Site showing pictures of protesters!

Discussion in 'Help Iran Online' started by Unregistered, Jun 24, 2009.

  1. Damn is live again

    We need a more permanent solution. I'm no hacker; why is this so hard? Surely we can do this!
  2. Cloak n Run Member down atm :D
  3. Vee Member

    2x Thumbs up
  4. Cloak n Run Member

    I'm opening up multiple Terminal windows. Will they run active in the background in OSX?
  5. Any ideas on what to do about complicit image hosting sites like biaclip? Should we open up on them as well?
  6. >We need a more permanent solution. I'm no hacker; why is this so hard? Surely we can
    do this!

    Yeah we need more professional support. It is so hard because as soon as we stop our
    fire the servers come back online...

    > down atm

    >I'm opening up multiple Terminal windows. Will they run active in the background in OSX?

    They should run in background, but opening many windows does not nessecarily help,
    because the amount of attacks is limited by your bandwith.

    >Any ideas on what to do about complicit image hosting sites like biaclip? Should we open up on them as well?

    Maybe we should. But I think that at the moment we should focus on the bigger pages
    because we dont have the capacity to attack so many servers at one time. If not enough
    people attack at one time the attack is useless.

    By the way, what is Its a kind of news agency, right?

    When I visit the page a login for appears... I found out that it suffers from a Mysql-
    injection vulnerability. That means that you can easily bypass the authetication.
    This might be a chance for a "permanent solution" if you know what I mean...

    Keep attacking...
    Bombing for peace is like fucking for virginity
  7. brat Member

    response before & its back again

    I'm not sure if my response made any sense! Was too sleepy to type correctly :)

    The sites I listed all have the same set up that اغتشاشگران را شناسایی کنید has. which when translated is asking for help identifying the protesters. Any that seemed to just be discussing what what happening I have not included.

    I see is up again. :( I suppose if it continues coming back up, I should add the list of sites that link back to the pictures?

    any thoughts?
  8. I'm pounding on hard as I can. I can keep this up all day.
  9. Ray Murphy Member

    To save reading the whole thread, could someone explain what this is all about, so others may assist if it is legal to do the same thing in their countries.
  10. It is legal in my conscience, and that suffices. Talk to your own conscience for more information :)

    The thread is about running a slowloris or pyloris attack against Iranian websites showing pictures protesters. The fascist regime in Iran wants its citizens to supply the names and addresses of those pictured, so their cops and armed thugs can then proceed to arrest, maim and kill them. Through attacking the server, we hope to prevent this from happening.

    For slowloris and pyloris instructions, read the thread.
  11. Ray Murphy Member

    I see now -- is out of action at the moment.
    If a website like that is up an running, does it do any good if people simply visit a website and stay connected for a while to slow it down -- even 0.01%?
  12. brat Member

    nice job people :D

    Searching for others!
  13. Ray Murphy Member

    Well hurry up. Why are there not 100 dead government links for posters here to keep monitoring? was out of action 60 secs ago.
  14. It keeps going down but there is not enough people and power to keep it down.
    Is there any way of coming up with something that would knock it out for long periods or has Nokia Siemans helped them beyond the point of anyone being able to do anything to keep it down for a sustained time.
  15. Ray Murphy Member

    I propose that we check it before posting (as I did again just now) and say something like: was out of action 60 secs ago.
  16. Srpska Member

    Gerdab is a notorious zombie, so if it stops moving that doesn't mean it is dead. I shudder to think of the resources those poor sods are shovelling in to keep its boilers stoked, but frankly I think we can keep this up as long as they can.
  17. Ray Murphy Member

    I suspect that's it's probably an overkill now. was still out of action 60 secs ago.
  18. Problem: Every time we kill it, it eventually comes back.

    Solution: Don't stop killing it.
  19. Ray Murphy Member

    It hasn't been coming back on here for hours. was still out of action 60 secs ago.
  20. Oh, the peaceful hum of my three pylorises!

    Gerdab is still down. Keep at it, my peers!
  21. Cloak n Run Member

    Ray Murphy the reason gerdab is down is due to the ever increasing ways we are attacking it. Just opening a website and keeping in your browser will do bugger all by comparison. What is required is a code (like those offered here) that fire the page to submit info to you every SECOND or so. The browser would need to be refreshed constantly to acheive similar effect. The slowloris and pyloris methods are proving to be very effective but are MORE effective the greater number of us using them. Feel free to jump on in mate.

    We've been using a website called Down for everyone or just me? to check availability as just because it's down for one internet provider doesn't mean it's down for anyone else. That website clarifies that.

    I also think it's not particularly helpful stating how long it's been down as it's been chopping and changing every few minutes. As you've experienced the thread is already long enough without constant status updates. I'VE been guilty of doing the same but more out of excitement that all this hard work has started to pay off. Also when it's down we DON'T STOP firing at it as it makes getting it back up all that much harder.

    So to clarify there is the slowloris app via linux that works the best. Over at cyberwar4iran they have an easy 5-step Windows (OSX instructions too) app that uses this method. I've been working with a Python version of the same code that is working well on my iMac. Go back to here to see that if it's your bag. And finally there's a new Java app been released that does DDoS that some seem to favour. Here's the link for that Home ‎(Nedasites)‎

    Most importantly to consider is that we are ALL doing this seperate from any political viewpoint and most of us are simply humanist. We can't sit idly by whilst a priveliged few attempt to violently quash a clearly peaceful movement and break numerous Iranian & International Human Rights laws in the process. THIS HAS TO STOP and we wish to be part of the group the enables exactly that to happen.
  22. Ray Murphy Member

    Now, can we see the website for those motorbike thugs with batons, and let some of us capture it as a souvenir before those naughty hackers cripple it? was out of action 60 secs ago.
  23. Ray Murphy Member

    [Good gear snipped]

    Thanks for typing out all those details. I'm sure others will also get the picture more clearly now.

    One thing that concerns me is the potential for internet users in various countries to breach local laws in relation to either misuse of the net or interfering with any sovereign nation's stability if they are officially recognized as such by their own country. I suspect that Iran hasn't qualified as such in some western countries since 1979.

    Look, I'm all for protesting and making a big noise, but I think it would be a breach of Australia's new laws to participate in a cyber attack - even against the most vicious mongrels on the planet.
  24. brat Member

    list of sites

    Obviously the information re: sites down & sites up are as of 30 mins or so ago.

    I hope this is readable - I have the URL, whois for domain & contact for the IP. Many of these sites depend on gerdab being up and I have written that with the URL. If its confusing at all let me know. I also have a couple more to do, but my daughter has dance class :) so I'll do them later. If anyone has questions, let me know too.

    سايت خبري مشروح - اغتشاشگران را معرفی کنید
    down when gerdab is (one picture shows up)

    Moosa Aliakbari (
    Gharan- Chitgar
    Tel. +98.9111545702
    Fax. +98.1512223583

    IP addy:
    inetnum: -
    netname: RapidSwitch_29
    descr: RapidSwitch Ltd
    country: GB
    admin-c: AR6363-RIPE
    tech-c: AR6363-RIPE
    status: ASSIGNED PA
    source: RIPE # Filtered

    person: Abuse Robot
    address: RapidSwitch Ltd
    address: Spectrum House
    address: Clivemont Road
    address: Maidenhead
    address: SL6 7FW
    phone: +44 (0)20 7106 0730
    remarks: ******************************************************
    remarks: * ABUSE REPORTS *
    remarks: * E-mail: *
    remarks: * *
    remarks: * IMPORTANT: We are unable to accept abuse reports *
    remarks: * any other way except the two methods listed above. *
    remarks: ******************************************************
    nic-hdl: AR6363-RIPE
    source: RIPE # Filtered

    *blogfa (another - - down when gerdab is)
    emailed ISP abuseاغتشاشگران-را-معرفی-کنید/
    down when gerdab is

    Aziz Lutfollah

    Registered through:, Inc. (Browser Update Page)
    Domain Name: DONYABLOG.COM

    OrgAbuseHandle: APLUS-ARIN
    OrgAbuseName: AplusNet Abuse
    OrgAbusePhone: +1-858-410-6900

    OrgName: Abacus America Inc.
    OrgID: ABAC
    Address: 10350 Barnes Canyon Rd.
    City: San Diego
    StateProv: CA
    PostalCode: 92121
    Country: US

    NetRange: -
    NetName: ABAC1999A
    NetHandle: NET-216-55-128-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation

    عکسهای ایرانی و خارجی و مطالب جالب - عکس:اغتشاشگران را شناسایی کنید
    عکسهای ایرانی و خارجی و مطالب جالب - اغتشاشگران را شناسایی کنید
    down when gerdab is *has a note at the end that 2 were arrested & identified & their info will be published soon.
    (see info below)

    فدايي سيد علي خامنه ‌اي >> اغتشاشگران را معرفی کنید
    down when gerdab is (see below for info)

    اغتشاشگران را شناسايي كنيد + عكس - جديدترين اخبار - اخبار : ايران ديپلماسي :: IRAN DIPLOMACY ::
    down when gerdab is

    remarks: (Domain Holder) Vahidreza Amir Solemani
    remarks: (Domain Holder Address) No.195, floor 13,Block C, Kaveh Tower, Azadi St, Enghelab Sq., Tehran, IR, 1314765343
    admin-c: va50-irnic
    tech-c: va50-irnic
    zone-c: va50-irnic
    source: IRNIC # Filtered

    person: Masir IT Co
    remarks: ---
    address: ---
    phone: +98 21 66420260
    fax-no: +98 21 66904934
    nic-hdl: va50-irnic
    source: IRNIC # Filtered

    OrgName: HopOne Internet Corporation
    OrgID: HOPO
    Address: 3311 South 120th Place
    City: Tukwila
    StateProv: WA
    PostalCode: 98168-5125
    Country: US

    OrgAbuseHandle: ABUSE958-ARIN
    OrgAbuseName: Abuse Department
    OrgAbusePhone: 206-438-5909

    جهان نيوز - عکس/ اغتشاش گران را شناسایی کنید
    roheshab (
    Electrum 213
    Tel. +46.855923
    another planet IP
    RAbuseHandle: ABUSE271-ARIN
    RAbuseName: The Planet Abuse
    RAbusePhone: +1-281-714-3560

    عکس و اخبار آشوب و اغتشاش در تهران - اغتشاشگران را شناسایی کنید
    Whois Privacy Protection Service, Inc.
    Whois Agent (
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    Bellevue, WA 98007

    IP Addy:
    another planet ip
    RAbuseHandle: ABUSE271-ARIN
    RAbuseName: The Planet Abuse
    RAbusePhone: +1-281-714-3560

    شهاب نيوز
    down when gerdab is - connected to shahabnews

    name: Majid Salimi
    mail: tel: +1.1111111111
    org: Majid Salimi

    address: 1111
    city: Tehran
    ,province: Tehran
    ,country: IR
    postcode: 123456

    IP Addy:

    Peer 1 Network Inc. PEER1-BLK-08 (NET-64-34-0-0-1) -
    ServerBeach PEER1-SERVERBEACH-03A (NET-64-34-192-0-1) -

    وبلاگ نیوز >> اغتشاش‌گران، این تصاویر را شناسایی و معرفی کنید
    down when gerdab is

    remarks: (Domain Holder) PersianBlog
    remarks: (Domain Holder Address) No. 104, Floor One, Goldis Building, Front of Mosalla, Shahid Beheshti St., Tehran, IR, 1587775648
    admin-c: pe52-irnic
    tech-c: pe52-irnic
    zone-c: pe52-irnic
    source: IRNIC # Filtered

    IP Addy:

    NetRange: -
    OriginAS: AS13749, AS21844, AS30315, AS36420
    NetHandle: NET-70-84-0-0-1
    Parent: NET-70-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.THEPLANET.COM
    NameServer: NS2.THEPLANET.COM
    RegDate: 2004-07-29
    Updated: 2009-02-24

    RAbuseHandle: ABUSE271-ARIN
    RAbuseName: The Planet Abuse
    RAbusePhone: +1-281-714-3560

    پایگاه خبری تحلیلی رئیس جمهور ما.
    down down down. yay

    درخواست سپاه از مردم براي معرفي آشوبگران + تصاوير مربوطه - نفت نيوز
    remarks: (Domain Holder) Toraj Borun
    remarks: (Domain Holder Address) No.68, 12 moalem st., Moalem st.,, Qom, IR, 3716943194
    admin-c: mi51-irnic
    tech-c: mi51-irnic
    zone-c: mi51-irnic
    source: IRNIC # Filtered


    NetRange: -
    OriginAS: AS13749, AS13884, AS21844, AS30315
    OriginAS: AS36420
    NetHandle: NET-75-125-0-0-1
    Parent: NET-75-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.EV1SERVERS.NET
    NameServer: NS2.EV1SERVERS.NET
    RegDate: 2007-06-11
    Updated: 2008-02-28

    OrgAbuseHandle: ABUSE271-ARIN
    OrgAbuseName: The Planet Abuse
    OrgAbusePhone: +1-281-714-3560
    OrgAbuseEmail: جامعه مجازی - محمد(maddog) رپ - همه بخواننداغتشاشگران را شناسايي كنيد فوری
    Domain Admin (
    P.O. Box 97
    Note - All Postal Mails Rejected, visit
    null,5066 ZH
    Tel. +45.36946676

    IP Addy:
    NetRange: -
    NetName: NJIIX
    NetHandle: NET-64-20-32-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    Comment: Please use for all abuse reports.
    RegDate: 2005-04-07
    Updated: 2006-02-24
  25. I noticed that some of the sites that are supposed to be down when is down, are up (while gerdab is down).
  26. more !

    spotted 5 more of those bastards (urls dble-quoted to stay copy-paste friendly) :

    1 - .. images hosted there (complaint on its way, do it too by reporting the image to img98 host):

    2 - .. images hosted there :

    3 - .. images hosted there :

    4 - hosts images itself

    5 - ... images hosted there :
    complained about that one here :
  27. brat Member

    Sorry.. that wasn't clear. I meant that the pics don't show when gerdab is down. Only the text & the rest of the site.
  28. Cloak n Run Member

    excellent! that is good news

    I've been a little concerned as to how far we'd take this. Even a message to gerdab on nedasites shows the same pictures. Without Farsi translations we kind of hit a brick wall.

    What we really need is the site/s that does the reporting. Is it an email or online webform? Now if they ALL offer a unique method of passing on the names where do we stand?

    Would save us a lot of time and resources if they all simply link to the main site that's for sure.
  29. Dont know if its the case for u all
    but i have been unabled to open for the whole day ... ?

    What abt u guys ? Is it just me or seems to be general ?
  30. has been downed, confirmed from 3 different IPs that never hit the site, so it couldn't be an IP ban.


  31. brat Member

    last 2 sites I had ..

    Hopefully I'm not just repeating, but these are the last 2 I had... (I wrote 3 before, but not adding

    شهاب نيوز - اغتشاشگران را معرفی کنید
    pictures are up when is working...

    Majid Salimi +1.4165101366
    Gama Hosting
    136 Roywood Dr.
    North York,Ontario,CA M3A 2E1
    Peer 1 Network Inc. PEER1-BLK-08 (NET-64-34-0-0-1) -
    ServerBeach PEER1-SERVERBEACH-03A (NET-64-34-192-0-1) -

    اغتشاشگران را معرفی کنید

    Iran HOST +98.2188343213
    Roshangar Rayaneh Ltd.
    #4, No 22, Qabousnameh st. Motahari ave.
    Tehran,Tehran,IR 15888

    Record last updated at 2008-11-05 17:15:59
    Record created on 2007/11/18
    Record expired on 2009/11/18

    Domain servers in listed order:


    name:(Mohammad Sadegh Akbarizadegan)
    mail:( +98.9131042633

    PSINet, Inc. PSINETA (NET-38-0-0-0-1) -
    PSINet, Inc. COGENT-NB-0002 (NET-38-112-0-0-1) -
  32. apparently gerdab is vulnerable to POST, not so much GET. thus you need to include the -httpready flag.

    the script is run by the perl binary, and while it claims to be opening 1000 sockets, it only seems to run ~21 threads for the 'perl' process on a mac. i will look into this to see if additional mac configuration is required.

    the other thing that baffles me is that if we run the script like: $> ./ <args> then it works. but if we use the tool perl to run it like so: $>perl <args> you will get:

    This Perl not built to support threads
    Compilation failed in require at line 96.
    BEGIN failed--compilation aborted at line 96.

    does anyone know why this is? is the perl tool interpreting the script and running it in the first instance, and trying to compile it in the second? wtf is going on?
  33. Ray Murphy Member

    "Hacktivists" target Iran's leadership online - Washington Times
  34. They are back again--

    Is it easy to learn to help you in attacking and shutting them down? I am not inside IRAN--this is the least we can do--CuberAttack on Mother FU,,KERS
  35. Ray Murphy Member

    I'm not involved in any of that heavy duty stuff, but it is very easy to do apparently.
  36. Hey... I'm an American and I want to help with this. I've tried using Slowloris and Longcat. I have absolutely no clue what I'm doing. not sure if it is working. If someone can tell me what to do (what is the best program and how to use it)...?

  37. Also... my IP has been banned from I can no longer access the site... but I can see that it is up through a proxy
  38. Delphies Member

    Did you read the whole thread?
    There's pretty much information in it.

    Try this thread too:
  39. Cloak n Run Member

  40. Don't relax your efforts now. is back again.

    Don't relax your efforts now. is back again. Hit it hard.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins