Dear SMF users and visitors,
Over the past few days, and currently still, SimpleMachines.org is under a low level DDoS attack. The server team has been working at best effort on keeping the site stable and running smoothly but unfortunately we still have experienced a few hiccups. Due to the nature of our setup, it may appear to be working like a flash light from time to time.
We are still working on the issue and making modifications both software and hardware side to ensure you do not experience any trouble from this lame action.
We apologise for any inconvenience and hope you will understand.
Thank you and happy foruming,
- Simple Machines Team
This evening, posting a new reply took long. :( Anywayz, hope that is be fixed soon.
Not cool :/ , GL team i hope you guys fix it soon
good luck core :)
aww, good luck at fixing this..
some low life folks at it again :(
Damn, I just wanted a new theme :( The themes part is down.
Just looked up DDoS at Wikipedia and it doesn't seem too good.....I hope you guys restore fast!
Good luck with the fixing!
For me Customize section works fine.
Quote from: Nolt on October 31, 2010, 05:35:07 AM
For me Customize section works fine.
I get HTTP Error 500 if I try to access the Themes section of it. The rest works fine.
I don't know why people will be attacking this nice website, some people are wicked, how can they be so rude? SMF is one of the best software on the net and the best thing is - it is free, i will surely pay to get SMF if it dares go premium.Thanks for the updates, hope you handles it well
I hate SMF haters >:(
Sorry to bring this back up, but it still seems to be causing problems.
Quote from: LibertyPrime on November 24, 2010, 02:53:29 PM
Sorry to bring this back up, but it still seems to be causing problems.
And it's also reported to still cause issues :P
Thanks for informing me. It's really annoying when I go to post on a forum, only to have it constantly not load.
Quote from: LibertyPrime on November 24, 2010, 02:57:42 PM
Thanks for informing me. It's really annoying when I go to post on a forum, only to have it constantly not load.
Then you don't know my site :P Only thing it does is give me database errors.
How long does it usually take to respond to sites being down by the DDOS?
things happening on any forum other then this one is NOT related to the issues this site is facing.
Oh. The forum in question is hosted by SMF.
SMF does not host any other forums than this one. Forums may be installed by their admins using the software we're providing, but we are not hosting them.
Okay. I'll try to contact the main admin of the forum and let him or her know.
Quote from: CoreISP on October 29, 2010, 01:29:14 PM
Dear SMF users and visitors,
Over the past few days, and currently still, SimpleMachines.org is under a low level DDoS attack. The server team has been working at best effort on keeping the site stable and running smoothly but unfortunately we still have experienced a few hiccups. Due to the nature of our setup, it may appear to be working like a flash light from time to time.
We are still working on the issue and making modifications both software and hardware side to ensure you do not experience any trouble from this lame action.
We apologise for any inconvenience and hope you will understand.
Thank you and happy foruming,
- Simple Machines Team
Just install Forum Firewall (http://forum.pctweakr.com/index.php/topic,499.0.html), it is designed to take care of DOS attacks and much more... The mod has been waiting for approval at the SMF Mod Site since October 24th.
Depending on the type of DDoS, that may not do a single thing. There are plenty of ways to flood a connection without actually going up to the application running on the web server, or even the application layer of the OSI network stack.
At least in the past, I recall most of the attacks were either SYN floods, or just lots of requests against the webserver for a static file. Even a high enough rate of HEAD requests against, say, /community/Themes/smsite2/images/site/smsite_logo.jpg could cause the web server to have issues.
and also, we try not to install mods here and keep simplemachines.org as close to baseline install as is realistic (for variety of reasons)
Are there any updates on this issue? Have the attacks stopped, or is there an solution for the problem? Any news what so ever?
I just faced that "interruption" again today. So, I don't think that is solved as yet.
The attacks still seem to be going, though many measures that have been taken are keeping us up and running with hardly any issues. You may face a error from time to time when you are being sent to another server thanks to the load balancing, but that should be about it. :)
Thanks for the update! ;D
Quote from: CoreISP on December 08, 2010, 03:45:16 PM
The attacks still seem to be going, though many measures that have been taken are keeping us up and running with hardly any issues. You may face a error from time to time when you are being sent to another server thanks to the load balancing, but that should be about it. :)
Where are they coming from and why?
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.
Quote from: CoreISP on December 09, 2010, 06:41:15 AM
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.
phpBB fanboys LOL
Nah, that seems a bit far fetched :)
Quote from: CoreISP on December 09, 2010, 06:41:15 AM
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.
I was just wondering because usually there is a reason why sites are attacked and the attackers usually want it known why it is being done. Like WikiLeaks. Just seems strange that a forum site would be attacked as they really don't have an agenda that I know of.
Some people should just get a life tbh
Naw, they are after everyone! It is just that SMF is a bigger target than most.
I would not be surprised if most the traffic here is non-human.
I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human :)
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely :) (Or atleast: stop it from harming the server :P)
Today we received another attack, some may have noticed that sometimes the server became very slow.
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver ;D
I hope you guys get it sorted soon :)
fixing issues isn't that fun to do, lol
It seems to be an ongoing issue still. Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress. :(
Quote from: busterone on February 11, 2011, 11:20:33 PM
It seems to be an ongoing issue still. Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress. :(
Works fine for me ???
Back to normal today. :)
Quote from: busterone on February 11, 2011, 11:20:33 PM
It seems to be an ongoing issue still. Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress. :(
I get the same report but not so much from searching, just changing folders will bring it on even today it happened twice this morning.
Those DDOS attacks are annoying me!
http://www.simplemachines.org/community/index.php?topic=422954.0
Quote from: CoreISP on January 25, 2011, 03:14:25 PM
I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human :)
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely :) (Or atleast: stop it from harming the server :P)
Today we received another attack, some may have noticed that sometimes the server became very slow.
I am averaging between 300 and 350 attempts a month to access the site by non-member related persons. So far GoDaddy, and SMF have proven strong.
Hope that continues.....
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver ;D
WOW i can't even access my forums now try if you want [link removed by moderator: see the support forum from your provider]
please contact your host, that has nothing to do with the issues this site is facing. please do not use this thread for support issues.
Thats ok,we hope soon you can fix it,keep working on it..
For DDOS attacks trying to install Forum Firewall.Hope it works.
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...
A real DDoS attack (putthing as much legitimate-looking traffic as possible through) won't be stopped by much. If it's a real DDoS, you'll need to consult with your hosting provider for options to mitigate the attack.
If it's low-level and the IPs aren't constantly changing and you have a dedicated or VPS, something like mod_cband in Apache HTTPd will probably help. You can rate-limit connections.
Actually put such a measure in front of Apache, combining it with the firewall. I usually find that more comfortable and reliable.
Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...
Eh?
You need to bring about layers of security. First off you should have a hardware firewall such as a Cisco ASA. Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers. FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again. Finally they go elsewhere... If you are getting hit super hard. Turn cache on and logging off after you complete the test run, for extra speed.
My site was attacked with DOS attacks for months. I tried many things (which are still in place). They always came back and took down my site with DOS. Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
Quote from: butchs on May 15, 2011, 06:43:31 AM
Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...
Eh?
You need to bring about layers of security. First off you should have a hardware firewall such as a Cisco ASA. Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers. FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again. Finally they go elsewhere... If you are getting hit super hard. Turn cache on and logging off after you complete the test run, for extra speed.
My site was attacked with DOS attacks for months. I tried many things (which are still in place). They always came back and took down my site with DOS. Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
Yes but this already has been mentioned before, a modification will not work.
mod_security? No thank you.
As already explained on multiple occasions, these attacks are not picked up by our hardware firewall. They are legitimate traffic, low-level plus it is not in full related to the login attacks as many people seem to think.
Getting conflicting info here. ???
Quote from: butchs on May 15, 2011, 08:08:44 PM
Getting conflicting info here. ???
What conflicting info?
If a modification will not work it is a high end assault on your server that compromises your upstream protection. But, if it is a low end assault then Bad Behavior is designed for such things. With cache, strict mod, project honeypot and logging off, it will handle large servers with ease, having minimal member blocking. You can run with "Display statistics" of and no-one but the bots will know... :o
As I said, they are legitimate requests. They are only slightly different from regular requests and go undetected.
I have setup a customised protection setup to handle this and it seems to work out well so far, especially with the nginx setup SleePy made to balance the loads. No need for measures that decrease overall performance.
BB (http://bad-behavior.ioerror.us/documentation/who-uses-bad-behavior/) operates on larger sites than this one with no performance issues. It runs in the low millisecond range. The SMF version with cache is faster than all other ports.
All I was trying to do is help. I am glad you have everything under control. Sorry to annoy you...
Quote from: butchs on May 17, 2011, 07:48:29 PM
BB (http://bad-behavior.ioerror.us/documentation/who-uses-bad-behavior/) operates on larger sites than this one with no performance issues. It runs in the low millisecond range. The SMF version with cache is faster than all other ports.
All I was trying to do is help. I am glad you have everything under control. Sorry to annoy you...
Just a small point, but one worth making I think - whereas some of the SMF folks might feel a bit miffed, the exchange of information was quite helpful and I appreciate you taking the time. The SMF folks seem quite adept at dealing with such matters, but I would wager there are a large number of members who are not nearly so adept (I am in that category) and having the opportunity to read this exchange of information offers insights and ideas.
Soooo . . . I say THANKS to you and to the SMF folks who participated in the topic.
FWIW
I thought I replied to this topic.
I was not annoyed :) I appreciate the thinking. The more people that think about something, the better.
There's just a lot more to keep in mind than blocking things while blocking things... If that makes any sense :P So not everything can or should be applied.
This evening, posting a new reply took long. Anywayz, hope that is be fixed soon.