Author Topic: Chat window and DOS attack on the forum.  (Read 19759 times)

0 Members and 1 Guest are viewing this topic.

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Chat window and DOS attack on the forum.
« on: July 22, 2012, 03:57:45 am »
Sorry guys, have had to remove the (Nchat) chat window.
The forum was getting attacked by some bot targetting Nchat with 12KB requests.
This is what caused the big bandwidth spike and presumably the slow forum performance.

Now they are attacking the main forum index, so I'll have to start blocking IP's...

Dave.
 

Offline Mint.

  • Frequent Contributor
  • **
  • Posts: 523
  • Country: au
  • Account is inactive now. Thanks everybody!
    • Personal Blog, Mint Electronics.
Re: Chat window and DOS attack on the forum.
« Reply #1 on: July 22, 2012, 04:18:42 am »
Ahh thats nasty, hope everything will be fine by tomorrow :)
Personal Blog (Not Active Anymore), Mint Electronics:
http://mintelectronics.wordpress.com/
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #2 on: July 22, 2012, 04:21:47 am »
IP's now banned.
Forum speed should be back to normal and lightning quick now.

Dave.
 

Offline samgab

  • Frequent Contributor
  • **
  • Posts: 423
  • Country: nz
Re: Chat window and DOS attack on the forum.
« Reply #3 on: July 22, 2012, 04:45:27 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #4 on: July 22, 2012, 06:40:32 am »
Don't think Dave hosts it on a poor Telstra ADSL line, more like it is on a hosting service and on a virtualised server in a rack in some colo in Houston, run by Godaddy.
 

Offline EEMarc

  • Regular Contributor
  • *
  • Posts: 94
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #5 on: July 22, 2012, 06:52:13 am »
I wonder if there is a correlation between the DoS attack and the AdSense warning.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #6 on: July 22, 2012, 07:17:03 am »
the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong
 

Offline Mint.

  • Frequent Contributor
  • **
  • Posts: 523
  • Country: au
  • Account is inactive now. Thanks everybody!
    • Personal Blog, Mint Electronics.
Re: Chat window and DOS attack on the forum.
« Reply #7 on: July 22, 2012, 07:55:22 am »
IP's now banned.
Forum speed should be back to normal and lightning quick now.

Dave.
Ahh thats great! ;D What about the shout box, is it gonna come back up?
Personal Blog (Not Active Anymore), Mint Electronics:
http://mintelectronics.wordpress.com/
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #8 on: July 22, 2012, 07:56:01 am »
probably not unless the developers can make it more secure
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #9 on: July 22, 2012, 09:30:42 am »
I wonder if there is a correlation between the DoS attack and the AdSense warning.

Good point, but I doubt it. They were just targeting the Nchat app.

Dave.
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #10 on: July 22, 2012, 09:35:43 am »
Seems to be over now.
Look like that NChat module was chewing a bit of bandwidth too.

Dave.
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #11 on: July 22, 2012, 09:42:28 am »
the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong

Yes, it's a full dedicated box at HostGator, no one else shares it, it's all mine.

Intel Xeon 3360 (Quad Core)
4 GB DDR3 Memory
2 X 250 GB Hard Drives (one main, one backup)
10 TB Bandwidth
5 Dedicated IPs

And a team of oompa loompa's who look after it.

One of these boxes:



Dave.
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 38578
  • Country: au
    • EEVblog
Re: Chat window and DOS attack on the forum.
« Reply #12 on: July 22, 2012, 09:44:45 am »
Ahh thats great! ;D What about the shout box, is it gonna come back up?

Can't risk it.
I need something new...

Dave.
 

Offline hans

  • Super Contributor
  • ***
  • Posts: 1684
  • Country: nl
Re: Chat window and DOS attack on the forum.
« Reply #13 on: July 22, 2012, 09:48:08 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?

I run a site on some machines. I created an admin with a log file if someone tried to break in it. I checked the logs the other day.. 90 IP requests < 2minutes from 1 IP. A few weeks later it happened again, 10 more times.
So I looked up the access logs of Apache, and it turns out they crawl the server for directories like install/, admin/ , sqladmin/ phpmyadmin, etc (all those directories people typically put their site or database administration in). They hope to find out someone forget to put a password on their database admin (which happens more often than you think), or forget to remove the install or maintenance scripts for forums (so you can create a new root administrator or something).. Picked the first 10 directories of the list, created an auto IP ban script for it, problem solved. Over 400 IP's have been banned now :)

I believe all these attacks are automated. If they can figure out where a leak is , they can figure out how to write a script for it to automatically attack everything. That's why it's quite important to keep software updated. If there is a severe leak, hackers can just crawl every site, check the software versions and try to exploit it. And the bottom of the page tells the board software version, the HTTP headers the server software; nothing is hidden on the internet..

@Serverpark: Hmmm, nice machines. I wonder if it wouldn't be more efficient to use racks instead of full desktop PC enclosures. Ah well, that's the hosters problem :D
How much traffic does the eevblog.com use per month for the forum?
However, out here the forum still seem kinda slow.. :(
« Last Edit: July 22, 2012, 09:53:23 am by hans »
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #14 on: July 22, 2012, 09:58:31 am »
http://ars.userfriendly.org/cartoons/?id=20120721

A suggestion as to what you should do to them.......
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #15 on: July 22, 2012, 10:01:10 am »
Dave, what about opening another Twitter account, and using that? People can auto join and no admin on your side, just put the disclaimer in the blurb and away you go. You probably will want to turn off the notifications to you though.........
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #16 on: July 22, 2012, 10:32:03 am »
Things like that really piss me off. Don't the losers who design those things have anything better to do with their time?

Anyway, speed is fine my end, cheers. Do you host the forum yourself, or is it an off-site service, Dave?

I run a site on some machines. I created an admin with a log file if someone tried to break in it. I checked the logs the other day.. 90 IP requests < 2minutes from 1 IP. A few weeks later it happened again, 10 more times.
So I looked up the access logs of Apache, and it turns out they crawl the server for directories like install/, admin/ , sqladmin/ phpmyadmin, etc (all those directories people typically put their site or database administration in). They hope to find out someone forget to put a password on their database admin (which happens more often than you think), or forget to remove the install or maintenance scripts for forums (so you can create a new root administrator or something).. Picked the first 10 directories of the list, created an auto IP ban script for it, problem solved. Over 400 IP's have been banned now :)

I believe all these attacks are automated. If they can figure out where a leak is , they can figure out how to write a script for it to automatically attack everything. That's why it's quite important to keep software updated. If there is a severe leak, hackers can just crawl every site, check the software versions and try to exploit it. And the bottom of the page tells the board software version, the HTTP headers the server software; nothing is hidden on the internet..

@Serverpark: Hmmm, nice machines. I wonder if it wouldn't be more efficient to use racks instead of full desktop PC enclosures. Ah well, that's the hosters problem :D
How much traffic does the eevblog.com use per month for the forum?
However, out here the forum still seem kinda slow.. :(

Yes with everyone using things like worpress most of the net is now standardised so it would be easy to write a script to target known paths. Even with my basic skills I know how to find out if a website is running on wordpress..... I try and log into it. If I get a wordpress login page appear bingo I was right. If it gives me an error page i know it's not run on wordpress. But in my case I have no ill intentions just idle curiosity.
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #17 on: July 22, 2012, 03:09:27 pm »
So this is strange. I get home from a buddies last night, head to the eevblog, and get a 403 Permission Error when trying to go through ether domain (www or not). This morning I cannot even connect to either domain. Not sure whats going on, or why I have been affected.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #18 on: July 22, 2012, 03:10:59 pm »
it's been fine for me although just now I got a connection error message. All working now though, lasted a few seconds
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #19 on: July 22, 2012, 03:51:16 pm »
I forgot to mention this is continous and not at random. Using my mobile data to access the site.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #20 on: July 22, 2012, 03:56:06 pm »
are you sure it's not a connection problem your end ?
 

Offline DarkPrince

  • Regular Contributor
  • *
  • Posts: 107
  • Country: us
Re: Chat window and DOS attack on the forum.
« Reply #21 on: July 22, 2012, 05:23:59 pm »
I don't think so. The DNS seems to be fine. Seems like the server is ignoring the connection request. Suspicious with the 403 error just 12 hours before. Could be patient and hope it works itself out but this is strange.
 

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Re: Chat window and DOS attack on the forum.
« Reply #22 on: July 22, 2012, 06:05:05 pm »
I don't think so. The DNS seems to be fine. Seems like the server is ignoring the connection request. Suspicious with the 403 error just 12 hours before. Could be patient and hope it works itself out but this is strange.

Obviously your IP address Dave banned :)
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16362
  • Country: za
Re: Chat window and DOS attack on the forum.
« Reply #23 on: July 22, 2012, 06:09:33 pm »
Turn off router and go for the IP roulette........ must be the guy next door to you.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Chat window and DOS attack on the forum.
« Reply #24 on: July 22, 2012, 06:18:05 pm »
not sure if your IP have been banned. Banning Ip addresses can cause no end of problems. It might be the most fool proof method but it is too risky in blocking legit connections. Unless you have been attacking the shout box ;)

EDIT: just reread the first post from Dave. seems he has needed to start blocking IP's. Best thing is contact him with your Ip if you know it and see if yours is banned. If it is Dave may have to rethink how he keeps trouble out.
« Last Edit: July 22, 2012, 06:20:39 pm by Simon »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf