DDOS Attacks March 2019

The latest wave of DDOS Attacks.

Firstly it might be helpful to define a DDOS Attack. DDOD stands for Distributed Denial Of Service. In the simplest of terms the attack is launched by a series of automated Bots from a large number of infected machines at a specific pre-scheduled time. The objective of these attacks is to drown the server which hosts a given Website in millions of page requests over a very short period of time and force it to Deny Service. Or more likely crash monumentally. There are many reasons an attacker might want to do this. Some are personal, others are much more complex, are totally impersonal and to some extent random.

There have been several large corporations and many smaller businesses attacked  by the latest version of this form of attack over the last month or so. Larger corporations are unlikely to admit that they have been successfully attacked unless they are forced by publicity to do so. Unfortunately these attacks can be as dramatic and costly for smaller businesses. They can also put the business at risk of prosecution under the General Data Protection Regulation 2018 if they are in Europe. The reason for this risk will become clear shortly.

The wave of DDOS Attacks which emerged in early March 2019 have been given the relatively bland title of “Memcached Q4”. What they are called is quite academic. Their objective is where the potential GDPR2018 liability takes effect. The reason for this specific wave of attacks is the extraction of name and email details en masse from as many servers as possible. Eventually these will find their way to “Spam List” which are supposedly segregated info specific lists based on geographic location, interest, gender etc. and are available in some of the darker areas of the Internet. Generally information gathered by form pages on websites is stored securely encrypted in a database well out of sight of any would-be extraction Bots. But as a server is overwhelmed by a DDOS attack there is a possibility for a Bot to access the databases undetected by the usual security systems as the server struggles to deal with an ever increasing but momentary spike in demand.

There are several stages to these attacks and the delivery mechanism is becoming very sophisticated.

A brief list of some steps involved in one particular attack process is as follows. (Although there are many other processes.)

(1) A Bot finds your URL by randomly generating possible Domain Names and “Spidering” those which work, looking for form pages. You are likely to receive a bunch of spam form returns which often appear to have a Russian origin and include a great deal of Cyrillic text.

(2) After determining that your site collects name and email information your URL is added to a list of possible target sites.

(3) This list is sent to another Bot which has only one objective. That is to determine the “Colour” of the Operating System your hosting server is running. A .php suffix on your URLs indicates a Linux variant. A .net suffix indicates a Windows variant. There are various other more exotic Operating Systems, but these are the two main players. The means of attack are similar, but the database systems are different and need to be targetted in different ways.

(4) Once this initial data mining is complete everything might well seem to go quiet for several months. In fact you might never be targetted as these mined lists are sold on the Black Market. If your site appears to have few visitors or is unlikely to yield useful contact data then the details are unlikely to have an saleable value. If however your site details are bought and your site attacked you'll probably suffer a brief period of outage and a few choice warning emails from your hosting provider about over quota data usage. This is the stage at which your site is attacked by numerous DDOS Bots with the intention of forcing the server to fall over.

All very clever. But also costly for you in terms of Data Bandwidth, potentially very annoying for your customers who are likely to find themselves the target of vast amounts of Spam email. Also there is the potential of prosecution under GDPR2018 as you have unknowingly allowed your customers details to be sold for malicious ends.

So what can you do to prevent this from occurring?

There very little that can be done to prevent Data Mining. It is an unfortunate fact that there are now more Bots active on the Internet than there are humans. 

However it is well worth speaking to your hosting provider and requesting the installation of “Flood Protection” Software. These packages are usually propitiatory and there will be a small registration cost. But once installed the software will detect the early stages of a DDOS attack and effectively Firewall your entire server account. “Flood Protection” software should also log the IP address ranges from which the attack originates which allows your hosting provider or in-house data manager to block IP ranges and effectively prevent further attacks from the same origin.

Upcoming changes to Facebook for Business Pages

Upcoming changes to Facebook for Business PagesFacebook have for some considerable time pretty much required business Pages to pay to 'Boost' their posts in order to gain more reach. There have been ways for businesses to circumvent this by sharing their post into local interest groups or For Sale groups. However the upcoming changes to the Facebook algorithm are likely to put an end to this, or at the least be very restrictive. We've already seen some clients ability to share into groups disabled for up to seven days for this activity. Including ourselves!

There are ways you can still reach your existing customers and those who have 'Liked' your Page, but it does require some interaction from them. In order for your potential customers to see all your business posts it is necessary for them to select the 'See First' option. It may well be worth encouraging them to follow the steps below before these changes come into place:-

  1. Find your Page on Facebook.
  2. Click the down arrow on the 'Following' tab
  3. Change the 'In your News Feed' preference from 'Default' to 'See First'

Obviously not all businesses use Facebook as a promotional tool, but it is expected by the public for most types of business. Although the Boost post option will undoubtedly bring considerably greater numbers of views to a given post it is not the most targeted approach. For example, if you choose to boost within a certain geographic area this approach is similar to the old fashioned leaflet drop. You know for a fact that at least 90% of those leaflets will end up in the bin unread. On Facebook this can be a somewhat damaging one way street. Once a Facebook user has selected 'Block all from.....' you will never be able to present your products or services to them again, unless they change their preferences.

Many local businesses are now actively researching alternatives to Facebook. Many of whom are showing considerable interest in listings sites such as Gumtree. Once a very clunky and underused service Gumtree has not been stagnant. Vast improvements have been made over recent years resulting in a much more user friendly interface and considerably greater numbers of regular users especially in the UK. We are not suggesting that you put all your eggs in any specific basket, but you would be well advised to reappraise your approach regarding Facebook as a cost effective tool.

The official Facebook post can be found here

The Plastic crisis?

Northern Living - Counter The Plastic crisisThere are vast concerns about the amount of single use plastic which ends up in landfill, in our seas or simply blowing around your area when it's windy and the re-cycle bins blow over. Rightly so.

But have any of us actually stopped and thought about who is responsible? Presently we have a 5p “Tax” on single use plastic bags at Supermarkets. The revenue is supposed to go to local Environmental Causes. Have you heard of any of your local Supermarkets giving large sums of money to local Environmental Causes? Has your cause benefited in any way shape or form? I fear generally the answer is no.

Let us put a slightly different angle on this.

When you go to the Supermarket to buy a lettuce, have you ever found the words “ I don't want that one, the half plastic cover has come off” slipping inadvertently through your clenched teeth? I'm guessing not, unless you happen to be shopping at your workplace after shift and have been subliminally programmed. They will tell you that the plastic covering is to preserve freshness. All lies, I afraid. It's all about profits. It they can force their suppliers it insert said lettuce in a half plastic covering before boxing them for them all the better. They will also be obliged to stick the label on the plastic for them which carries the four digit product number and a bar code. How does this increase profit? Well they don't need staff training for the checkout operators to tell the difference between an Iceberg, Red Leaf Lettuce or indeed a Spring lettuce . Because they've burdened their supplier with the packaging and presentation the staff simply need to lay the tray on the shelves and let the customers take what they want. Bonus, they can send the cardboard back to their suppliers to dispose of and they'll never see the plastic again. Win -Win.

Extend this concept to plastic cocktail sticks, plastic straws, plastic coffee cups, plastic once only use water bottles, plastic meat trays and coverings, frozen goods bags......

The next proposal as a “tax” on once only use coffee cups. When an organically waxed degradable paper cup would do the job just as well.

So who should pay? Not you the consumer, I'm quite sure. You didn't request all the excess plastic packaging.

So how is this for an idea? Make the coffee chains and supermarkets pay the “tax” themselves and guarantee that they cannot pass the cost to you, the consumer. Stand at the checkout and simply say “Not I don't want a 5p bag or a bag for life, I want a paper bag with handles free of charge” and stand your ground. Or in the coffee shop simply say “It's to go, in a paper cup if you please”. You might be defeated on the first few visits, but if you start stripping all the plastic off your goods and leaving them behind they will soon get the message. Especially if we all do it....



There is no room for profit over people. There is less room for profit over the planet....

Will free Wi-Fi be an obligatory part of the pub / restaurant and café offering in 2018?

Will free Wi-Fi be an obligatory part of the pub / restaurant and café offering in 2018?As Jimi Famurewa of The Guardian puts it.....

“.......“Ultimately, coffee shops are social environments,” explains Jack Hesketh, owner of Store Street Espresso, which limits Wi-Fi in its two London outlets and has blocked the sockets in its Bloomsbury branch. “We were finding that you’d go into the cafe and it would be 15 people sat at 15 different tables and you could hear a pin drop.” Fighting this mausoleum vibe – as much as the chancers who make a mint tea last all afternoon – seems to be the prime motivation of a lot of the proprietors making a stand.

And sometimes the laptop brigade kill the mood in other ways. “The thing I hate the most is the people who come in and unplug lamps to charge up their laptops,” says Liam Casey, owner of the Pacific Social Club in east London, where laptop and tablet users are exiled to a back room. It’s not just the lone nomads either. “People use cafes for business meetings, which is fine,” says Casey. “But if I’m hungover and just want a breakfast, I don’t really want to get drawn into somebody’s professional networking.”

We all love our mobile phones, some more than others, but being in contact 24 hours a day is a feature of society which we are unlikely to abandon any time soon. But there is a right and wrong place, a 'phoniquette' if you will, which has evolved alongside the integration of mobile technology into our daily lives. Pubs and restaurants often encourage customers to 'Check In' on Facebook, to Tweet a picture of their meal as part of a promotion or  “Tag“ 8 friends who should be with you, for a free drink etc. They are generally less impressed when guesses turn up, rearrange the table setting to accommodate their mobile devices and then spend the evening in silence snapping pictures of every course and tapping away at their screens.

In early 2017 one restaurateur took the unusual step of installing a Faraday Cage in his restaurant, effectively blocking all mobile signals from outdoors. This might have been a publicity stunt, perhaps. But it does highlight another less than sociable social trend.

So if you are up in the Dales and drop in at The Slaughtered Lamb would you now expect to find the Wi-Fi logo emblazoned of the front door?

A bit of advice for Job applicants

A bit of advice for Job applicantsThis is not in any way intended as self promotion. But we though that a little advice from 'Those old dudes' might be of interest. After all some of, or all of, the people running businesses will be in our age group.

(1) Let's settle this first so we get the offense out of the way. We do not owe you a job. We want you to earn a good living whilst making us money. That is how it works. if you think you can do better, you might like to find the funding to start your own business?

(2) This is more to do with our ability than yours. However, if you send us a phone picture of your CV in various segments, via Facebook, Twitter, bogApp etc. the chances are that we won't be able to read them. You might live on and by your mobile phones but we do not. We tend to use Laptops or PCs. Mainly because we have to be able to do serious things like accounts, printing etc. If you send us a CV which we can't read due to image compression in social media sites, this is simply not our fault.

(3) On-line application forms. OK you don't link them. But we are not stupid enough to leave our email address visible on our website for every Spam-Bot on the Internet to abuse. If we provide you with a form to complete please add the correct details in the logical boxes. Name – Name, email – email etc. The Comments box is not for you to copy & paste the text content of your CV into. This results is that pretty text formatting that you have added or possibly paid to have created, being removed. All we get is the raw text. Which doesn't look overly impressive. First impressions etc. You'll find that the 'Upload CV' button works really well. As in that we actually get your CV in the format and style you intended. You'll be surprise by the number of file formats we can deal with!

(4) Pestering.... Sending messages to our Facebook page every two days is not a cool gig. Please see (1) above. We don't owe you the job of your dreams. If for whatever reason we have decided that you are not suitable for the post. Then I'm afraid no number of prompts will change our decision. You really would be better applying for another post, with somebody else, who you've not ticked off.

(5) Social Media Tagging your mates. “Look this is where I'll be wrkn” Firstly, it's not a word dude / dudess. Secondly, we can see the text in your tag and you've just reduced your chances.

(6) Silly email addresses. This email address is being protected from spambots. You need JavaScript enabled to view it. is not an appropriate email address for a job application chum. IF you have three legs, effectively this should be between you or your girlfriend. I really hope she's satisfied.

(7) Weird / Obtuse / Obscene Social Media Posts. Yes you've worked out the form page. Well done you. But in doing so you've allowed us to find you on Facebook etc. Unless you've bolted your security settings down. (This will also make us suspicious). Look at what you post. Would you employ you if you were say 20 years older? Would you trust you with our customers? Would you trust you with cash?

In the day, way back when the dinosaurs roamed the earth we had a comedy character called Yosser Hughes who's tag line was “Giz a Job – I can do that” - Don't be Yosser!!!!


English French German Italian Portuguese Russian Spanish