Chat window and DOS attack on the forum.

[Monkeh]

Ahh thats great! What about the shout box, is it gonna come back up?

Can't risk it.
I need something new...

Dave.

I think a lot of it was just lots of open tabs. I have four machines here, all often with multiple tabs on the forum. Unsurprisingly, my IP ended up banned (and still is, Dave, if you could fix that..). This is a design flaw, rather than a deliberate attack.

[Simon]

that is a possibility, any live chat will need constant communication with the server. I also have a few tabs open and sometimes more than one machine on so it is understandable that there is a fair amount of traffic being generated by it. Probably 3 to 10 times the amount of tabs open causing continuous communication than there are actual members online.

[SeanB]

As well remember transparent proxies are often used, so many requests appear to be originating from a single IP, but behind there can be a lot of separate users. Phone companies often do this for mobile data, you will find a single  cell or group of cells have a single gateway address.

[Simon]

this is why you can't ban the IP, one of the IP's behind the public one will be the offender, but if you block the public IP you will block all of those users. I did get complaints from a user on another forum I set up that he was being asked to verify he was human every time he loaded the page he was using a mobile phone dongle. As soon as he used a home computer all was well again.

[chrome]

the forum is hosted by a hosting company. I think Dave has a whole server but I may be wrong

Yes, it's a full dedicated box at HostGator, no one else shares it, it's all mine.

Intel Xeon 3360 (Quad Core)
4 GB DDR3 Memory
2 X 250 GB Hard Drives (one main, one backup)
10 TB Bandwidth
5 Dedicated IPs

And a team of oompa loompa's who look after it.

One of these boxes:
http://www.hostgator.com/images/d4.jpg
http://www.hostgator.com/images/d8.jpg
Dave.

That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.

[EEVblog]

That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.

Not overkill, the amount of SQL database accesses a popular forum generates is phenomenal. I have posted that stats before, but it's many hundreds per second. And that's just the accesses, not to mention the actual bandwidth.
I actually posted my stats to some professionals in the business, and all said a dedicated machine was required, VPS was poo-poo'd by all. Many of them said I needed a hybrid machine or machines (optimised for both database and bandwidth etc.)
I also have to account for continued growth.

Dave.

[EEVblog]

FYI, the list of IP's being blocked:

     15 189.110.36.152
     25 81.166.238.17
     26 149.135.147.88
     27 91.135.8.111
     28 110.174.113.203
     28 110.175.175.181
     28 121.210.33.139
     28 147.108.253.254
     28 64.185.130.29
     28 66.68.142.248
     28 70.187.95.122
     28 95.222.124.188
     29 113.161.78.252
     29 118.208.96.48
     29 184.66.131.213
     29 199.7.156.43
     29 67.128.226.230
     29 71.139.6.22
     29 74.222.246.83
     29 91.156.133.136
     29 97.101.176.52
     29 99.29.92.116
     56 98.69.130.145
     57 124.149.120.58
     57 78.32.146.204
     84 108.95.96.45

[Monkeh]

Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

[EEVblog]

Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.

[Monkeh]

Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.

Thanks. Can I ask what the preceding numbers are?

[EEVblog]

Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.

Thanks. Can I ask what the preceding numbers are?

Number of Nchat hit count requests over a few minutes

Dave.

[Monkeh]

Could you get mine off of that, please? My phone is not a comfortable way to use a forum..

I've taken it off cPanel, but Alan needs to do penguin stuff to take it off the firewall as well. I've let him know.

Dave.

Thanks. Can I ask what the preceding numbers are?

Number of Nchat hit count requests over a few minutes

Dave.

Thought so. Way up there.. I think this was just the result of bad browsing habits, not an attack.

[DrGeoff]

FYI, the list of IP's being blocked:

     28 121.210.33.139

That's my IP address.
What tests were performed to determine if the IP was required to be blocked?
There are no zombies or bots running on this network.

[DarkPrince]

Yeah I am in that list also. So is it really just a software issue being misinterpreted as an attack afterall? So you keeping the IP s banned? Should I pm you my IP that's on the list?

Those numbers are interesting. Even if I left 3 windows open over the sample of 2 minutes that's one request every 17 seconds per window. Poorly written shout box.

Actually all of those are probably innocent forum users that didnt know.

[Uncle Vernon]

That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.

Inefficient? No not really? Ever calculated the cooling required for racks stacked with pancake or blade servers? Ever done an energy comparison between regular and 1RU power supplies.

Then do a cost comparison with mid-range tower boxes vs rack equivalent. Even eventual resale comes into play with tower boxes more likely to be on-sold for domestic and small business use.

The big cloud and server farm providers didn't start out yesterday they know what offers the best value, the same reasons why you don't see Aston Martins as taxi's.

[DrGeoff]

That seems so inefficient both space-wise and power-wise. Why didn't they just use 19" racks?
Also were there other setups you could have chosen because that seems a bit overpowered for a forum/website (right?) unless i'm missing something else you do with it.

Inefficient? No not really? Ever calculated the cooling required for racks stacked with pancake or blade servers? Ever done an energy comparison between regular and 1RU power supplies.

Then do a cost comparison with mid-range tower boxes vs rack equivalent. Even eventual resale comes into play with tower boxes more likely to be on-sold for domestic and small business use.

The big cloud and server farm providers didn't start out yesterday they know what offers the best value, the same reasons why you don't see Aston Martins as taxi's.

I like the access too, easy to swap out without having to fiddle about in the back of a tight rack with nests of cables.

[EEMarc]

A mid sized desktop is equivalent to a full 4u server space. A 1U server can be problematically small from my experience dealing with them. The optimal space is closer to a 2U.

Google uses I believe in a 2U rack servers but I know for sure that they each come with a specially designed high efficiency UPS that achieves over 99.5% efficiency. Their transformers on site also get over 99.5% efficiency. Their cooling system is optimized for efficiency as well. They have gone to the extreme to maximize their server efficiency and reliability while minimizing their overall cost.

HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers. Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.

[Uncle Vernon]

A mid sized desktop is equivalent to a full 4u server space. A 1U server can be problematically small from my experience dealing with them. The optimal space is closer to a 2U.

Optimal for which particular set of circumstances?

Google uses I believe in a 2U rack servers but I know for sure that they each come with a specially designed high efficiency UPS that achieves over 99.5% efficiency. Their transformers on site also get over 99.5% efficiency. Their cooling system is optimized for efficiency as well. They have gone to the extreme to maximize their server efficiency and reliability while minimizing their overall cost.

Google builds from the ground up the use their own custom housings.

HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers.

Here's a quick quiz, why don't you take another look and report back how many of those boxes are Inspirons desktops, and how many are PowerEdge Server grade towers?

Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.

Why does space have to be a consideration? It only comes to play when you are silly enough to build a data centre on prime CBD real estate. The rooms still need to be cleaned, equipment serviced and revised, climate needs to be maintained throughout the room. High density isn't always the best strategy.

[EEMarc]

If you have to lay fiber optic cable at ~$100k per km to a suitable low cost building for low density servers, the economics of a higher density server room doesn't sound nearly as bad.

[EEVblog]

HostGator simply buys off the shelf desktop units and passes the additional cost over optimal to their customers. Dave's photo clearly shows that space isn't an important consideration for them. They're a small fish and the best for them may be different than other companies. Their choice has served them well in their business model. At the end of the day, that is what matters.

I believe that photo is the dedicated servers only, and almost certainly not all of them.
They have other rack based systems too:
http://www.hostgator.com/network.shtml

They have done all the numbers, and use what is appropriate, you can bet your bottom dollar.

Dave.

[EEVblog]

Yeah I am in that list also. So is it really just a software issue being misinterpreted as an attack afterall? So you keeping the IP s banned? Should I pm you my IP that's on the list?

Those who are on the list please email me and let me know your IP.
Thanks

The server was definitely being attacked, big time. Sorry I do not know the tech details, Alan Garfield was handling that. We had to ban a bunch of IPs to stem off the attack, and it turns out it picked up a few real users too, sorry.

Dave.

[Rerouter]

hmm seems my previous IP was banned, or atlead getting 403, forbidden errors.... (dynamic IP), either way i'm back on now and hope we dont have any other people trying to exploit the forum just to proove they can do it :/

[EEMarc]

I believe that photo is the dedicated servers only, and almost certainly not all of them.
They have other rack based systems too:

I should have specified their dedicated service. My bad.

[Simon]

The thing with IP's is that it is easy to appear to come from another Ip and many ISP's have a whole load of users behind one IP. I cannot download from most file hosting sites because it tells me i am already downloading a file, this is because someone else not too far away on the same exchange possibly is already downloading a file and we have the same IP. It was different when i had cable but then I will no longer tolerate virgin media's arrogance and treachery.

I don't know how the IP system works but i guess there are not enough to go round.

[Bloch]

I don't know how the IP system works but i guess there are not enough to go round.

Yes IP4 is outdated.


Why dont we all switch to IP6