Only the two councils are impacted still.

Eastleigh are using Azure App Service, which collapsed for them. Azure App Service doesn't have any native anti-DDoS feature.

Trafford Council are using on prem webserver, which couldn't cope with load.

The problematic DDoS configs attached, $_1 is a variable for random gibberish - they basically stuff the search feature.

Today #NoName are upset with 6 orgs in Ukraine, 3 financial services orgs in the UK, BAE and 2 UK councils.

NoName’s config is still targeting those UK councils. Makes a change from bus shed websites.

Announcement is out.

If any of the targeted councils want a hand give me a shout, I can give you the botnet config which will give you an idea what to block (you’ll need a WAF first).

Normally they recycle the same old, already mitigated config for the UK - they finally made a new one today.

Noname are upset at UK gov today, targets - they may have some success as most are new.

* www.mossley-council.co.uk
* oneonline.bradford.gov.uk
* www.bradford.gov.uk
* resident.dacorum.gov.uk
* www.keighley.gov.uk
* youraccount.salford.gov.uk
* www.tameside.gov.uk
* www.bury.gov.uk
* www.dacorum.gov.uk
* www.southampton.gov.uk
* www.liverpool.gov.uk
* my.trafford.gov.uk
* www.salford.gov.uk
* www.hertfordshire.gov.uk
* www.stalbans.gov.uk
* www.dudley.gov.uk

Or how the cyber industry assesses NoName

NoName continue to send “DDoS missiles” to the UK - they’re unsuccessfully targeting bus information websites in two towns.

They plan announcement of their attack later today.

NoName announcement went out.

If you’re wondering what they’re targeting their “DDoS missiles” at, it’s some tram and ferry information websites