I’m assuming you’ve noticed over the past few days that anime-related sites mainly to do with pirating are being attacked which is resulting in downtime. The current sites which are currently experiencing this are: Haruhichan, Nyaa, Tokyo Toshokan and AnimeTake. The websites are / were being attacked and taken down by DDoS / DRDOS.
On the 30th of August we received an email from one of our host providers stating that our one of our server’s IP has been put into a mitigation infrastructure to attempt to stop the DDoS attack that we were experiencing. Note that I didn’t notice this right away until multiple users reported problems about accessing the site and its poor performance. We started to experience the attack on the 28th of August.
I decided to look into it and did a trace route on the IP, as the above stated we were actually put behind multiple firewalls to try and filter out the DDoS.
Server 1 chilling in the mitigation infrastructure
This resulted in poor performance on the website as well as downtime which is very stressful and time consuming.
After switching servers back and forth and trying to figure out how to counter this problem, we finally found a solution which we have passed onto most webmasters in the anime community (Nyaa, HorribleSubs, AnimeTake etc). As a result of this, one of our servers had about 8-hours downtime in the process due to the fact it took the 2nd big wave of the attack which Tokyo Toshokan estimated to be 25Gbps+.
Poor server, didn’t stand a chance.
Well at least it’s up now.
This image is fake according to users and not being able to find the attack on the Digital Attack Map website.
After seeing Geektoku‘s tweet I decided to do a little bit of research using the Digital Attack Map website and on the dates we were suffering poor performance and switching between 6 different servers located in different areas of the world to try and mitigate the attack to bring our site back online.
DDoS while in the mitigation infrastructure
Before our IP was put into a mitigation infrastructure.
As the above image states; while we were in the mitigation infrastructure the DDoS was originating from Japan. Lets not point fingers at the Japanese Government now, it could be anyone in Japan or someone who has servers located in Japan but is located somewhere else in the world.
We kept switching servers located all around the world to try provide false targets so we could gain access back to one of our servers. We decided to switch to a USA server to host the website, the moment this happened, we were instantly attacked which caused poor performance / random outage on the website.
Japan to United States
We were getting hit multiple times to the same IP of the server which was hosting the website at the time and it resulted in us not having access to the server for a while.
You can’t keep us down.
When all is considered; I personally don’t believe the Japanese Government or any anime industry have anything to do with the attack. I believe someone is trying to start a conspiracy with the MAG Anti-Piracy Campaign recently going live. The attack did originate from Japan for us. We just don’t know who did it.
Inb4 people still go around panicking about the Japanese Government attacking.
DAO PLS IT WAS THEM!!!
OPEN YOUR EYES!!!!!1
Nope, I refuse to believe without proof.
Dao are you going to put jihyo everywhere pls
ji hyo is the goddess wtf m8
Dao, I commend you in your principle to oppose the notion of specific
government involvement without solid proof; however denying such
involvement without proof is also invalid. Restoring the service is what
matters.
Caio, to think that official government organisations
do not partake in DDoS attacks is naive. The anime community is a soft
target; unlike a cyber defense / intelligence organisation. Hitting a
torrent distribution site is unlikely to bring heavy international
repercussions or even as much public outrage despite DDoS bearing the
same weight as criminal acts in some sovereign states. For an excellent
overview (but slightly outdated) on the legality of DDoS please refer
to:
http://resources.infosecinstitute.com/legality-ddos-criminal-deed-vs-act-civil-disobedience/
A
shady government organisation wanting to test a new DDoS methodology
(how effective is the saturation of bandwidth, test server overload,
traceability of attackers) is far better suited to test such attack on a
soft target.
With all that taken into consideration, accusing
any particular government without proof is unwise and cause unnecessary
hurt to the good people of said country.
Have a lovely day everyone
All this is doing is slowing down new TV anime availability. I just finished D/L Hanayamata ep. 10. Unfortunately no Zankyou No Terror this week probably because the original subbers webpage is down? Or my MP4 re-encode provider hasn’t gotten around to re-encoding it. I get all MP4 re-encodes anyway and this situation is not effecting me. It effects all the people who whine about the best quality available. If you can still manage to get your anime then don’t panic. Besides, why are grown men complaining about scarce free anime? I can understand that it’ll effect those who live and breathe anime 24/7, but come on, you must have other things to do to balance out your life. Take this time and do some damn exercise for once.
There’s no Zankyou no Terror this week because it was rescheduled. Episode 8 will come out on 9/4 and episode 9 will come out on 9/11
A few other anime series are also delayed: http://haruhichan.com/wpblog/24006/delayed-summer-2014-anime/
Thanks for the technical explanations. I hope more people read this and stop playing the blame game to vent their frustration.
I don’t think this the work of Japanese Government, even if the JG did I’m sure they wouldn’t focus their attacks on anime sites only, remember there are also tokusatsu and jdrama sites as well…
I don’t believe people are seriously thinking it’s the Japanese Government. First of all, it’s ridiculous for an official government organ resort to such means. Embarrassing, even.
And I really doubt any serious anti-piracy program would consist of DDOS attacks. They’re bothersome, but do nothing in the long run. The torrents can still be accessed via magnet links, and of course the subbing groups are not scared and can just use IRC or Dropbox for the time being. If this has anything to do with Japanese Government at all, it’s just a petty scare tactic, wich is absolutely baffling. Like I said, embarrassing.
I don’t want to believe any serious government would subject itself to play fool like this.
OBS: Sorry for my bad English. I’m sleepy.
It maybe embarrassing for a local government, but if they are dealing with the globe outside its territory, it makes some sense.
Umm what about MAL ? is this means got attacked too ?
MAL gets hacked every 6-months or so. What happened to MAL has nothing to do with the current DDoS’n etc.
It’s russia
It’s always Russia fault.
no blame canada
Don’t blame Canada! I’m affected by this too.
Block all the Japanese people, they want to keep everything for themselves > <
That’s not such a good thing to say. Just as they said, it MAY NOT be a Japanese, just someone using a Japanese server…
Or because you pirate them too much.
[…] menyadari adanya gangguan akses yang terjadi beberapa hari terakhir. Seperti dilansir oleh Swaps4 gangguan tersebut disebabkan oleh serangan DDOS dari IP […]
Kiddo wanna see Really what’s happening….. Check here AND SEE WELL http://map.ipviking.com/ How many attacks coming from Japan. and it seems you didn’t research about it at all. I know DDos i do them sometimes.
here are simply thing you shall notice Japan has world’s most fastest Internet with 2Gbps speed fiber optics for homes. By looking at it it REALLY makes sense… what could be the speed that government has access.
In that site i gave you most of attacks that coming from japan is target to ”Domain”
Speaking of DDos..it’ll suck lots of internet’s speed. More importantly Japanese government won’t negotiate with Anime-Manga Pirate sites.
Oh, your comment is still here. I thought you deleted it. I’ll keep it here since it’s amusing.
Oh…Wow it’s the mod the guy who knows everything. What if this whole post Dao made wrong. HorribleSubs also got the attack routed from japan. Same as everyone got. And MAGP has already announced this last month and they even made a list full of fucks…. . Are you waiting for Japanese Gov come to you and say ”Hey We hacked AnimeTake and other free anime sites.”
I know HorribleSubs got attacked. Me and my staff were the ones who helped them back online. Dao shares the same thought as me: Japanese Government have NOTHING to do with it. Unless you have some type of proof to back up your claim that they did it.
The list you’re talking about was based on 2-year old data.
Hmmm….then whatever man.
I thought about it again. If you’re right. Attacker could be from China.
he/they could have changed the IP into Japan IP and started DDoS. What made think this is cuz this whole thing MAGP is about ”560 billion yen loss estimated in the past year in China”
Username: Anime’Boy’
First word of the post: Kiddo.
I don’t even.
Hey Master of DDoS? why won’t you teach me?
I’m not master of DDoS. lol if you want to do DDoS Download ”ByteDOS” and run it as administrator. Sometimes it’ll say it has virus, but, don’t worry it’s not a that much powerful virus which’ll destroy you’re computer. Hide your IP before everything.
That DDoS superparty might actually have been a good thing, since more people discovered XDCC.
Torrents are so last century, at least as a first option.
Out of curiosity, how much Gbps did HC had to deal with?
We dealt with the 2nd wave of 25Gbps just like TT. It took our server and hoster offline for a brief moment but the server didn’t come back until 8 hours later.
We’re still currently expierencing it and the site is awfully slow at times but we’re trying our best to mitigate it.
I think technologically you have it backwards
Torrents are last decade, but IRC/XDCC is last century.
Aha, yea probably
I was talking about the practical side of XDCC (fast, simple, quite anonymous, etc) compared to torrents. Well, everyone will have his/her own views about this.
It’s the “anonymous” part that worries me. It’s pretty easy to figure out where an XDCC bot is running, and it’s trivial to know who’s connected to an IRC channel (as in, actual traceable IP addresses). Granted, people running the bots know how to cover their traces a little better, but your own anonymity as a user depends only on the fact that the system is not well-known enough. A sudden surge in popularity would be… pretty dangerous indeed, IMHO.
Yea, you have to trust the bot you are downloading the data from to properly handle your privacy, since the XDCC protocol has no end-to-end encryption (as far as I know). Limiting your XDCC to a small list of trusted bots is the best solution, along with an SSL connection to the IRC network (Rizon is one of the few that actually supports this), as well as an IP mask (almost always available on IRC networks).
What I like the most though, is that XDCC is a one to one exchange, thus heavily narrowing the number of entities who know what you are downloading.
But it is no more p2p (in wide range) and thus slows down your download rate.
Most XDCC bots are hosted on dedicated servers with fast connections (gigabit etc).
Give us the IPs so we can nuke them, it’s time to counter attack
If you nuke the IPs you’ll be nuking people who probably aren’t even aware that their computer has been taken over, since a DDoS can consist of servers and computers that don’t even know what’s going on. Plus it’s not really that ethical to ‘fight fire with fire’.
Maybe someone that confused with weeaboos must be responsible for the attack. Sorry for my bad English. I’m Indonesian.
That’s no excuse for being bad at English.
[…] in JP but the JP government is highly unlikely to be behind it. Here's a very detailed post: http://swaps4.com/why-and-who-is-att…ated-websites/ […]
[…] sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, […]
[…] sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, […]
[…] sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, […]
[…] sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, […]
[…] concerned within the unauthorized sharing of anime have been focused by DDoS-type assaults. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake have been underneath assault from assailants […]
[…] concerned contained in the unauthorized sharing of anime have been focused by DDoS-type assaults. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake have been beneath assault from assailants […]
[…] (disedari pada hari Sabtu yang lalu) adalah termasuk Nyaa, HorribleSubs, serta AnimeTake. Menurut satu analisis, vektor serangan ialah dalam bentuk Distributed Denial of Service (DDoS) dan juga Distributed […]
[…] (disedari pada hari Sabtu yang lalu) adalah termasuk Nyaa, HorribleSubs, serta AnimeTake. Menurut satu analisis, vektor serangan ialah dalam bentuk Distributed Denial of Service (DDoS) dan juga Distributed […]
[…] several sites concerned in a unapproved pity of anime have been targeted by DDoS-style attacks. Swaps4 reported that Haruhichan, Tokyo Toshokan and AnimeTake were underneath conflict from assailants […]
[…] Excerpt from: Why and Who Is Attacking Anime-Related Websites? | Swaps4's crap […]
It’s just boats from some dude.
When I was in Japan, they still running Windows XP back in 2007/2008 when Windows 7 and Vista was already out.
It wouldn’t be weird when I say that they probably didn’t keep their computers up2date.
On another note, the attack was a DNS amplification attack, at least, most of the traffic was cause of DNS amplification.
So they probably abused some of the DNS services they use in Japan for the attack.
Could be anyone.