LockBit 2.0 Ransomware add DDoS protection to victim blog

September 3, 2021
image 3

The ransomware group have added DDoS protection to the victim blog using Nginx-Lua-Anti-DDoS from the github repo located here: https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua

image
github repo

The scripts they are using was created by Conor McKnight who is a developer of Lua, PHP, HTML, Javascript, MySQL, Visual Basics and various other languages over the years. This script was his solution to check web traffic coming into webservers to authenticate that the inbound traffic is a legitimate browser and request,
It was to help the main internet structure as well as every form of webserver that sends traffic by HTTP(S) protect themselves from the DoS / DDoS (Distributed Denial of Service) antics of the internet.

In essence, it creates a puzzle that the browser must solve before it will allow the traffic past, similar to how Cloudflare js works.

image 1
javascript the browser needs to execute

at least they are testing the code before they push it out, lol

image 2
debugging

well, I guess, back to work to find a bypass so I can get back to automated scraping the site for victim data.

Tags: , , ,

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

April 20, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 20, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 20, 2024
CISA Logo

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

April 20, 2024
CISA Logo

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

April 20, 2024