Chemical Forums down, or how I learned what slowloris is

  • Thread starter Borek
  • Start date
  • Tags
    Forum
In summary, the article discusses the author's experience with the downtime of Chemical Forums, leading to an exploration of the Slowloris attack method. The author reflects on the implications of such cyber threats, the importance of online community platforms, and the technical details behind how Slowloris functions to exploit server vulnerabilities by maintaining connections without completing requests.
  • #1
Borek
Mentor
29,049
4,430
As many of you know I am an admin/moderator at chemicalforums.com, site in many ways similar to PF, just related to chemistry. CF was hit much stronger than PF by changes in the way ppl use forums/websites to get info, we lost a lot of traffic, but it was still working up to the last week.

No idea if this part is related to the story, still: about a month ago we were hit by forum scrappers, bombarding site with thousands of requests from multiple IPs, slowing the site to a crawl (loads like 20 20 20). Turned out most of these IPs originated from China, so I manually blocked most of the China Telecom (for those more technical: manual boomer way, whois to check the IP origin, then deny by range in .htaccess). It helped.

Fast forward to the last Saturday, when the site became non-responsive at all. That is: no problem to log in into the console with ssh, system looks OK, load almost zero, no suspicious threads, but no way to get anything out of the forum via http(s). That was way beyond my technical savviness, so I asked our provider support for help. Turned out site is under slowloris DDoS attack, with requests coming from around 190k IPs. We did some tweaking to the apache configuration, but to no avail. Perhaps adding nginx as a reverse proxy could help, sadly, the attack was causing issues with other VMs on the same node, so we were shut down. As of today nobody is able to say when/whether we will be back online (this is not intended to be a criticism, support was always great and I trust them they are doing their best).

That's just to let you know about things that happen. I did some digging, turns out places like an innocent, non-controversial scientific forum can be taken down by a script kiddie willing to spend few bucks on proxies. No idea if that's the case, but it is always a possibility.
 
  • Wow
  • Sad
  • Informative
Likes DrClaude, pinball1970, Vanadium 50 and 5 others
Physics news on Phys.org
  • #2
Why do you think these are script kiddies and not state actors learning their trade?
 
  • #3
Vanadium 50 said:
Why do you think these are script kiddies and not state actors learning their trade?

What I am trying to say is you don't need to be anything more than a script kiddie to put the site down. All the tools are on the table (example scripts on github, cheap distributed proxies as a service) and basically some googling is all you need to find them.
 
  • Like
Likes dwarde, Vanadium 50 and russ_watters
  • #4
What's a forum scrapper? Google gives me forums for scrappers, but I'm guessing that's not what hit you. Right?
 
  • #5
I am also a member of www.chemicalforums.com. I visited several times in the last week to this website, but I found the following page instead.
1725201592991.png


When shall I observe these www.chemicalforums.com website again working as usual ?
 
  • #6
Bandersnatch said:
What's a forum scrapper? Google gives me forums for scrappers, but I'm guessing that's not what hit you. Right?

Someone who tries to make a copy of the site by requesting all possible pages (in this case: messages) to copy their content. In a way it is not different from what search engines do, but they typically are much more relaxed with their requests (that is they don't bombard the site with thousands of requests per minute, overloading the system) and at least in theory they can be blocked just by telling them (with a file called robots.txt) that they should not index the site.

robots.txt is notoriously ignored though, it is kind of a courtesy concept. Not that long ago I had to block Microsoft and Amazon bots manually (I wonder if they don't scrap forums for content to feed their AI/LLM).
 
  • #7
WMDhamnekar said:
When shall I observe these www.chemicalforums.com website again working as usual ?

No idea, that's the problem, As long as we under attack we probably won't get back online, but we have no means to find out where the attack originates from or who is behind, so there is no way to stop it :frown:

These thing don't go forever, one day someone will kill the script or switch it to attack some other site.
 
  • #8
This is going to continue until:
(1) There are consequences to state actors.
(2) Enough non-state actors are jailed to serve as a deterrent to the rest.

Neither shows any signs of happening soon. Which is why we can't have nice things.
 
  • Like
Likes Borek
  • #9
Seems like we are back on line.
 
  • Like
Likes DrClaude, OmCheeto and Ibix

Similar threads

Replies
0
Views
96K
Replies
147
Views
17K
Replies
4
Views
3K
Replies
2
Views
4K
Replies
13
Views
2K
  • Sticky
Replies
2
Views
497K
Replies
2
Views
2K
Back
Top