Look where www.rickross.com leads today:
What is going on? Something is trying to "handle" to Internet?
I've just tried it and it is up and running OK at the moment.
Peace and Goodwill
I read that blog entry. I dunno bout all the technical stuff but he really
has a go at Rick Ross and his tech guy. Very cultish dead-agent style
personal attack nonsense. Most bizarre.
I'm still not able to reach rickross.com from my side. From this blog,
and from a few pieces of news involving this guy, it doesn't seem CoS
Mr Bruce Raisley looks to be an Internet loony, at least his blog on the
subject is several BTs short of a cluster.
rickross.com is OK for me at present.
no problem getting to www.rickross.com ...
The blogger linked the "urls" used for a DOS attack to
rickross.com, picked on the wrong "return" target and
went south from there.
It sounds more like a DNS cache poisoning attack, which
would explain why you got re-directed to the blogger's
Works for me too!
Knowing How to Know is Knowing Where to Go:
"Mr Bruce Raisley looks to be an Internet loony, at least his blog on
subject is several BTs short of a cluster"
... probably explains WHY he is getting hit with a DDOS attack.
It would be nice if you could run "nslookup www.rickross.com" on
your system and post the results ... tell me which dns server you
I would not put it outside the realm of the CoS, the OSA fucktards
are not above hiring two-bits-short-of-a-byte script kiddies.
Your ISP isn't using some sort of transparent proxy cache is it? (serving up
outdated pages). Normally you'd force a hard refresh using Ctrl+F5 which
bypasses any proxy cache.
I'm not sure but I think putting /? after the URL in the address bar, and
hitting Go or Enter key, also bypasses any proxy cache.
Also, try clearing you temporary internet browser cache, and maybe delete
any cookies for both sites in question and see what happens.
He may not be Co$ but he's acting like it in the way that he not only
repeats their typical defamation but goes way over the top by claiming that
Rick Ross is a fake, has a fake site and a fake address.
Explains why some people get a site and others don't since each ISP/host
generally has its own domain nameservers. To test this, Ray could
reconfigure his internet settings to point to an alternative DNS pair.
Some more backgound info on this type of thing...
I just got on the website...it's ok. :)
R. Hill wrote:
> Since a few days, I haven't been able to reach rickross.com, obtaining
> a "bad request" page instead.
Run an updated virus scanner on your machine. I mean it. Then e-mail
me your IP address so I can unblock you.
> What is going on? Something is trying to "handle" to Internet?
No, just me trying to handle a DDoS attack. Details below.
> I read that blog entry. I dunno bout all the technical stuff but he really
> has a go at Rick Ross and his tech guy. Very cultish dead-agent style
> personal attack nonsense. Most bizarre.
Elsewhere has Raisley copy/pasted long chunks from my DA page on
religiousfreedomwatch, so yes, you could say it's cultish. But as
far as anyone knows or can guess, the CoS has nothing to do with
this. In fact, I'm certain they don't.
> It sounds more like a DNS cache poisoning attack, which
> would explain why you got re-directed to the blogger's
No cache poisoning, just plain DNS answer differentiation. Anyone
familiar with BIND's views will know how this is done, although in
this case it was done differently.
Here's the story. By some weird coincidences I ended up doing system
administration for rickross.com some time ago. On October 1, I noticed
a DDoS attack against one particular page,
It was nothing the server couldn't handle, but better watch it anyway.
Three hours later I was sitting with my hands in my hair. The DDoS
was growing by the minute and I had hell on earth trying to block
left and right. It cost me hell, but the server stayed up.
The attack consists of rapid HTTP requests, 3 to 8 per second, for
a 28 KB page, and comes from an average of 5.000 bots, with peaks
around 11.000. Do the math. If all these requests were fullfilled,
using averages, the outgoing traffic alone would be 5.000 x 5 x 28KB
= 680 MiB/s. Megabytes, not megabits, which translates to a volume
of roughly 60.000 GB per day. On top of that we had a fairly big
ICMP attack coming in. Of course I kept blocking and blocking, so
even if the server on a couple of occasions was overloaded, it never
came anywhere close to collapsing.
Usually, when a DDoS fails, the attacker moves on. Not in this case
though. The attack has persisted ever since, for a whole two and a
half months without interruption. Keeping on top of such a thing
day after day, week after week, is tiresome and ends up being Very
So I researched the attack, together with Rick. By now we know its
origin, its reasons and also the guy behind it. I even phoned him
to see if I could talk some reason into him, but he's as cuckoo as
There are three ways to deal with a thing like this: give up, defend,
or counterattack. One thing I learned already as a kid is to never,
ever, for any reason and under any circumstances, give in to extorsion.
The attacker is an extorsionist; what he says is simply "if you don't
remove that page from the web, I will cause you a lot of pain". Well,
that page will be removed from the web over my dead body. (He is also
one of those stupidly agressive characters, because if he only had
picked up the phone instead of launching a DDoS attack, called Rick,
and asked for his name to be removed from the page, Rick would happily h
ave obliged. Too late for that now though.)
So I defended. And when I got sick and tired of defending, I attacked
back. Kind of.
Almost 75% of the bots are concentrated in Greece, the rest are mainly
in the adjacent countries; Montenegro, Serbia, Turkey, Croatia, Slovenia,
with some odd ones in other parts of the world. 97% of the legitimate
visitors of rickross.com are concentrated in the US, with the rest in
Canada, the UK and some odd ones in the rest of the world. The resulting
equation makes sense, so I fed the bot countries fake DNS data, pointing
them to a machine owned by the botmaster, while the rest of the world
could still visit the site as usual. Perfect bliss: the attacker was
attacking his own machine, while we got a moment of peace in which to
contemplate the next step. It took three weeks for the atacker to realise
what happened, although I kept him updated from day one. Bruce, you should
really read your n9...@hotmail.com account, it's in your own interest.
I always play with (almost) open cards, ask around and people will
So just a couple of days ago he switched to IP address-based addressing
and my DNS trick works no more. Therefore, I'm moving on to the next:
creating mirrors of the attacked article at a rate faster than the
attacker can count, let alone attack. (Yes Bruce, I already told you
this too. Weeks ago. Do read your mail.) The idea is to make the attack
completely counterproductive; since the attacker wants that article off
the net, if I can make the attack multiply the presence of the article,
the attacker will have a serious incitament to stop attacking.
Anyone interested in helping out, just download
put it somewhere, and make sure Google finds it. I would greatly
> "Mr Bruce Raisley looks to be an Internet loony, at least his blog on
> the subject is several BTs short of a cluster"
> ... probably explains WHY he is getting hit with a DDOS attack.
Ehum, rather the exact opposite.
BTW, you copyright terrorist, the "Z" signature is mine, has always been.
Cease and desist ;)
> Some more backgound info on this type of thing...
In this case we don't have an attack against DNS, but a counterstrike
The best defence against logic is ignorance. The next best
is stupidity. Both can be used simultaneously.
> R. Hill wrote:
>> Since a few days, I haven't been able to reach rickross.com, obtaining
>> a "bad request" page instead.
> Run an updated virus scanner on your machine. I mean it. Then e-mail
> me your IP address so I can unblock you.
I checked your address (assuming it's the same that google shows as
posting-host). It's not explicitly blocked, so you are not infected
as far as I can tell. However, you happen to be in one of those odd
countries with many infected machines and unresponsive ISPs, so I
have pointed the entire country to the attacker's server.
No longer. He's attacking by IP address now, so there's no point
anyway. As soon as your ISP's DNS cache expires you'll be able to
reach www.rickross.com again. The TTL is intentionally very short.
Thank you, Zenon.
P.S.: The battleground (including major TV entertainment) is the very
unethical world of Criminals turned "volunteers in law-enforcement,"
of some local law, in which - I hope I understand this correctly - if
you are a woman of 21 years old, and you fall in love with and have
consensual 'sacks' with a 17 year old man, then "you are a criminal
Copyright 2007 by KNT hrp&p
Copyright Conditions as usual
> Date: Tue, 11 Dec 2007 02:51:50 +0100
> From: Zenon Panoussis <spam...@provocation.net>
> In-Reply-To: <06465e86-06d2-4d8c...@s8g2000prg.googlegroups.com>
> Lines: 141
> Message-ID: <475ded37$0$242$e4fe...@news.xs4all.nl>
> NNTP-Posting-Host: 22.214.171.124
> Newsgroups: alt.religion.scientology
> Path: news.wanadoo.nl!xref.euro.net!scavenger.euro.net!news2.euro.net!newsfeed.freenet.de!border2.nntp.ams.giganews.com!nntp.giganews.com!transit.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
> References: <06465e86-06d2-4d8c...@s8g2000prg.googlegroups.com>
> Subject: Re: rickross.com
> User-Agent: Thunderbird 126.96.36.199 (X11/20071020)
> X-Complaints-To: ab...@xs4all.nl
> X-Trace: 1197337911 news.xs4all.nl 242 [::ffff:188.8.131.52]:61911
> Xref: news.wanadoo.nl alt.religion.scientology:1882022
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 7bit
Cute, very cute ... DNS warfare.
You could change the page to a forward reference, with delayed
would download in short order (reduce traffic) - the next page could
be made into a php script, delayed dynamic redirects ... with
pages with autorefresh ... screw any system into the ground in short
With the right redirects in httpd.conf you could let google scan a
page and cache what you want - your "page" would exist forever in the
search engines of the world ...
BWA HA HA HAHA HHA <snort> !
> Anyone interested in helping out, just download
> put it somewhere, and make sure Google finds it. I would greatly
> appreciate that.
> zeeorger wrote:
> > "Mr Bruce Raisley looks to be an Internet loony, at least his blog on
> > the subject is several BTs short of a cluster"
> > ... probably explains WHY he is getting hit with a DDOS attack.
> Ehum, rather the exact opposite.
> BTW, you copyright terrorist, the "Z" signature is mine, has always been.
> Cease and desist ;)
Don't make me pull out my black mamba and start spraying. ;-)
yah, I lost a machine to a botched de-partitioning and then another
to something as yet unidentified...
Im on a laptop right now, Ill put up this page within 24 hours, if
that will help out.
im a little slow right now
And Hi to you!
> No, just me trying to handle a DDoS attack. Details below.
I had assumed it was something like that. We seem to have two guys so
obsessed with attacking each other that anyone who isn't 110% on their
side is an Enemy. rickross.com has just been taking collateral damage.
I guess we should be grateful that none of our resident ARS nutters have
the technical knowhow and resources to do this. DDoS attacks from Ms
Schwarz would be a sight to behold - so many enemies, so little time!
FREEDOM is a trademark owned by
Religious Technology Center
I looked at this page. It's about the founder of Perverted Justice, a
group that's involved with To Catch A Predator on Dateline with Chris
Hanson. This is an incredible story of what happens when geeks go bad.
Raisely attacked. Von Erke raised the stakes. Hell of a story!
I was surprised to learn that's what this is all about, as I know a bit
about PJ and its work. Which reminds me, if any of you clams want to
talk to a 13 year old named Shelly...muahahahaha!
buy my book!
read my page! (thanks, R. Hill!)
visit my store!
> You could change the page to a forward reference, with delayed
> would download in short order (reduce traffic) - the next page could
> be made into a php script, delayed dynamic redirects ... with
> pages with autorefresh ... screw any system into the ground in short
The bots are not likely to follow redirects, nor to even attempt to
parse multiframe pages, so this approach is good theoretically, but
not likely to work in practice. Think of the bots as dumb downloaders
that just fetch the raw data and then throw it away.
Besides, in these situations, you need to avoid everything that's
resource-greedy. mod_rewrite is fast, but not if it has to parse a
table of thousands of IP addresses for each and every HTTP request
to the server. Scripts of all kinds, PHP, perl, whatever, are
completely out of the question resource-wise. In fact, even apache
itself is too heavy for this kind of thing. One of the first things
I had to do in the first hours of the attack was to switch to a
stripped-down lighttpd that can handle an order of magnitude more
requests than apache without eating up all the CPU.
Thus, the blocking has to be done at a much lower level, as early
as possible in the processing chain. iptables is a good friend,
ip route an even better one.
> With the right redirects in httpd.conf you could let google scan a
> regular page and cache what you want - your "page" would exist
> forever in the search engines of the world ...
Oh, it does already, but I also want it to exist on the rickross.com
website. If I'd let it go from there, I would be succumbing to censorship
by DDoS. That won't happen.
It works from my end now, thanks.
I am still perplexed by one thing from this individual: apparently, he
doesn't want people to see this article in which he is named. However,
I can't understand why his blog would actually lists this article if
he doesn't want people to see it. Strange.
Bruce Raisley appears to be attacking anything with his name and "NBC"
to erase the information about him, as indicated on several other
articles. He's been DOSsing other sites as well for a few months. He
would grope at anything including redirecting to RFW at the present
time. (And this is a reminder to those attacked on this group by
perverts, Tory comes to mind. and the overnight, pearly correction of
bruceraisley.blogspot.com/ -----Don't go to this site text here:
Dec 9, 2007
More on DDOS
The main brunt of the DDOS(Distributed Denial of Service) attack has
now died down.
I have researched this guy, Rick Ross. It seams this former jewel
thief hates religion. Almost every religion is slandered in some way
or another on his site.
The Church of Scientology seams to hate him more than the others.
The Church of Scientology is not a religion at all. But that is my
personal opinion. I don't disagree with their right to worship as they
In the United States we are all free to choose our own religion; I
don't think any one has the right to dictate what or how we believe.
Rick Ross disagrees with me. He [sick]believes no one has the right to
a religion and he has the right to brainwash anyone who does. He will
even go as far as to kidnap some one to do his [sic]deprogramming as
he calls it.
I don't believe Mr. Ross has anything to do with the attacks on my
The Rickross web site has been under DDOS attacks since March of 2007,
as you can see they have also laid blame to purported "cult" called
If you can't get to that page you will need to find a proxy or use
About a month ago I received a call from Zennon Panoussis. He accused
me of doing a DDOS on the site and claimed that rickross.com was his
There are those who believe the problem is DNS poisoning, I don't.
I have noticed several countries and entire DNS zones are given the
incorrect IP (A-record) for www.rickross.com, countries like Brazil
and Korea. It is possible that is where the brunt of the DDOS that was
targeting rickross.com was coming from. Zennon may have gotten the
bright idea to return the IP of my server for those zones. This type
of DDOS reflection is not new. The owners of bluesecurity.com changed
their IP to the Sixapart servers after they where attacked.
Mr. Ross needs to evaluate who he uses to administer his server. I
have enough DDOS server logs to print on paper from New-York to LA.
They all contain access requests to pages that are no where on the Net
but his site.
At the suggestion of a comment on my last blog. I am now redirecting
the requests to
Thanks "Christian" who ever you are.
Rick, you can thank your girly-boy friend for sending half the world
to a site that will expose you.
Posted by Bruce Raisley at 7:41 PM 0 comments
Friday, December 7, 2007
DDOS Distributed Denial of Service Attacks
Recently one of my machines has been receiving a DDOS. I am getting
about sixteen gigabytes a day in requests for pages that don't exist
on that machine. This is below the maximum bandwidth I have for the
machine so it is not affecting me economically, plus the thing has 100
gigabytes per second access to the internet. The attack is more like a
mosquito but I have noticed the itch. I have investigated the attacks.
About ten thousand machines are making the request to a page about
perverted-justice, There are also religious and cult pages that are
Here are some of the pages these bots are looking for.
A quick search of the internet and I find all these pages are on
This [sick] website claims it is in the U.S., but like most frauds it
The site is run by a guy named Zenon Panoussis, You can look him up on
Mr. Panoussis has been launching a DDOS, or redirecting a DDOS to my
Q. How do I know this?
A. Because he called me, actually several times. When I did answer he
accused me of doing a DDOS on his site. Yes it is HIS site! His name
is on the registrar as the tech contact and he admitted ownership of
it. The Jersey City, NJ address on his site is false.
I went to his site, I hit refresh about fifteen times then I was
blocked. A quick check and his DNS server is returning the IP of MY
MACHINE for his site name. This is illegal, but because the machine,
[and he], are in Sweden there is not much I can do to him because of
It looks more like he is doing a redirect to my machine for any attack
done on his. He is also sending legitimate users to my machine. I will
be putting a web site at the base URL with a photo of Panoussis.
Explaining to every one what type of jerk he is.
Here is what I have on this moron.
Everything else there is false.
Mr. Panoussis is a Muslim or Hindu, he has a Hindu accent.
Mr. Panoussis attacks Christians.
Mr. Panoussis steals copyrighted material from others.
Mr. Panoussis has been accused as a pedophile.
Mr. Panousses is a fraud. He is collecting donations from American
citizens who believe his business is located in the United States. If
you have donated to his cult awareness project. YOU HAVE BEEN HAD!
EVERY ARTICLE on his site was STOLEN from else where on the internet.
He did not write any of them. That is what this guy does.
Who ever is launching these attacks on his site, please place his IP
(184.108.40.206) in the URL. I don't want those bots hitting my machine.
As for my self and Mr. Von Erck; We have not spoken or contacted each
other for several years. He is not my enemy, he is not my friend.
Please do not attack others and make it look like I am doing it.
Posted by Bruce Raisley at 9:01 PM 6 comments
Meanwhile in $cienoland this has an effect of the account that info
warfare to reduce activists names as a "hater" while they try to
"procure" NBC favor in their Operation Celebrity (if this makes
Articles about this are appearing on Radar Online, and other sources
that critical material has been featured on the cult.
It could like an offshoot covert attack on NBC, attaching your names
to hatred on the one side, while building up the cults presence on NBC
on the other hand.
> I am still perplexed by one thing from this individual: apparently, he
> doesn't want people to see this article in which he is named. However,
> I can't understand why his blog would actually lists this article if
> he doesn't want people to see it. Strange.
Rule #1 of social interaction: never ascribe to complex ratio what can
be explained by simple plain stupidity.
> Bruce Raisley appears to be attacking anything with his name and "NBC"
> to erase the information about him, as indicated on several other
> articles. He's been DOSsing other sites as well for a few months.
Mirrors are coming up. The poor devil will have a hard time keeping
track of potential attack targets, not to mention carrying out any
meaningful attacks. I considered posting the URLs, but then thought
what the hell, they are insignificant until Google indexes them, and
when Google has indexed them Raisley can find them himself, so there's
no reason for me to save him that work.
[Open letter to Bruce Raisley. Highly off-topic on a.r.s., but anyway.]
Originally you were victimized by a ruthless vigilante, von Erck.
That's the essence of the Radar article and that's what just about
everyone else who ever commented on that story thinks, except of
course von Erck himself. The point: people felt sympathy for you.
And I can understand your frustration with the publicity. Sympathetic
or not, those articles floating around damage your reputation. You
apply for a job and the first thing a potential employer does is to
google you. He finds that story and you can kiss the job goodbye.
Sure. But as I mentioned earlier in this thread, a simple phone call
would have been sufficient to have your name replaced by initials or
removed altogether, at least on the rickross.com website. And Rick's
phone number is right there, all you had to do was to click "contact"
and pick up the phone.
Instead, you turned into a ruthless vigilante yourself, into a perfect
copy of von Erck. You should hardly be surprised then if the people
who once felt sympathy for you, now hate your guts. Personally, I
have caught myself daydreaming on more than one occasion of having
you quarted by horses and the remains fed to piranhas.
Of course, that will never happen. But other things will, if the
situation continues this way. It is not a bunch of incompetent idiots
you are confronting, in case you thought so. All the contrary, you
insist on making some rather knowledgeable and resourseful people
your personal enemies.
So think. The google bomb, as you call it on your other blog, is
already bad enough as it is. What will you do if this thing explodes
into publicity fireworks and, for some reason, some broad-distribution
publications run the story? You will be known for eternity not only
as a guy who got stung by von Erck into making an utter fool of himself,
but worse, as a guy who used DDoS attacks for months in an attempt to
censor online press, unsuccessfully at that. Now imagine this on your
resumé - a software engineer, no less - and see where it's taking you.
Think, what will happen when I lose all patience defending the website
with technical means, and Rick decides to sue you? Oh, I know, you
think "they can't prove anything, there is no evidence, so they can't
touch me". Well, that might apply to the cops and to the DA in a criminal
case, but it does not apply in a civil lawsuit. A civil lawsuit should
not be frivolous, that's all, and one against you at this time would
certainly not be. So then? Do you really want to pay the lawyers and
fight court cases for years? Do you want the publicity that a lawsuit
would generate? I mean, assume even that you win at the end, isn't it
still the wrong way to go?
So here is my suggestion to you, for what it's worth: stop the attack,
dismantle the bots, and apologise to Rick. Then wait a year or so for
our anger to subdue. Then ask politely, very politely, if Rick would
consider removing your name from that article. If you're very lucky,
he might do it. If you're not, you will still be much better off than
if you continue the attack. See, for example, this very posting of mine
has just been archived by Google for time and eternity and your name is
in it. That's what I mean when I try to explain to you that you're making
things worse for yourself.
All in all, I think that you have focused so much on that one issue of
having been wronged by von Erck, that you no longer see anything else
and are about to damage yourself much more than he ever damaged you.
So stop, ponder and try to act rationally.
Well, and if you don't, at least no-one can say that I didn't try my
best to talk sense into you. Now I did, and it's up to you to take it
or not. Good luck either way.
> Im on a laptop right now, Ill put up this page within 24 hours, if
> that will help out.
Thanks Arnie, it will. Just mail me the URL, rather than posting it.
Wow, very nice to see you back here.
if you dont get my email, it means I forgot yours, so send me one to