Until now, Busby SEO Challenge was a funny contest, with two Busby teams challenging one against the other with fun. But changes seem to have happened on the Busby SEO Challenge those days, and not towards the good direction…
Those who have followed the Seocontest2008 SEO Challenge, have heard that our page had been hacked by someone, and defaced at this time. This demonstrated us that either some people really disliked Seo challenges, or that the Challenge pole position, could be aimed by jealous people.
Things seem to go on, on the Busby SEO Challenge, because since a few days, someone (probably several people) is attacking our Sphereteam Busby site, in different ways
Three weeks ago, a Busby SEO Challenger of our team noticed that our server logs were showing weird and unhappy commands, that were supposedly XSS attacks. Our Busby SEO Challenge page was on 1st position at this time, and we supposed this was a “natural” thing to attract jealousy and rancor since we already won the last SEO challenge… But the fact is that even while we are on the third position of Busby, we seem to keep frightening some people, as soon as our Busby is under attack, for several hours (a bad process which is still occurring while I speak, I guess)…
Indeed, yesterday evening, while I checked the server logs, just as a routine, I noticed that there were a lot of strange requests on our full site. The analytics service we use on our Busby also showed that our site was under a heavy and unusual activity. After having exposed this fact to the rest of the team, we think this activity represents an attempt to kill our server bandwidth, by executing aggressive and simultaneous loads on the server this Busby SEO Challenge is hosted on.
I say “simultaneous”, because, from the logs, it seems that several different IP, from different countries are doing the same requests, again and again, recursively… The effort seems major to down our site, but we still have no clue on who could be behind this attack.
Another really weird thing (and mostly what we don’t understand) is that within the different IP from whom come those attacks against our Busby SEO page, many are from France. From what we analyzed, even most of the requests were done from IP all over our country… There are also incoming requests from Germany, Belgium, NL, Spain, UK, etc., but also non-European countries like US or Japan. We are conscious that proxies could have been used to simulate IPs, but it seems that the original providers come from our own country (or try to make us believe that)… We have enemies around there, or people who don’t really appreciate what we do, in France, but none of us could have imagined that they could go that far !!
On former SEO contests, such as Sorcier Glouton, Tiger l’osmose or V7ndotcom, anti-contests activists (mostly from Europe and USA) had shown their disagreement towards SEO challenges, by doing really aggressive articles against competitors, by doing Google bombing against the contest organizers, or also many other ugly things, but I thought, all this was over. This could obviously not be the case after all…
Since on the last attacked we suffered, on Seocontest2008, from a leak in the Wordpress script (we guess), we now are attentive on being up-to-date with the latest version, to avoid being defaced again.
But this time, things are really different… We banned as soon as we noticed it, the IPs who were attacking us, but those seem to be numerous and this could be a long process.
They are trying to kill our bandwidth, the only good thing is that we have plenty of it (the bandwidth allowed for our Busby SEO Challenge is really huge, since we have it on our own server). Yet, we begin to be afraid of what could be their next move against us, because some of us think that all this request wave is just made to hide the real bad things…
After analyzed a part of the kilometer-long logs to our Busby SEO website, it appears that several bots are crawling or sucking repeatedly our whole site, but also that XSS or not-understandable commands were done in parallel. Some of them seem to aim WP vulnerabilities, and some seem to aim other more general security leaks on our server settings. Whatever, the bandwidth thing could be a kind of “red scarf” to attract our eye, and prevent us from seeing the real bad stuff. Well guys, we are not that naive, and what you do won’t work on our Busby SEO Challenge !!
The Busby SEO Contest ends in about 20 days… It’s a real shame that this challenge is dirtied this way, at the end. We know (hope ?) that our Busby website will manage to resist to all this crap, but many of us seem to be disappointed by such a way of doing, and consider not to participate to newer contests, if things keep evolving that way… What about the time were SEO contests were not implying money, or were just made to have fun and get friends. At this time, even if the rules were “there is no rule”, things happened in a better way. But now that SEO is such an important thing, and since there is money in balance, it appears that many as**oles are using all the baseness of their brain to sink competitor’s sites and motivation !
We still hope we will win this Busby SEO Challenge, but this may be our last participation as a team, if anti-contest, or other competitors still play such a dumb game. It’s a real shame !!
Good luck to our Busby, because we’ll win, whatever you do against us !
Edit @ 1:59am : One of the Sphereteam member made me a really interesting (yet not really reassuring) remark by noticing that Pogung’s site was down today, with a message showing “Bandwidth limit exceeded“. This is kind of a bad news, I guess.
I didn’t want to say it, but many amongst our team, thought that this attack against our Busby, could have been orchestrated by our main opponent : the Indonesian team. We thought that the French IPs were simulated to make us confused, as part of a psychological warfare strategy against us… But obviously, it’s not the case !
We know they are good enough, but to me, it appears clearly that they are not behind all this, since this would be impossible that they “shoot” their best chance, just for fun or to prove “I-don’t-know-what”… and I don’t think it could be just a coincidence !
So we seem to be both (or more) under the same attack, which is a premiere, I think. I personally checked (and asked other teammate to do it also) my page logs, to see if the attack was only aiming the Sphereteam’s Busby SEO Challenge page, or others too. My secondary page logs seem clean, which means that this massive attack is clearly aiming us (and Pogz too), but not all competitors.
What I don’t understand, is why none claimed being the author of this ? If this was an aggression from anti-contest people, I guess they would have claimed it, but it doesn’t seem to be the case yet.
So either they are frightened that we could strike back to their websites, or this is a competitor (who seem to have friends, anyway) or another team who really wants to prejudice our efforts to win. But whoever is behind this, he/they should consider stopping ASAP, because if we manage to know who did this, we’ll be a pain in your a*s, believe me ! (and besides, none of your efforts will prevent us to win)
If someone has a clue or idea about who could be behind this, just know that we would really be interested in getting it…