This is what a Denial of Service attack looks like...

[Tiberius]

well isnt DDOS more "stronger" because it uses multiple computers,also it is harder to block because UDP's are send from multiple ip adders.

Well, it depends on the actual DoS method. If you just want to flood the server with packets (as was the case with us), then a DDoS will be stronger since more machines can generate and send more packets in a certain amount of time. However, if you are using a HTTP resource attack, then (depending on the server processing power and Internet connection) you could knock one offline with only one computer. An SQL based DoS can be performed with one computer, and (more impressively) only one packet. If the attacker can craft a HTTP request so that it injects SQL into a database query, making the database perform some horribly complicated calculation, it can cause the server to run out of memory and in some cases crash.

An example of a simple SQL injection that could do this is cross joining a table with itself multiple times. A cross join takes each row of one table and combines it with each row of the other. If you have a table with 1000 rows, and you cross join it with itself, you get a table of 1,000,000 rows. Repeatedly stringing cross joins together in the same query (or cross joining the result with itself, etc.) will create massive tables that the memory simply cannot hold, meaning processes of the machine lock up.

As for blocking them, if you have good enough software it doesn't matter if the attack is a single computer DoS or a multiple computer DDoS, since it will detect and block the IPs one by one.

[Phish]

well isnt DDOS more "stronger" because it uses multiple computers,also it is harder to block because UDP's are send from multiple ip adders.

Well, it depends on the actual DoS method. If you just want to flood the server with packets (as was the case with us), then a DDoS will be stronger since more machines can generate and send more packets in a certain amount of time. However, if you are using a HTTP resource attack, then (depending on the server processing power and Internet connection) you could knock one offline with only one computer. An SQL based DoS can be performed with one computer, and (more impressively) only one packet. If the attacker can craft a HTTP request so that it injects SQL into a database query, making the database perform some horribly complicated calculation, it can cause the server to run out of memory and in some cases crash.

An example of a simple SQL injection that could do this is cross joining a table with itself multiple times. A cross join takes each row of one table and combines it with each row of the other. If you have a table with 1000 rows, and you cross join it with itself, you get a table of 1,000,000 rows. Repeatedly stringing cross joins together in the same query (or cross joining the result with itself, etc.) will create massive tables that the memory simply cannot hold, meaning processes of the machine lock up.

As for blocking them, if you have good enough software it doesn't matter if the attack is a single computer DoS or a multiple computer DDoS, since it will detect and block the IPs one by one.

oh man i cant compare to you. Did you studied computers?

also i tried to manual SQL some sites,but when i found the admin pass and username i didnt found the login.

But i think that atheistforums doesnt have any vuln.? Or you can always check with http://www.acunetix.com/

but again in the end,who is so stupid to even ddos or dos this site?

[Tiberius]

oh man i cant compare to you. Did you studied computers?

Three years studying a Computer Science BSc. Two years studying a Information Security MSc. Now I work as a penetration tester, so hacking is my entire job.

also i tried to manual SQL some sites,but when i found the admin pass and username i didnt found the login.

Be careful; unless you've got permission to go fucking around with sites, this kind of action is illegal. If you want to mess around with hacking, either set up your own box, or use sites like Hack This Site.

But i think that atheistforums doesnt have any vuln.? Or you can always check with http://www.acunetix.com/

Atheist Forums doesn't have any vulnerabilities that I know about. I regularly update the server software, and SSH access is tightly controlled. I run scans with Nessus to check for vulnerabilities I've missed.

but again in the end,who is so stupid to even ddos or dos this site?

People out for 15 minutes of fame? We got DoS'ed before on our old server, which was pathetically powerless compared to our current setup. This was a far more intense DoS attack and it didn't really take the site down; it just made it a bit slow. We run nginx instead of Apache, so it can handle massive amounts of requests. If we were still on Apache, the entire server would have probably fallen over.

[Cyberman]

I love it when people point out something technological to Tibs, as though he's going to miss it

It's like when someone tries to argue archaeological history with Min. You know it's going to end in bloodshed but you just can't look away.