Author Topic: Chat window and DOS attack on the forum.  (Read 19668 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Chat window and DOS attack on the forum.
« on: July 22, 2012, 03:57:45 am »
Sorry guys, have had to remove the (Nchat) chat window.
The forum was getting attacked by some bot targetting Nchat with 12KB requests.
This is what caused the big bandwidth spike and presumably the slow forum performance.

Now they are attacking the main forum index, so I'll have to start blocking IP's...

Dave.
 

Offline Mint.

  • Frequent Contributor
  • **
  • Posts: 523
  • Country: au
  • Account is inactive now. Thanks everybody!
    • Personal Blog, Mint Electronics.
Re: Chat window and DOS attack on the forum.
« Reply #1 on: July 22, 2012, 04:18:42 am »
Ahh thats nasty, hope everything will be fine by tomorrow :)
Personal Blog (Not Active Anymore), Mint Electronics:
http://mintelectronics.wordpress.com/
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #2 on: July 22, 2012, 04:21:47 am »
IP's now banned.
Forum speed should be back to normal and lightning quick now.

Dave.
 

Offline samgab

  • Frequent Contributor
  • **
  • Posts: 423
  • Country: nz
Re: Chat window and DOS attack on the forum.
« Reply #3 on: July 22, 2012, 04:45:27 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #4 on: July 22, 2012, 06:40:32 am »
Don't think Dave hosts it on a poor Telstra ADSL line, more like it is on a hosting service and on a virtualised server in a rack in some colo in Houston, run by Godaddy.
 

Offline EEMarc

  • Regular Contributor
  • *
  • Posts: 94
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #5 on: July 22, 2012, 06:52:13 am »
I wonder if there is a correlation between the DoS attack and the AdSense warning.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #6 on: July 22, 2012, 07:17:03 am »
the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong
 

Offline Mint.

  • Frequent Contributor
  • **
  • Posts: 523
  • Country: au
  • Account is inactive now. Thanks everybody!
    • Personal Blog, Mint Electronics.
Re: Chat window and DOS attack on the forum.
« Reply #7 on: July 22, 2012, 07:55:22 am »
IP's now banned.
Forum speed should be back to normal and lightning quick now.

Dave.
Ahh thats great! ;D What about the shout box, is it gonna come back up?
Personal Blog (Not Active Anymore), Mint Electronics:
http://mintelectronics.wordpress.com/
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #8 on: July 22, 2012, 07:56:01 am »
probably not unless the developers can make it more secure
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #9 on: July 22, 2012, 09:30:42 am »
I wonder if there is a correlation between the DoS attack and the AdSense warning.

Good point, but I doubt it. They were just targeting the Nchat app.

Dave.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #10 on: July 22, 2012, 09:35:43 am »
Seems to be over now.
Look like that NChat module was chewing a bit of bandwidth too.

Dave.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #11 on: July 22, 2012, 09:42:28 am »
the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong

Yes, it's a full dedicated box at HostGator, no one else shares it, it's all mine.

Intel Xeon 3360 (Quad Core)
4 GB DDR3 Memory
2 X 250 GB Hard Drives (one main, one backup)
10 TB Bandwidth
5 Dedicated IPs

And a team of oompa loompa's who look after it.

One of these boxes:



Dave.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #12 on: July 22, 2012, 09:44:45 am »
Ahh thats great! ;D What about the shout box, is it gonna come back up?

Can't risk it.
I need something new...

Dave.
 

Offline hans

  • Super Contributor
  • ***
  • Posts: 1675
  • Country: nl
Re: Chat window and DOS attack on the forum.
« Reply #13 on: July 22, 2012, 09:48:08 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?

I run a site on some machines. I created an admin with a log file if someone tried to break in it. I checked the logs the other day.. 90 IP requests < 2minutes from 1 IP. A few weeks later it happened again, 10 more times.
So I looked up the access logs of Apache, and it turns out they crawl the server for directories like install/, admin/ , sqladmin/ phpmyadmin, etc (all those directories people typically put their site or database administration in). They hope to find out someone forget to put a password on their database admin (which happens more often than you think), or forget to remove the install or maintenance scripts for forums (so you can create a new root administrator or something).. Picked the first 10 directories of the list, created an auto IP ban script for it, problem solved. Over 400 IP's have been banned now :)

I believe all these attacks are automated. If they can figure out where a leak is , they can figure out how to write a script for it to automatically attack everything. That's why it's quite important to keep software updated. If there is a severe leak, hackers can just crawl every site, check the software versions and try to exploit it. And the bottom of the page tells the board software version, the HTTP headers the server software; nothing is hidden on the internet..

@Serverpark: Hmmm, nice machines. I wonder if it wouldn't be more efficient to use racks instead of full desktop PC enclosures. Ah well, that's the hosters problem :D
How much traffic does the eevblog.com use per month for the forum?
However, out here the forum still seem kinda slow.. :(
« Last Edit: July 22, 2012, 09:53:23 am by hans »
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #14 on: July 22, 2012, 09:58:31 am »
http://ars.userfriendly.org/cartoons/?id=20120721

A suggestion as to what you should do to them.......
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #15 on: July 22, 2012, 10:01:10 am »
Dave, what about opening another Twitter account, and using that? People can auto join and no admin on your side, just put the disclaimer in the blurb and away you go. You probably will want to turn off the notifications to you though.........
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #16 on: July 22, 2012, 10:32:03 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?

I run a site on some machines. I created an admin with a log file if someone tried to break in it. I checked the logs the other day.. 90 IP requests < 2minutes from 1 IP. A few weeks later it happened again, 10 more times.
So I looked up the access logs of Apache, and it turns out they crawl the server for directories like install/, admin/ , sqladmin/ phpmyadmin, etc (all those directories people typically put their site or database administration in). They hope to find out someone forget to put a password on their database admin (which happens more often than you think), or forget to remove the install or maintenance scripts for forums (so you can create a new root administrator or something).. Picked the first 10 directories of the list, created an auto IP ban script for it, problem solved. Over 400 IP's have been banned now :)

I believe all these attacks are automated. If they can figure out where a leak is , they can figure out how to write a script for it to automatically attack everything. That's why it's quite important to keep software updated. If there is a severe leak, hackers can just crawl every site, check the software versions and try to exploit it. And the bottom of the page tells the board software version, the HTTP headers the server software; nothing is hidden on the internet..

@Serverpark: Hmmm, nice machines. I wonder if it wouldn't be more efficient to use racks instead of full desktop PC enclosures. Ah well, that's the hosters problem :D
How much traffic does the eevblog.com use per month for the forum?
However, out here the forum still seem kinda slow.. :(

Yes with everyone using things like worpress most of the net is now standardised so it would be easy to write a script to target known paths. Even with my basic skills I know how to find out if a website is running on wordpress..... I try and log into it. If I get a wordpress login page appear bingo I was right. If it gives me an error page i know it's not run on wordpress. But in my case I have no ill intentions just idle curiosity.
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #17 on: July 22, 2012, 03:09:27 pm »
So this is strange. I get home from a buddies last night, head to the eevblog, and get a 403 Permission Error when trying to go through ether domain (www or not). This morning I cannot even connect to either domain. Not sure whats going on, or why I have been affected.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #18 on: July 22, 2012, 03:10:59 pm »
it's been fine for me although just now I got a connection error message. All working now though, lasted a few seconds
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #19 on: July 22, 2012, 03:51:16 pm »
I forgot to mention this is continous and not at random. Using my mobile data to access the site.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #20 on: July 22, 2012, 03:56:06 pm »
are you sure it's not a connection problem your end ?
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #21 on: July 22, 2012, 05:23:59 pm »
I don't think so. The DNS seems to be fine. Seems like the server is ignoring the connection request. Suspicious with the 403 error just 12 hours before. Could be patient and hope it works itself out but this is strange.
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #22 on: July 22, 2012, 06:05:05 pm »
I don't think so. The DNS seems to be fine. Seems like the server is ignoring the connection request. Suspicious with the 403 error just 12 hours before. Could be patient and hope it works itself out but this is strange.

Obviously your IP address Dave banned :)
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #23 on: July 22, 2012, 06:09:33 pm »
Turn off router and go for the IP roulette........ must be the guy next door to you.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #24 on: July 22, 2012, 06:18:05 pm »
not sure if your IP have been banned. Banning Ip addresses can cause no end of problems. It might be the most fool proof method but it is too risky in blocking legit connections. Unless you have been attacking the shout box ;)

EDIT: just reread the first post from Dave. seems he has needed to start blocking IP's. Best thing is contact him with your Ip if you know it and see if yours is banned. If it is Dave may have to rethink how he keeps trouble out.
« Last Edit: July 22, 2012, 06:20:39 pm by Simon »
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #25 on: July 22, 2012, 06:42:13 pm »
Ahh thats great! ;D What about the shout box, is it gonna come back up?

Can't risk it.
I need something new...

Dave.
I think a lot of it was just lots of open tabs. I have four machines here, all often with multiple tabs on the forum. Unsurprisingly, my IP ended up banned (and still is, Dave, if you could fix that..). This is a design flaw, rather than a deliberate attack.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #26 on: July 22, 2012, 06:45:14 pm »
that is a possibility, any live chat will need constant communication with the server. I also have a few tabs open and sometimes more than one machine on so it is understandable that there is a fair amount of traffic being generated by it. Probably 3 to 10 times the amount of tabs open causing continuous communication than there are actual members online.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #27 on: July 22, 2012, 07:12:41 pm »
As well remember transparent proxies are often used, so many requests appear to be originating from a single IP, but behind there can be a lot of separate users. Phone companies often do this for mobile data, you will find a single  cell or group of cells have a single gateway address.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #28 on: July 22, 2012, 07:18:24 pm »
this is why you can't ban the IP, one of the IP's behind the public one will be the offender, but if you block the public IP you will block all of those users. I did get complaints from a user on another forum I set up that he was being asked to verify he was human every time he loaded the page he was using a mobile phone dongle. As soon as he used a home computer all was well again.
 

Offline chrome

  • Regular Contributor
  • *
  • Posts: 185
  • Country: be
Re: Chat window and DOS attack on the forum.
« Reply #29 on: July 22, 2012, 08:55:18 pm »
the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong

Yes, it's a full dedicated box at HostGator, no one else shares it, it's all mine.

Intel Xeon 3360 (Quad Core)
4 GB DDR3 Memory
2 X 250 GB Hard Drives (one main, one backup)
10 TB Bandwidth
5 Dedicated IPs

And a team of oompa loompa's who look after it.

One of these boxes:
http://www.hostgator.com/images/d4.jpg
http://www.hostgator.com/images/d8.jpg
Dave.

That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #30 on: July 22, 2012, 10:50:05 pm »
That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.

Not overkill, the amount of SQL database accesses a popular forum generates is phenomenal. I have posted that stats before, but it's many hundreds per second. And that's just the accesses, not to mention the actual bandwidth.
I actually posted my stats to some professionals in the business, and all said a dedicated machine was required, VPS was poo-poo'd by all. Many of them said I needed a hybrid machine or machines (optimised for both database and bandwidth etc.)
I also have to account for continued growth.

Dave.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #31 on: July 22, 2012, 10:51:04 pm »
FYI, the list of IP's being blocked:

     15 189.110.36.152
     25 81.166.238.17
     26 149.135.147.88
     27 91.135.8.111
     28 110.174.113.203
     28 110.175.175.181
     28 121.210.33.139
     28 147.108.253.254
     28 64.185.130.29
     28 66.68.142.248
     28 70.187.95.122
     28 95.222.124.188
     29 113.161.78.252
     29 118.208.96.48
     29 184.66.131.213
     29 199.7.156.43
     29 67.128.226.230
     29 71.139.6.22
     29 74.222.246.83
     29 91.156.133.136
     29 97.101.176.52
     29 99.29.92.116
     56 98.69.130.145
     57 124.149.120.58
     57 78.32.146.204
     84 108.95.96.45
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #32 on: July 22, 2012, 10:53:30 pm »
Could you get mine off of that, please? My phone is not a comfortable way to use a forum..
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #33 on: July 22, 2012, 10:54:56 pm »
Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #34 on: July 22, 2012, 10:58:57 pm »
Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.
Thanks. Can I ask what the preceding numbers are?
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #35 on: July 22, 2012, 11:03:23 pm »
Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.
Thanks. Can I ask what the preceding numbers are?

Number of Nchat hit count requests over a few minutes

Dave.
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #36 on: July 22, 2012, 11:06:45 pm »
Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.
Thanks. Can I ask what the preceding numbers are?

Number of Nchat hit count requests over a few minutes

Dave.
Thought so. Way up there.. I think this was just the result of bad browsing habits, not an attack.
 

Offline DrGeoff

  • Frequent Contributor
  • **
  • Posts: 794
  • Country: au
    • AXT Systems
Re: Chat window and DOS attack on the forum.
« Reply #37 on: July 22, 2012, 11:52:09 pm »
FYI, the list of IP's being blocked:

     28 121.210.33.139
That's my IP address.
What tests were performed to determine if the IP was required to be blocked?
There are no zombies or bots running on this network.
Was it really supposed to do that?
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #38 on: July 23, 2012, 12:13:37 am »
Yeah I am in that list also. So is it really just a software issue being misinterpreted as an attack afterall? So you keeping the IP s banned? Should I pm you my IP that's on the list?

Those numbers are interesting. Even if I left 3 windows open over the sample of 2 minutes that's one request every 17 seconds per window. Poorly written shout box.

Actually all of those are probably innocent forum users that didnt know. :(
« Last Edit: July 23, 2012, 12:26:57 am by DarkPrince »
 

Uncle Vernon

  • Guest
Re: Chat window and DOS attack on the forum.
« Reply #39 on: July 23, 2012, 12:40:23 am »
That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.
Inefficient? No not really? Ever calculated the cooling required for racks stacked with pancake or blade servers? Ever done an energy comparison between regular and 1RU power supplies.

Then do a cost comparison with mid-range tower boxes vs rack equivalent. Even eventual resale comes into play with tower boxes more likely to be on-sold for domestic and small business use.

The big cloud and server farm providers didn't start out yesterday they know what offers the best value, the same reasons why you don't see Aston Martins as taxi's.
 

Offline DrGeoff

  • Frequent Contributor
  • **
  • Posts: 794
  • Country: au
    • AXT Systems
Re: Chat window and DOS attack on the forum.
« Reply #40 on: July 23, 2012, 12:51:12 am »
That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.
Inefficient? No not really? Ever calculated the cooling required for racks stacked with pancake or blade servers? Ever done an energy comparison between regular and 1RU power supplies.

Then do a cost comparison with mid-range tower boxes vs rack equivalent. Even eventual resale comes into play with tower boxes more likely to be on-sold for domestic and small business use.

The big cloud and server farm providers didn't start out yesterday they know what offers the best value, the same reasons why you don't see Aston Martins as taxi's.

I like the access too, easy to swap out without having to fiddle about in the back of a tight rack with nests of cables.
Was it really supposed to do that?
 

Offline EEMarc

  • Regular Contributor
  • *
  • Posts: 94
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #41 on: July 23, 2012, 02:42:22 am »
A mid sized desktop is equivalent to a full 4u server space. A 1U server can be problematically small from my experience dealing with them. The optimal space is closer to a 2U.

Google uses I believe in a 2U rack servers but I know for sure that they each come with a specially designed high efficiency UPS that achieves over 99.5% efficiency. Their transformers on site also get over 99.5% efficiency. Their cooling system is optimized for efficiency as well. They have gone to the extreme to maximize their server efficiency and reliability while minimizing their overall cost.

HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers. Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.
 

Uncle Vernon

  • Guest
Re: Chat window and DOS attack on the forum.
« Reply #42 on: July 23, 2012, 02:55:40 am »
A mid sized desktop is equivalent to a full 4u server space. A 1U server can be problematically small from my experience dealing with them. The optimal space is closer to a 2U.
Optimal for which particular set of circumstances?

Quote
Google uses I believe in a 2U rack servers but I know for sure that they each come with a specially designed high efficiency UPS that achieves over 99.5% efficiency. Their transformers on site also get over 99.5% efficiency. Their cooling system is optimized for efficiency as well. They have gone to the extreme to maximize their server efficiency and reliability while minimizing their overall cost.
Google builds from the ground up the use their own custom housings.

Quote
HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers.
Here's a quick quiz, why don't you take another look and report back how many of those boxes are Inspirons desktops, and how many are PowerEdge Server grade towers?

Quote
Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.
Why does space have to be a consideration? It only comes to play when you are silly enough to build a data centre on prime CBD real estate. The rooms still need to be cleaned, equipment serviced and revised, climate needs to be maintained throughout the room. High density isn't always the best strategy.
 

Offline EEMarc

  • Regular Contributor
  • *
  • Posts: 94
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #43 on: July 23, 2012, 06:16:21 am »
If you have to lay fiber optic cable at ~$100k per km to a suitable low cost building for low density servers, the economics of a higher density server room doesn't sound nearly as bad.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #44 on: July 23, 2012, 06:39:03 am »
HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers. Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.

I believe that photo is the dedicated servers only, and almost certainly not all of them.
They have other rack based systems too:
http://www.hostgator.com/network.shtml

They have done all the numbers, and use what is appropriate, you can bet your bottom dollar.

Dave.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38441
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #45 on: July 23, 2012, 06:45:54 am »
Yeah I am in that list also. So is it really just a software issue being misinterpreted as an attack afterall? So you keeping the IP s banned? Should I pm you my IP that's on the list?

Those who are on the list please email me and let me know your IP.
Thanks

The server was definitely being attacked, big time. Sorry I do not know the tech details, Alan Garfield was handling that. We had to ban a bunch of IPs to stem off the attack, and it turns out it picked up a few real users too, sorry.

Dave.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4700
  • Country: au
  • Question Everything... Except This Statement
Re: Chat window and DOS attack on the forum.
« Reply #46 on: July 23, 2012, 07:08:37 am »
hmm seems my previous IP was banned, or atlead getting 403, forbidden errors.... (dynamic IP), either way i'm back on now and hope we dont have any other people trying to exploit the forum just to proove they can do it :/
 

Offline EEMarc

  • Regular Contributor
  • *
  • Posts: 94
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #47 on: July 23, 2012, 08:28:59 am »
I believe that photo is the dedicated servers only, and almost certainly not all of them.
They have other rack based systems too:

I should have specified their dedicated service. My bad.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #48 on: July 23, 2012, 11:54:45 am »
The thing with IP's is that it is easy to appear to come from another Ip and many ISP's have a whole load of users behind one IP. I cannot download from most file hosting sites because it tells me i am already downloading a file, this is because someone else not too far away on the same exchange possibly is already downloading a file and we have the same IP. It was different when i had cable but then I will no longer tolerate virgin media's arrogance and treachery.

I don't know how the IP system works but i guess there are not enough to go round.
 

Offline Bloch

  • Supporter
  • ****
  • Posts: 455
  • Country: dk
Re: Chat window and DOS attack on the forum.
« Reply #49 on: July 23, 2012, 12:14:23 pm »
I don't know how the IP system works but i guess there are not enough to go round.


Yes IP4 is outdated.


Why dont we all switch to IP6
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #50 on: July 23, 2012, 12:23:51 pm »
what is the difference ?
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #51 on: July 23, 2012, 12:37:58 pm »
The thing with IP's is that it is easy to appear to come from another Ip and many ISP's have a whole load of users behind one IP. I cannot download from most file hosting sites because it tells me i am already downloading a file, this is because someone else not too far away on the same exchange possibly is already downloading a file and we have the same IP. It was different when i had cable but then I will no longer tolerate virgin media's arrogance and treachery.

I don't know how the IP system works but i guess there are not enough to go round.

I doubt you have the same IP as anyone else. More likely your current choice of scumbag ISP uses a transparent proxy.

what is the difference ?

96 bits. I have as many IPv6 addresses as my disposal as there are possible IPv4 addresses.
 

Offline Bloch

  • Supporter
  • ****
  • Posts: 455
  • Country: dk
Re: Chat window and DOS attack on the forum.
« Reply #52 on: July 23, 2012, 12:40:00 pm »
what is the difference ?


A bit more IP adresses  ;)

Quote
The older IPv4 only supports a maximum 32 bit internet address, which translates to 2^32 IP addresses available for assignment (about 4.29 billion total). IPv6 utilizes 128 bit web addresses, allowing a maximum 2^128 available addresses: 340,282,366,920,938,000,000,000,000,000,000,000,000; which if you couldn’t already tell is a very big number.


So a need for a router per modem is not necessary. My guess is that every modem will get 1000 IP adresses.
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #53 on: July 23, 2012, 12:46:11 pm »
what is the difference ?


A bit more IP adresses  ;)

Quote
The older IPv4 only supports a maximum 32 bit internet address, which translates to 2^32 IP addresses available for assignment (about 4.29 billion total). IPv6 utilizes 128 bit web addresses, allowing a maximum 2^128 available addresses: 340,282,366,920,938,000,000,000,000,000,000,000,000; which if you couldn’t already tell is a very big number.


So a need for a router per modem is not necessary. My guess is that every modem will get 1000 IP adresses.

No, everyone should get a /48, unless the ISP is being stupid. That's 18,446,744,073,709,551,616 IPs. I have two at my disposal and can easily replace them with /64s if I choose. Which is, well, rather a few more.

You still need a router and a firewall. Don't confuse NAT with real routers.
« Last Edit: July 23, 2012, 12:48:04 pm by Monkeh »
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 8089
  • Country: de
  • A qualified hobbyist ;)
Re: Chat window and DOS attack on the forum.
« Reply #54 on: July 23, 2012, 01:49:33 pm »
The thing with IP's is that it is easy to appear to come from another Ip and many ISP's have a whole load of users behind one IP. I cannot download from most file hosting sites because it tells me i am already downloading a file, this is because someone else not too far away on the same exchange possibly is already downloading a file and we have the same IP. It was different when i had cable but then I will no longer tolerate virgin media's arrogance and treachery.

I don't know how the IP system works but i guess there are not enough to go round.

For full/real internet access one needs to have a dedicated public IP address, even if it's a dynamic one. All other solutions with proxies and carrier grade NAT where several users share the same public IP address(es) are broken by design. You may call that web access :-) Unfortunately we'll see more of those in the near future caused by the exhaustion of IPv4 addresses. Most ISPs seem to be reluctant in providing IPv6. It isn't brand new, it's over ten years old! More than enough time to engineer your network and OSS for IPv6.
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #55 on: July 23, 2012, 01:51:39 pm »
I cannot download from most file hosting sites because it tells me i am already downloading a file

I doubt you have the same IP as anyone else. More likely your current choice of scumbag ISP uses a transparent proxy.

More likely someone reported kiddy porn on the file hosting site which put it on the UK Internet Watch Foundation list and causes all access to the entire site to be routed through a proxy which blocks access to the URLs claimed to contain kiddy porn. That makes just about every access from the UK appear to be from the same IP address.

For a few days no one in the UK could edit Wikipedia because the IWF thought the British needed to be protected from this article http://en.wikipedia.org/wiki/Virgin_Killer or perhaps that the girl needed to be protected from the British 32 years too late, or something. I have no idea what the IWF thinks they are achieving.
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #56 on: July 23, 2012, 02:01:54 pm »
I cannot download from most file hosting sites because it tells me i am already downloading a file

I doubt you have the same IP as anyone else. More likely your current choice of scumbag ISP uses a transparent proxy.

More likely someone reported kiddy porn on the file hosting site which put it on the UK Internet Watch Foundation list and causes all access to the entire site to be routed through a proxy which blocks access to the URLs claimed to contain kiddy porn. That makes just about every access from the UK appear to be from the same IP address.

For a few days no one in the UK could edit Wikipedia because the IWF thought the British needed to be protected from this article http://en.wikipedia.org/wiki/Virgin_Killer or perhaps that the girl needed to be protected from the British 32 years too late, or something. I have no idea what the IWF thinks they are achieving.

FUD. That little incident never affected me or anyone not on the big-name consumer ISPs.
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #57 on: July 23, 2012, 02:27:08 pm »
FUD. That little incident never affected me or anyone not on the big-name consumer ISPs.


Oh Sorry
Quote
Home Office Minister Alan Campbell said: "In 2006 the government stated that they wished to see 100% of consumer broadband connections covered by blocking, which includes images of child abuse, by the end of 2007.

"Currently in the UK, 95% of consumer broadband connections are covered by blocking. The government is currently looking at ways to progress the final 5%."

When I said no one I should have said 95%.
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #58 on: July 23, 2012, 02:32:05 pm »
Estimated 95%.

This is why smart people don't use BT. Or Virgin, or Talktalk, or Orange, or Sky, or..
 

Online IanB

  • Super Contributor
  • ***
  • Posts: 12283
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #59 on: July 23, 2012, 02:36:32 pm »
Major speed problems as of right now (1430 UTC). Very slow server responses and page updates.
« Last Edit: July 23, 2012, 02:39:37 pm by IanB »
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #60 on: July 23, 2012, 03:04:25 pm »
Estimated 95%.

This is why smart people don't use BT. Or Virgin, or Talktalk, or Orange, or Sky, or..
and peedyfiles.
Quote
don't use BT. Or Virgin, or Talktalk, or Orange, or Sky, or..
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #61 on: July 23, 2012, 03:10:06 pm »
Major speed problems as of right now (1430 UTC). Very slow server responses and page updates.

Say that again
www.eevblog.com
99 packets received/99 transmitted :   0% PACKET LOSS
Round Trip Time (in milliseconds) Max/Min/Av: 1457/768/1045
www.google.com
99 packets received/99 transmitted :   0% PACKET LOSS
Round Trip Time (in milliseconds) Max/Min/Av: 16/15/15

all the delay to eevblog is in the last hop.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #62 on: July 23, 2012, 03:16:52 pm »
Having a machine paer customer for the dedicated servers is to make it easy to manage, as if you get a court order you can point to a machine and PC Plod ( who in the best case is wary of IT, and thinks a rack of 100 blades is one computer) can take one only, without wiping out 99 other clients on the same server rack.
 

Offline Kevin.D

  • Frequent Contributor
  • **
  • Posts: 290
  • Country: england
Re: Chat window and DOS attack on the forum.
« Reply #63 on: July 23, 2012, 03:33:59 pm »
EEV forum really slow from here today ,much worse than it was yesterday .it's almost unusable
 

Offline chrome

  • Regular Contributor
  • *
  • Posts: 185
  • Country: be
Re: Chat window and DOS attack on the forum.
« Reply #64 on: July 23, 2012, 03:57:04 pm »
Having a machine paer customer for the dedicated servers is to make it easy to manage, as if you get a court order you can point to a machine and PC Plod ( who in the best case is wary of IT, and thinks a rack of 100 blades is one computer) can take one only, without wiping out 99 other clients on the same server rack.

You can still do a 2U rackspace server per customer and still save a lot of room...
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #65 on: July 23, 2012, 04:20:38 pm »
Chrome, the plods took an entire rack because it had **ONE** server that they were taking. A box on a shelf is something that even a TSA agent can understand is a "compuuter thingie".
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 17963
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #66 on: July 23, 2012, 05:02:41 pm »
The forum is having some slow page loads for me too. At home on the PC or at work on my mobile phone (that is getting it's connection off the work pc not mobile network..... yet)
 

Online Monkeh

  • Super Contributor
  • ***
  • Posts: 8042
  • Country: gb
Re: Chat window and DOS attack on the forum.
« Reply #67 on: July 24, 2012, 12:20:42 pm »
Yeah I am in that list also. So is it really just a software issue being misinterpreted as an attack afterall? So you keeping the IP s banned? Should I pm you my IP that's on the list?

Those who are on the list please email me and let me know your IP.
Thanks

Have emailed, have sent PM, still having to tunnel.
 

Offline nitro2k01

  • Frequent Contributor
  • **
  • Posts: 843
  • Country: 00
Re: Chat window and DOS attack on the forum.
« Reply #68 on: October 12, 2012, 10:01:16 pm »
Banning Ip addresses can cause no end of problems. It might be the most fool proof method but it is too risky in blocking legit connections.
Actually, if you put some research into it, you can tell something about the IP address. I run a small forum with almost no real activity, which currently acts more as a spam trap. IP addresses are assigned to entities in blocks. An address might belong to a block which belongs to a consumer ISP. In this case, yes, it's risky. On the other hand, the address might belong to a range that belongs to a data center. In this case I generally block not only that IP, but all of the ranges I can find belonging to that data center. I've noticed that a provider by the name Ubiquity Servers are hosting a few servers that are used for spamming forums.

Another thing one might try is to ban TOR and other proxies, at least from doing some things. Or, requiring an extra captcha or so to be filled in when registering a new account over a proxy. However, I wouldn't generally advise banning proxies without putting thought into the decision since some people in some regimes might rely on them to connect to the outside world.
Whoa! How the hell did Dave know that Bob is my uncle? Amazing!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf