Slow Forums: PF Under DDOS Attack

  • Thread starter Borek
  • Start date
In summary: I'm not getting the 503 errors I was getting last night.It's Tuesday morning, March 6th, about 7:30 am EST.In summary, the Physics Forums website has been experiencing slow loading times and errors, particularly the "MySQL server has gone away" error. This is attributed to a DOS attack that occurred on March 5th and is still ongoing. The site moderators are working on fixing the issue and have contacted their data center for assistance. The attack is believed to be from a disgruntled individual or group, and the site is currently being monitored for any further attacks. The site's speed has improved since last night, but it is not yet back to
  • #316
I don't know how these things work, but I got another AVAST threat blocked message while visiting the Scepticism & Debunking forum around 3:30pm CDT. The pop-up mentioned a DCOM exploit with a link for more information. But that link only had information about AVAST, not the threat.
 
Physics news on Phys.org
  • #317
dlgoff said:
I don't know how these things work, but I got another AVAST threat blocked message while visiting the Scepticism & Debunking forum around 3:30pm CDT. The pop-up mentioned a DCOM exploit with a link for more information. But that link only had information about AVAST, not the threat.

Yeah, there's been a poltergeist hanging around in that forum for a while now.
 
  • #318
dlgoff said:
I don't know how these things work, but I got another AVAST threat blocked message while visiting the Scepticism & Debunking forum around 3:30pm CDT. The pop-up mentioned a DCOM exploit with a link for more information. But that link only had information about AVAST, not the threat.

From what I understand it is probably a coincidence - that is, attack didn't came from PF, but from completely different place, it just happened at the moment you were visiting S&D.

Was there any information about IP from which the attack came? If there is such information, compare it the to physicsforums.com IP which is 74.86.200.109.
 
  • #319
Borek said:
From what I understand it is probably a coincidence - that is, attack didn't came from PF, but from completely different place, it just happened at the moment you were visiting S&D.

Was there any information about IP from which the attack came? If there is such information, compare it the to physicsforums.com IP which is 74.86.200.109.

Thanks Borek. I will set my pop-up AVAST messages to stay longer so next time I can get the IP if it's available.
 
  • #320
502 again, second time today, just a minute ago.

First time it was much earlier, about 8:40 am my time (now is 11:16 am).
 
  • #321
Borek, as a matter of interest do you use the free or pro version of Avast and do you use the sandbox?
You seem to get more trouble than most with Avast.
 
  • #322
Studiot said:
Borek, as a matter of interest do you use the free or pro version of Avast and do you use the sandbox?
You seem to get more trouble than most with Avast.

Do I? I don't recall stating I have serious problems with Avast. For most of the time it works OK, it failed once, and from what I was able to google it didn't failed just me, more people reported exactly the same problem with exactly the same virus. Free version on Marzena's computer, no idea what she did.
 
  • #323
Borek said:
502 again, second time today, just a minute ago.

First time it was much earlier, about 8:40 am my time (now is 11:16 am).

Minute after I posted forum died for me, I was not able to edit the post (and I already forgot why I wanted).
 
  • #324
For what it's worth, I have not noticed any problems with PF for several weeks now.
 
  • #325
Redbelly98 said:
For what it's worth, I have not noticed any problems with PF for several weeks now.

Me too.
 
  • #326
Borek said:
Was there any information about IP from which the attack came? If there is such information, compare it the to physicsforums.com IP which is 74.86.200.109.

dlgoff said:
Thanks Borek. I will set my pop-up AVAST messages to stay longer so next time I can get the IP if it's available.

It happened again and I got the IP. It wasn't Physicsforums.coms IP but I only get this alert while lurking here. Anyway, I attacked the pop-up info.
 

Attachments

  • Exploit.jpg
    Exploit.jpg
    20.1 KB · Views: 377
  • #327
Wow. PF hasn't been so fast since the attacks for me. Incredibly "fluid" now. A very good news for me. I was getting really annoyed to wait minutes and opening more than 10 pages for at least 1 to load.
Now all seems perfect! Good job guys.
 
  • #328
RE: Dlgoff/Avast picture

Yes I had a bunch of these yesterday.

A word of warning, the calling code remains in your internet cache until you clear this so this will keep popping up as you change web pages - it will also affect other sites and may (probably) not have come from PF. Mine started on Ebay.

So if you see this clear your internet cache.
 
  • #329
Studiot said:
RE: Dlgoff/Avast picture

Yes I had a bunch of these yesterday.

A word of warning, the calling code remains in your internet cache until you clear this so this will keep popping up as you change web pages - it will also affect other sites and may (probably) not have come from PF. Mine started on Ebay.

So if you see this clear your internet cache.

I use Firefox and clear the cache manually before entering PF. The browser is also set to clear everything on exit. So that's not the problem here.
 
Last edited:
  • #330
Sadly I am sure now my problems are not related directly to PF server, but to something on the route between server and me. At the moment I am using a proxy, as otherwise I am not able to neither read nor post.

Code:
borek@invincible ~ $ ./checkPF
PING physicsforums.com (74.86.200.109) 56(84) bytes of data.

--- physicsforums.com ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 8998ms

traceroute to physicsforums.com (74.86.200.109), 15 hops max, 40 byte packets
 1  192.168.0.7 (192.168.0.7)  0.589 ms  0.588 ms  0.550 ms
 2  10.0.0.138 (10.0.0.138)  0.994 ms  1.008 ms  0.959 ms
 3  * * *
 4  xxxxxx.tpnet.pl (80.xxx.xxx.xxx)  24.153 ms  165.036 ms  24.492 ms
 5  hbg-b2-link.telia.net (213.248.89.93)  40.131 ms  40.774 ms  42.829 ms
 6  hbg-bb1-link.telia.net (80.91.251.77)  39.855 ms  40.643 ms  40.277 ms
 7  nyk-bb1-link.telia.net (80.91.247.129)  123.609 ms  125.113 ms nyk-bb1-link.telia.net (80.91.247.127)  124.372 ms
 8  dls-bb1-link.telia.net (213.155.130.207)  165.240 ms  165.234 ms  164.837 ms
 9  te3-3.bbr02.eq01.dal01.networklayer.com (213.248.102.174)  164.725 ms  195.295 ms  165.761 ms
10  po6.dar02.sr01.dal01.networklayer.com (173.192.18.213)  165.601 ms  166.956 ms  166.006 ms
11  po2.fcr03.sr04.dal01.networklayer.com (66.228.118.190)  165.963 ms  166.384 ms  166.775 ms
12  * * *
13  * * *
14  * * *
15  * * *
 
Last edited:
  • #331
Seems like it is not the first time when there is a (routing?) problem at 66.228.118.190.

Sometimes pings to PF get through, sometimes they don't, but I can't reach PF by traceroute and I can't post/read without a proxy.
 
  • #332
I had similar problems with 66.228.118.186 last Saturday.
 
  • #333
I have Avast and I have not seen any popups when visiting PF.
 
  • #334
The forum is a bit slow this afternoon.

Or perhaps my brain is extra fast :biggrin:!

Hmm...no, it's the forum. Dang.
 
  • #335
Sunday afternoon/evening, PF died for me. I don't know if this was a widespread issue or if there were issues on the path between here and there.
 
  • #338
Is it just me, or is the forum slow today? For most of the time it goes OK, but then for a minute or two it freezes.
 
  • #339
Borek said:
Is it just me, or is the forum slow today? For most of the time it goes OK, but then for a minute or two it freezes.

Right now the forum is responsive.
But earlier today I got a couple of gateway timeouts that other people apparently didn't have.
When I watched what my browser was doing before a timeout, I saw that it happened when it was accessing mathjax.org...
I'm not sure yet however, that mathjax.org is the reason...
 
  • #340
I like Serena said:
Right now the forum is responsive.
But earlier today I got a couple of gateway timeouts that other people apparently didn't have.
When I watched what my browser was doing before a timeout, I saw that it happened when it was accessing mathjax.org...
I'm not sure yet however, that mathjax.org is the reason...

Yep, I got that too, a few times now. I'm using Chrome, and I get a message I've never seen before that mentioned mathjax. Nothing is responsive, not even the cursor. Lasts about 10 seconds.
 
  • #341
lisab said:
Yep, I got that too, a few times now. I'm using Chrome, and I get a message I've never seen before that mentioned mathjax. Nothing is responsive, not even the cursor. Lasts about 10 seconds.

please record the message next time it appears, thanks!
 
  • #342
Greg Bernhardt said:
please record the message next time it appears, thanks!

It was only a couple seconds this time:

Loading [MathJax]/jax/output/HTML-CSS/jax.js

Happens when I open Random Thoughts.
 
  • #343
lisab said:
It was only a couple seconds this time:

Loading [MathJax]/jax/output/HTML-CSS/jax.js

Happens when I open Random Thoughts.

This may be one of those case when you're getting the fonts from MathJax and they are a bit slow. I loaded the STIX fonts into my Win 7 Fonts folder and Firefox is lightning fast. Might be worth a try; if it can be done in Chrome.
 
  • #344
I now get some sort of mathjax.js echo on a blank screen before the forum comes up.
 
  • #345
Now I am getting 504 errors. Although I think that is not some problem with PF.
 

Attachments

  • error.jpg
    error.jpg
    15.8 KB · Views: 383
Last edited:
  • #346
mishrashubham said:
Now I am getting 504 errors. Although I think that is not some problem with PF.

This is PF problem, from what I remember nginex was added to help deal with DDOS attack, since then it sometimes gives 502 and 504 errors, at least for me. I have never seen these errors before DDOS attack.

IMHO MathJax problems are unrelated and appear when MathJax servers are not fast enough. Unfortunately Opera seems to deal incorrectly with such situations
 
  • #347
DaveC426913 said:
I now get some sort of mathjax.js echo on a blank screen before the forum comes up.

can you elaborate? what are you doing when this happens? does it happen all the time?
 
Last edited:
  • #348
It happens anytime you enter a thread, sometimes it goes so quickly that you really have to be looking for it to see it. This is the message.

www.physicsforums.com/clientscript/mjsettings.js[/URL]

I started noticing it last week. I saw that you were discusing the issue Greg, or at least I thought that was what you were discussing. I'll pm you.
 
Last edited by a moderator:
  • #349
MathJax is dependent on the Amazon CloudFront so there is little they can do in terms configuring that. One developer asked if anyone here would be willing to install a plugin that would collect data that would be useful in troubleshooting the loading problems. PM me if interested.
 
  • #350
Code:
borek@invincible ~ $ ./checkPF
PING physicsforums.com (74.86.200.109) 56(84) bytes of data.

--- physicsforums.com ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 8998ms

traceroute to physicsforums.com (74.86.200.109), 15 hops max, 40 byte packets
 1  192.168.0.7 (192.168.0.7)  0.606 ms  0.568 ms  0.524 ms
 2  10.0.0.138 (10.0.0.138)  1.064 ms  0.990 ms  0.950 ms
 3  * * *
 4  xxxxx.tpnet.pl (xx.xx.xx.xx)  23.406 ms  23.614 ms  25.603 ms
 5  hbg-b2-link.telia.net (213.248.89.93)  40.144 ms  40.535 ms  40.570 ms
 6  hbg-bb2-link.telia.net (80.91.251.81)  46.344 ms  40.094 ms  39.173 ms
 7  nyk-bb2-link.telia.net (80.91.247.123)  125.381 ms nyk-bb2-link.telia.net (80.91.247.125)  123.475 ms  124.499 ms
 8  dls-bb1-link.telia.net (213.155.130.67)  165.859 ms dls-bb1-link.telia.net (213.155.130.209)  164.422 ms  165.928 ms
 9  te3-3.bbr02.eq01.dal01.networklayer.com (213.248.102.174)  169.799 ms  170.488 ms  170.192 ms
10  po6.dar02.sr01.dal01.networklayer.com (173.192.18.213)  170.019 ms  170.199 ms  170.734 ms
11  po2.fcr03.sr04.dal01.networklayer.com (66.228.118.190)  171.852 ms *  170.112 ms
12  * * *
13  * * *
14  * * *
15  * * *

For over two hours I was cut off (starting around 21:32 my time). And it had nothing to do with yesterdays situation :wink:
 

Similar threads

Replies
4
Views
2K
Replies
7
Views
1K
Replies
0
Views
96K
  • Sticky
3
Replies
96
Views
44K
Replies
3
Views
1K
Replies
30
Views
2K
Replies
13
Views
3K
Back
Top