Why and Who Is Attacking Anime-Related Websites?

Posted by | Anime, Info | 60 Comments
  • 0
  • September 02, 2014

I’m assuming you’ve noticed over the past few days that anime-related sites mainly to do with pirating are being attacked which is resulting in downtime. The current sites which are currently experiencing this are: Haruhichan, NyaaTokyo Toshokan and AnimeTake. The websites are / were being attacked and taken down by DDoS / DRDOS.

On the 30th of August we received an email from one of our host providers stating that our one of our server’s IP has been put into a mitigation infrastructure to attempt to stop the DDoS attack that we were experiencing. Note that I didn’t notice this right away until multiple users reported problems about accessing the site and its poor performance. We started to experience the attack on the 28th of August.

OVH DDoS attack 2 OVH DDoS attack DDoS Protection email

I decided to look into it and did a trace route on the IP, as the above stated we were actually put behind multiple firewalls to try and filter out the DDoS.

server 1 tracert

Server 1 chilling in the mitigation infrastructure

This resulted in poor performance on the website as well as downtime which is very stressful and time consuming.

Downtime 1 Downtime 2

After switching servers back and forth and trying to figure out how to counter this problem, we finally found a solution which we have passed onto most webmasters in the anime community (Nyaa, HorribleSubs, AnimeTake etc). As a result of this, one of our servers had about 8-hours downtime in the process due to the fact it took the 2nd big wave of the attack which Tokyo Toshokan estimated to be 25Gbps+.

server chan tango down

Poor server, didn’t stand a chance.

Well at least it’s up now.

2ed583

This image is fake according to users and not being able to find the attack on the Digital Attack Map website.

After seeing Geektoku‘s tweet I decided to do a little bit of research using the Digital Attack Map website and on the dates we were suffering poor performance and switching between 6 different servers located in different areas of the world to try and mitigate the attack to bring our site back online.

Japan to Germany

DDoS while in the mitigation infrastructure

Japan to Luxembourg

Before our IP was put into a mitigation infrastructure.

As the above image states; while we were in the mitigation infrastructure the DDoS was originating from Japan. Lets not point fingers at the Japanese Government now, it could be anyone in Japan or someone who has servers located in Japan but is located somewhere else in the world.

We kept switching servers located all around the world to try provide false targets so we could gain access back to one of our servers. We decided to switch to a USA server to host the website, the moment this happened, we were instantly attacked which caused poor performance / random outage on the website.

USA server ddos

Japan to United States

We were getting hit multiple times to the same IP of the server which was hosting the website at the time and it resulted in us not having access to the server for a while.

USA server DDoS 2

You can’t keep us down.

When all is considered; I personally don’t believe the Japanese Government or any anime industry have anything to do with the attack. I believe someone is trying to start a conspiracy with the MAG Anti-Piracy Campaign recently going live. The attack did originate from Japan for us. We just don’t know who did it.

  • http://subarashii.me/ Dao

    Inb4 people still go around panicking about the Japanese Government attacking.

    • http://deci.moe/ そのたわごとのカワイイ、ダチ

      DAO PLS IT WAS THEM!!!
      OPEN YOUR EYES!!!!!1

      • http://subarashii.me/ Dao

        Nope, I refuse to believe without proof.

        • alewares

          Dao are you going to put jihyo everywhere pls

          • http://subarashii.me/ Dao

            ji hyo is the goddess wtf m8

    • Echo

      Dao, I commend you in your principle to oppose the notion of specific
      government involvement without solid proof; however denying such
      involvement without proof is also invalid. Restoring the service is what
      matters.

      Caio, to think that official government organisations
      do not partake in DDoS attacks is naive. The anime community is a soft
      target; unlike a cyber defense / intelligence organisation. Hitting a
      torrent distribution site is unlikely to bring heavy international
      repercussions or even as much public outrage despite DDoS bearing the
      same weight as criminal acts in some sovereign states. For an excellent
      overview (but slightly outdated) on the legality of DDoS please refer
      to:
      http://resources.infosecinstitute.com/legality-ddos-criminal-deed-vs-act-civil-disobedience/

      A
      shady government organisation wanting to test a new DDoS methodology
      (how effective is the saturation of bandwidth, test server overload,
      traceability of attackers) is far better suited to test such attack on a
      soft target.

      With all that taken into consideration, accusing
      any particular government without proof is unwise and cause unnecessary
      hurt to the good people of said country.

      Have a lovely day everyone

  • 12683

    All this is doing is slowing down new TV anime availability. I just finished D/L Hanayamata ep. 10. Unfortunately no Zankyou No Terror this week probably because the original subbers webpage is down? Or my MP4 re-encode provider hasn’t gotten around to re-encoding it. I get all MP4 re-encodes anyway and this situation is not effecting me. It effects all the people who whine about the best quality available. If you can still manage to get your anime then don’t panic. Besides, why are grown men complaining about scarce free anime? I can understand that it’ll effect those who live and breathe anime 24/7, but come on, you must have other things to do to balance out your life. Take this time and do some damn exercise for once.

  • Romancer Ecclesia

    Thanks for the technical explanations. I hope more people read this and stop playing the blame game to vent their frustration.

  • Ace Oraiz

    I don’t think this the work of Japanese Government, even if the JG did I’m sure they wouldn’t focus their attacks on anime sites only, remember there are also tokusatsu and jdrama sites as well…

  • Caio Esteves

    I don’t believe people are seriously thinking it’s the Japanese Government. First of all, it’s ridiculous for an official government organ resort to such means. Embarrassing, even.
    And I really doubt any serious anti-piracy program would consist of DDOS attacks. They’re bothersome, but do nothing in the long run. The torrents can still be accessed via magnet links, and of course the subbing groups are not scared and can just use IRC or Dropbox for the time being. If this has anything to do with Japanese Government at all, it’s just a petty scare tactic, wich is absolutely baffling. Like I said, embarrassing.

    I don’t want to believe any serious government would subject itself to play fool like this.

    OBS: Sorry for my bad English. I’m sleepy.

    • Jaa Laa

      It maybe embarrassing for a local government, but if they are dealing with the globe outside its territory, it makes some sense.

      • Alexander Martin

        Actually there has been this guy on yahoo called Empire, he thinks it all the jap govt or wants to make others believe it.

  • https://www.facebook.com/ilmi4850 Mizuhashi Yusuke

    Umm what about MAL ? is this means got attacked too ?

    • http://www.haruhichan.com/ Swaps4

      MAL gets hacked every 6-months or so. What happened to MAL has nothing to do with the current DDoS’n etc.

  • Tęczowy Wojownik

    It’s russia

    • ClockMaker

      It’s always Russia fault.

      • http://deci.moe/ Decimoe (◕‿◕✿)

        no blame canada

        • Quinlan M

          Don’t blame Canada! I’m affected by this too.

          • Kenoscope

            You mean it isn’t French Canada? Wow (grynn.)

  • Mi

    Block all the Japanese people, they want to keep everything for themselves > <

    • Some guy

      That’s not such a good thing to say. Just as they said, it MAY NOT be a Japanese, just someone using a Japanese server…

    • nab1x9

      Or because you pirate them too much.

  • Pingback: Duniaku Network – DDOS Masal ke Situs Anime, Siap Siap Nge-Rental DVD lagi()

  • AnimeBoy_007

    Kiddo wanna see Really what’s happening….. Check here AND SEE WELL http://map.ipviking.com/ How many attacks coming from Japan. and it seems you didn’t research about it at all. I know DDos i do them sometimes.

    here are simply thing you shall notice Japan has world’s most fastest Internet with 2Gbps speed fiber optics for homes. By looking at it it REALLY makes sense… what could be the speed that government has access.
    In that site i gave you most of attacks that coming from japan is target to ”Domain”

    Speaking of DDos..it’ll suck lots of internet’s speed. More importantly Japanese government won’t negotiate with Anime-Manga Pirate sites. 😛

    • http://www.haruhichan.com/ Swaps4

      Oh, your comment is still here. I thought you deleted it. I’ll keep it here since it’s amusing.

      • AnimeBoy_007

        Oh…Wow it’s the mod the guy who knows everything. What if this whole post Dao made wrong. HorribleSubs also got the attack routed from japan. Same as everyone got. And MAGP has already announced this last month and they even made a list full of fucks…. . Are you waiting for Japanese Gov come to you and say ”Hey We hacked AnimeTake and other free anime sites.”

        • http://www.haruhichan.com/ Swaps4

          I know HorribleSubs got attacked. Me and my staff were the ones who helped them back online. Dao shares the same thought as me: Japanese Government have NOTHING to do with it. Unless you have some type of proof to back up your claim that they did it.

          The list you’re talking about was based on 2-year old data.

          • AnimeBoy_007

            Hmmm….then whatever man.

      • AnimeBoy_007

        I thought about it again. If you’re right. Attacker could be from China. :) he/they could have changed the IP into Japan IP and started DDoS. What made think this is cuz this whole thing MAGP is about ”560 billion yen loss estimated in the past year in China”

    • http://anime2enjoy.com Syncro

      Username: Anime’Boy’
      First word of the post: Kiddo.
      I don’t even.

    • Xnameless

      Hey Master of DDoS? why won’t you teach me?

      • AnimeBoy_007

        I’m not master of DDoS. lol if you want to do DDoS Download ”ByteDOS” and run it as administrator. Sometimes it’ll say it has virus, but, don’t worry it’s not a that much powerful virus which’ll destroy you’re computer. Hide your IP before everything. 😛

  • http://neregate.com/blog Neregate

    That DDoS superparty might actually have been a good thing, since more people discovered XDCC.
    Torrents are so last century, at least as a first option.

    Out of curiosity, how much Gbps did HC had to deal with?

    • http://www.haruhichan.com/ Swaps4

      We dealt with the 2nd wave of 25Gbps just like TT. It took our server and hoster offline for a brief moment but the server didn’t come back until 8 hours later.

      We’re still currently expierencing it and the site is awfully slow at times but we’re trying our best to mitigate it.

    • http://lalomartins.info/ Lalo Martins

      I think technologically you have it backwards :-) Torrents are last decade, but IRC/XDCC is last century.

      • http://neregate.com/blog Neregate

        Aha, yea probably 😉
        I was talking about the practical side of XDCC (fast, simple, quite anonymous, etc) compared to torrents. Well, everyone will have his/her own views about this.

        • http://lalomartins.info/ Lalo Martins

          It’s the “anonymous” part that worries me. It’s pretty easy to figure out where an XDCC bot is running, and it’s trivial to know who’s connected to an IRC channel (as in, actual traceable IP addresses). Granted, people running the bots know how to cover their traces a little better, but your own anonymity as a user depends only on the fact that the system is not well-known enough. A sudden surge in popularity would be… pretty dangerous indeed, IMHO.

          • http://neregate.com/blog Neregate

            Yea, you have to trust the bot you are downloading the data from to properly handle your privacy, since the XDCC protocol has no end-to-end encryption (as far as I know). Limiting your XDCC to a small list of trusted bots is the best solution, along with an SSL connection to the IRC network (Rizon is one of the few that actually supports this), as well as an IP mask (almost always available on IRC networks).

            What I like the most though, is that XDCC is a one to one exchange, thus heavily narrowing the number of entities who know what you are downloading.

          • nab1x9

            But it is no more p2p (in wide range) and thus slows down your download rate.

          • http://www.haruhichan.com/ Swaps4

            Most XDCC bots are hosted on dedicated servers with fast connections (gigabit etc).

  • artins90

    Give us the IPs so we can nuke them, it’s time to counter attack

    • Vakt0

      If you nuke the IPs you’ll be nuking people who probably aren’t even aware that their computer has been taken over, since a DDoS can consist of servers and computers that don’t even know what’s going on. Plus it’s not really that ethical to ‘fight fire with fire’.

      • How About (Undead)

        Ethics don’t matter. It simply would be a worthless action seeing as these machines are zombies.

  • Zicho75

    Maybe someone that confused with weeaboos must be responsible for the attack. Sorry for my bad English. I’m Indonesian.

    • http://deci.moe/ Decimoe (◕‿◕✿)

      That’s no excuse for being bad at English.

  • Pingback: Problems with nyaa.se - Page 6()

  • Pingback: Anti-Piracy Outfit Denies DDoS'ing Anime Sites | TorrentFreak()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites - TorrentScene | TorrentScene()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites | LTTi.net Blog()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites | 8ii.in()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites | Best Apk Android Apps Games()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites | Android App Games Themes()

  • Pingback: Jepun Memulakan Operasi Terhadap Laman Anime Dan Manga Cetak-Rompak | Amanz()

  • Pingback: Jepun Memulakan Operasi Terhadap Laman Anime Dan Manga Cetak-Rompak - PautanPautan()

  • Pingback: Anti-Piracy Outfit Denies DDoS’ing Anime Sites |()

  • Pingback: Why and Who Is Attacking Anime-Related Websites? | Swaps4's crap | AnimeFan.org()

  • Power2All

    It’s just boats from some dude.
    When I was in Japan, they still running Windows XP back in 2007/2008 when Windows 7 and Vista was already out.
    It wouldn’t be weird when I say that they probably didn’t keep their computers up2date.
    On another note, the attack was a DNS amplification attack, at least, most of the traffic was cause of DNS amplification.
    So they probably abused some of the DNS services they use in Japan for the attack.
    Could be anyone.

  • Tyler Smith

    Someone built a botnet to bring down a small anime website…. Anyone else see how that’s a little embarassing…. What a f****** joke. If they want to risk 4+ years in prison for DOSing a hentai website then go for it, just shows how sad their life is. They got no power and try to compensate for something else they lack