interested in getting it…
Busby

16 Comments

  1. 2k said,

    August 11, 2008 @ 11:51 am

    Amen

  2. bbmarket said,

    August 11, 2008 @ 2:52 pm

    Yes,
    This situation is really going on my nerves !!!!
    I don’t know who’s doing it but it’s maybe better…! Just hope this will stop !
    I have to think now…
    Eventhought, happy busby seo challenge to all the contestants !

  3. Maia said,

    August 12, 2008 @ 1:50 am

    Old trick my friends.. :-)

  4. Spyke said,

    August 12, 2008 @ 4:28 am

    Good Luck!

  5. Piolo said,

    August 12, 2008 @ 11:44 am

    Good Luck to you!

  6. Adipti said,

    August 12, 2008 @ 12:49 pm

    Someone who did this is really wrong. He or she should do fair SEO work to win… not like war. Please find and make him learn something.

  7. AloChris said,

    August 13, 2008 @ 3:01 am

    Nice Post. this is a great blog…love it.. thanks!

  8. Tomas said,

    August 14, 2008 @ 12:49 am

    Is the attack against your site still processing now, or has it stopped ?
    Apparently, Pogun177 page shows he has suffered from the same kind of treatment. I really hope for you that you site will resist ! Some people are really not fairplay :(

  9. Pogung177 said,

    August 14, 2008 @ 10:03 am

    Don’t worry I’m fine here

  10. Indonesia team said,

    August 14, 2008 @ 8:33 pm

    Can you show us some statistic of the attacks on your server…?
    It seams that other teams from Indonesia that get this attack is really getting it with some screen shot prove… Can you provide yours so some of us will not keep assuming that actually you are the mastermind behind this attack…

  11. vince said,

    August 15, 2008 @ 4:43 am

    I guess your competitor has been hacked : -http://www.pogung177.com/aussie/

  12. Eclipsis said,

    August 15, 2008 @ 3:14 pm

    Tomas > The attacks are still happening, but they are a bit less intense, since a few hours. But this may be because we filtered a lot of IPs… Thanks for your concern ;)

    Pogung > Cool for you. We wouln’t like the idea of anyone could say that he/she fail to win just because he has been hacked. If we win, it will be only because we have the skills to do it, not because some assh*le managed to shoot down one of our adversary. I’m sure you’d feel the same, if we are kicked down, your victory wouldn’t be as great. So, believe me when I tell you I’m glad such a dumb attack didn’t affect anyone among both of us ;)
    The fact we both resist to this crap, just shows to the bastards behing this, that we both just don’t give a damn about their #*$@&# methods…

    Indonesia team > Well, your insinuations are not that welcome. For us, it is not that clear who could be behind this. Activists or anti-contests haven’t claimed being behing this sabotage operation against us, which could mean all this comes from someone in the contest. We just wanted to tell you that it is not because one of your site has been “apparently” down for a few hours, and with “so-called” screenshots, that it doesn’t mean to us that you are innocent… Many among us think all this could be an intox operation, where you made clues (the stats on Dwi’s site could be a fake, who could know, same as the customized error messages – most of the time, when your bandwidth is out, you cannot put a custom message, besides, it’s surprising to us that a site’s BW could be killed that quickly… So to us, nothing says everything is just a fake, and that you all are bluffing, trying to be “cleared” of any suspicion… We both know that IP could be simulated, and that French IP are extremely common for proxies, so we are not convinced by the fact the attacks are really coming from France.
    I guess we’ll never know if you were behind all this, or if it is another competitor who is trying to turn us one against the other, but trust me, there is no proof that could grant us that YOU are not the masterminds.
    And I guess that even when we’ll provide you some, you will keep saying that you are not convinced…

    About what you asked (the screenshot), we cannot provide it, because of the French law. The CNIL organization forbids websites to publish personal informations about visitors (including IPs). Besides, we could have problems with Orange (the major ISP in France) if we reveal IPs that belong to them. So we can publish a screenshot showing the bandwidth “peak”, but nothing more.
    Besides, as many other people in the team say : we don’t give a damn about what you could think, and we don’t have anything to prove to anyone, we know what we did or didn’t do…
    Sincerely, if it was not a strategic (”bastardic”) action from you, I really hope that one day, we’ll determine who is the mastermind of all this, and join our skills to kick their ass ;)
    Good luck, and believe me, attack or not against or site, we will win this one too :)

  13. cebu said,

    August 16, 2008 @ 9:18 pm

    Honestly is the best policy for SEO as well! :)

  14. Pogung177 said,

    August 17, 2008 @ 10:54 am

    … Do you thing … my stats are fake ? LOL

  15. kabonfootprint namin said,

    August 18, 2008 @ 8:14 am

    nice one your in the top now… cheer… i hope i can do that….

  16. bertimus said,

    August 18, 2008 @ 9:03 am

    @ Pogung177 : No, it’s absolutely not what he said.

RSS feed for comments on this post