Help for DDoS: Nedasites

Discussion in 'Anonymous Iran Archive' started by gr88iran, Jun 30, 2009.


How do you like this program?

Excellent 12 vote(s) 50.0%
Good 3 vote(s) 12.5%
Haven't tried it yet 6 vote(s) 25.0%
Rubbish 3 vote(s) 12.5%
  1. I'm guessing this has already been discussed (privately), but if Gerdab is blocking Nedasites specifically, which seems like one possibility, would it be practical to configure it so that it becomes less "identifiable?" Perhaps you could have it so that it automatically and randomly rotates the type of DOS attack it carries out.

    Based on the above statement, it may not even need saying, but I am not a programmer (so I've little to no idea of what I'm waffling about!)
  2. gr88iran Member

    Thanks for your suggestion.
    Nedasites leaves minimum traceable information on the server.
    There are two well known DDoS attacks which is quite effective (and we are working on a 3rd one for the latest version). The point is that is running on CentOS which is 100% compatible rebuild of the Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. However it lacks the support from Redhat, therefore a complicated hacking attack may not be revealed easier. From my experience I can say something funny:
    Regime doesn't own highly proficient experts to run and administer their networks. They usually have strict contract to 3rd party companies and highly professional freelancers. Therefore if the real experts who do the maintenance are not brainwashed fanatics, they morally don't help these kind of web sites specially in the current situation. Gerdab is yet another project of the government which its main reason of existence is to feed some people: they just "get the contract" from government and then get paid for doing nothing. Their spy activities are mostly based on social engineering rather than technical engineering. For example they have set up which is related to sexual stuff. Then they made connection to some fools who shared too much info with them, and arrested them. Fortunately the government of Iran is not able to employ highly professional experts for a long time and most of them either leave the country or work for great companies instead of getting involved in governmental dirt. Another reason that they are technically weak is that Iran is an isolated country. Many famous software companies like SUN, CISCO, Redhat, etc. don't have official activity in the country, therefore rarely you can find someone who's internationally competent. Even those few who are really knowledgeable, usually leave the country toward Canada, US and Australia.
    However, not to be too optimist, we have put several security barriers in Nedasites so that they cannot detect anything special about an attacker. In the next version we focus on performance, ease of use and more effective attack (like automatic URL scanning). As I'm writing this, Gerdab is down!
  3. Stacy Member

    I thought I saw they set up a porn type site when I sent their site through google translate and thought I saw they were after or did get people.

    It was just another one of their double standards to me. Or it was entrapment
  4. Vee Member

    Did someone down
  5. Stacy Member

    Coming up for me right now.
  6. Stacy Member

  7. Stacy Member

  8. Vee Member

    Still timing out for me.
    Someone should compile and send them some rxbots :p
  9. Check with web proxies, blocks my many ip's very fast! They are still up and running. And fast too.
  10. gr88iran Member

    Who cares about ;)
    Even when he's in Friday's Prayers (namaz jom'ah) not many people attend there! Our main target is which obviously claims that they will arrest, torture and kill people for their activities on the Internet! This is the real crime on the Internet: to frighten people and monitor people's thoughts.
  11. Ray Murphy Member

    They are as slow as a wet week in Australia.
  12. Vee Member

    In Australia too. Have been noticing slow Conns to alot of IR sites.
  13. Vee Member

    Gerdab is in lockdown. Its going to take time to find vulnerabilities. We can always work on secondary targets while its being worked on.

    Besides. If we can compromise another of these sites we can deface it and use it to launch attacks on other IR sites.

    You also never know. Rooting one might have trusted access to another ;)
  14. Whatever abilities they have for IP blocking, I think everyone knows what a total fail even the best spam filters are for someone who wants to get communication from someone they don't know (say, like a tipster). We know some obvious targets such as and, and someone posted a phone number I was only getting error messages for. I can't see the site right now as I'm completely banned (kind of wondering if they've started banning regions) but if people can keep the contact info updated, maybe get info on whatever phone number is available for people to turn others in and if there are additional email addresses, I think it would be helpful to keep the pressure up on those for people unable to hit the site directly.

    Granted, there will be other ways to betray neighbors, but snitches will always be more likely to act if they can maintain a high level of anonimity. Additionally, I know there was a list of phone numbers at one point, but if anyone has numbers and/or email addresses for other government tiplines, that could also be helpful.
  15. FintanDunne Member

  16. Stacy Member

  17. gr88iran Member

  18. Srpska Member

  19. gr88iran Member

    If you think your IP is blocked because of previous attacks, use an indirect method to access the site. A simple solution can be an online proxy: WebsiteBypass - Bypass Any Website Blocker!!

    WARNING: Never use online proxies to check your email, facebook or an activity that gives your sensitive information to 3rd party web sites. But it's ok just to check and other sites if you don't want your IP to be identified.
  20. حمید Member

    Here is a list of those being named

    Here is a list of those being named
    آفتاب - جزییات جدید از مدیران سایت‌های مستهجن ایرانی
  21. nedasites vs. wget

    how much different is running nedasites than just pointing a wget at one of these sites? since nedasites doesn't run on my machine, can i just use wget for a similar effect?
  22. gr88iran Member

    you can achieve the same outcome with wget. Nedasites however tries some alternative attack methods when simple HTTP GET fails. But if your machine doesn't support Java 6, wget is the best simple option to go.

    Another option can be HTTRACK or WinHTTRACK which is a web site copier. It runs an efficient multitasking Spider (parses the HTML pages for finding new links).
  23. Don't want to take this off topic, but as it's been mentioned a couple of times in the thread. Here's a mailbomber, you can use for and (and any others you choose). All programs are fully verified, working and AV Clean.

    To confirm, go to VirusTotal - Hash Search and paste the SHA1 hash listed beneath each file to view the file's scan report, or alternatively, download the program, and use VirusTotal - Malware Scan scan yourself (it uses 41 different well-known AntiVirus engines to carry it out).

    The program itself is dead simple to use. The only thing you will need to do, is create an anonymous email account at gmail to send from, and a .txt file using Notepad, with:

    running down the page, as many times as you want to send [make your page looooooong in other words. Copy-Paste is your friend!]

    For any gerdab related phone numbers you may receive, some landlines allow texts to be received (they hear an automated, talking voice). Alternatively, mobile phones are the obvious second choice.
    So as not to hijack this thread, any discussion on either of these, please create another thread, and link to it. Thanks.
  24. gr88iran Member

    Thanks man! it's not offtopic at all!
    If the mail server is located on the same server that hosts their website, overloading the mail server will result in an indirect DDoS. I guess they still haven't thought about this problem and since email routing is indirect, they cannot confront it simply by blocking IPs! Good method! ;)
  25. Srpska Member

    I get an "Authentication Required" error :S
  26. Srpska Member

    OK, disregard that, fix'd nao. Maxed out at 508 messages sent, though - apparently that's the quota for the day :(
  27. Need support to close!!!


    AND WE HAVE A REPLY ........

    Start the program ....
    گرداب |

    THIRD STEP: PRESS ENTER THE RATE (INTER) and allow to browse through your

  28. gr88iran Member

    NOTICE: This application is not related to Nedasites and it's an EXE file which is not developed and promoted by gr88iran team. We cannot validate the "Unregistered user" posting it.
    But if the sender still reads this message, I'm curious to ask the following question:
    What is the advantage of this application over Nedasites?
  29. armageddon23 Member

    ddos attack

    in answer to your message i can say u that i used this ddos attack and is not a virus!i used cause was posted from another user not an expert i want only help in all ways..if u have some suggest please tell me..
  30. Devs:

    Can we expect an update soon? What features are you planning on implementing?
  31. Yep, version 3 is going to be a huge step forward based on the feedback we received. Currently these are the features in todo list:
    * IP Geo-location finding
    * Bandwidth limitation instead of attack interval
    * A new user interface
    * Pre-specified URL list
    * Automatic URL scanning and spider
    * Site specific attack mecanisms
    * Steganography
    * One-click installation
    * ...

    It'll still be a Java program (C#.NET version didn't find enough advocates, but slowly is under progress)

    Not all of them will appear in version 3 but this is what kept us busy for 2 weeks.
  32. Is your java program a heavy boundwith consuming attach or it use some ideas like Slowloris,or a multi treaded, low bandwidth, greedy and poisonous HTTP client?

    Could be nice if you could implement something like Sloloris, which could also work on their ISS servers.
    Thanks for help! God bless you!
  33. gr88iran Member

    For security reasons we cannot disclose information about algorithms here in public, but Slowloris uses a different method. We are also working on website-specific mechanisms which rotate among various tested methods for maximum effect on a web site.
  34. The name "" springs to mind. :)

    Praying we can start taking the fuckers down again.

    Thanks for all your efforts guys.
  35. gr88iran Member

    Taking a look at many of their pages, one can say that is nothing special. They are just a money-eating organization inside the government. From the type of the news and the style of writing it's clear that they lack the technical knowledge to locate the "cyber-criminals" (as they refer to freedom seekers in Iran).
    Their methods are mostly based on Social Engineering so there is no point in hacking their web site. After 20 days from the first release of Nedasites, I feel we even don't need to hack those sites because Iranian government doesn't rely on the web sites so much and they simply don't have the dignity and braincells that is needed to know the value of a website! On the other hand, we may dedicate our precious bandwidth to helping Iranians access the censored contents of the web. However, that is the goal of another project which is partly satisfied by Tor/Privoxy.

    More information about Social Engineering:
    Social engineering (security) - Wikipedia, the free encyclopedia
    Social Engineering - Hacking Humans
  36. ElllisD Member

    Run NedaSites as a system service

    I'm running Small Business Server 2008 at my office & using a freeware app that turns an executable into a system service so it can run in the background on the domain controller, but I need help to make it work.
    F.R.Y Shell Software
    Can I make a batch file that'll click the start button and get the java app going?
    Now it just errors w/ the process terminated unexpectedly.
    Please advise.
  37. gr88iran Member

    To all the users waiting for version 3:
    There's an internal debate in our team. Despite the fact that our program is much more efficient than Pageaddict and we have achieved our goal of designing a more efficient DDoS alternative, but Mehran (lead developer nick) believes that calling web hosting companies will be more efficient to stop the malicious web sites like this: (success story)

    I personally believe that is a worthless trap because everyone knows that it's there to swallow some money from the government and DDoS does nothing special. However for the lie-spreading news web sites like farsnews and rajanews the current version of the program works better. Version 3 is going to have web-site specific attack methods and a limited set of web sites. But the internal debate in our team doesn't support DDoS that much. We are thinking about asking the web hosting companies (mostly in the US and Canada) to stop serving the web sites of the well known terrorist government of Iran.
    -gr88iran team
  38. So you guys are going to make the decision not to ddos for all of us? I appreciate what you have done, but won't people call if they want or dos if they want, with or without your program? I say finish the version you are working on and release it and then decide whether you want to continue after that. Thanks guys!

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins