- #1
- 29,049
- 4,430
As many of you know I am an admin/moderator at chemicalforums.com, site in many ways similar to PF, just related to chemistry. CF was hit much stronger than PF by changes in the way ppl use forums/websites to get info, we lost a lot of traffic, but it was still working up to the last week.
No idea if this part is related to the story, still: about a month ago we were hit by forum scrappers, bombarding site with thousands of requests from multiple IPs, slowing the site to a crawl (loads like 20 20 20). Turned out most of these IPs originated from China, so I manually blocked most of the China Telecom (for those more technical: manual boomer way, whois to check the IP origin, then deny by range in .htaccess). It helped.
Fast forward to the last Saturday, when the site became non-responsive at all. That is: no problem to log in into the console with ssh, system looks OK, load almost zero, no suspicious threads, but no way to get anything out of the forum via http(s). That was way beyond my technical savviness, so I asked our provider support for help. Turned out site is under slowloris DDoS attack, with requests coming from around 190k IPs. We did some tweaking to the apache configuration, but to no avail. Perhaps adding nginx as a reverse proxy could help, sadly, the attack was causing issues with other VMs on the same node, so we were shut down. As of today nobody is able to say when/whether we will be back online (this is not intended to be a criticism, support was always great and I trust them they are doing their best).
That's just to let you know about things that happen. I did some digging, turns out places like an innocent, non-controversial scientific forum can be taken down by a script kiddie willing to spend few bucks on proxies. No idea if that's the case, but it is always a possibility.
No idea if this part is related to the story, still: about a month ago we were hit by forum scrappers, bombarding site with thousands of requests from multiple IPs, slowing the site to a crawl (loads like 20 20 20). Turned out most of these IPs originated from China, so I manually blocked most of the China Telecom (for those more technical: manual boomer way, whois to check the IP origin, then deny by range in .htaccess). It helped.
Fast forward to the last Saturday, when the site became non-responsive at all. That is: no problem to log in into the console with ssh, system looks OK, load almost zero, no suspicious threads, but no way to get anything out of the forum via http(s). That was way beyond my technical savviness, so I asked our provider support for help. Turned out site is under slowloris DDoS attack, with requests coming from around 190k IPs. We did some tweaking to the apache configuration, but to no avail. Perhaps adding nginx as a reverse proxy could help, sadly, the attack was causing issues with other VMs on the same node, so we were shut down. As of today nobody is able to say when/whether we will be back online (this is not intended to be a criticism, support was always great and I trust them they are doing their best).
That's just to let you know about things that happen. I did some digging, turns out places like an innocent, non-controversial scientific forum can be taken down by a script kiddie willing to spend few bucks on proxies. No idea if that's the case, but it is always a possibility.