Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: CoreISP on October 29, 2010, 01:29:14 PM

Title: SimpleMachines Server issues
Post by: CoreISP on October 29, 2010, 01:29:14 PM
Dear SMF users and visitors,

Over the past few days, and currently still, SimpleMachines.org is under a low level DDoS attack. The server team has been working at best effort on keeping the site stable and running smoothly but unfortunately we still have experienced a few hiccups. Due to the nature of our setup, it may appear to be working like a flash light from time to time.

We are still working on the issue and making modifications both software and hardware side to ensure you do not experience any trouble from this lame action.

We apologise for any inconvenience and hope you will understand.

Thank you and happy foruming,
- Simple Machines Team
Title: Re: SimpleMachines Server issues
Post by: Robert. on October 29, 2010, 02:50:09 PM
This evening, posting a new reply took long. :( Anywayz, hope that is be fixed soon.
Title: Re: SimpleMachines Server issues
Post by: Antes on October 29, 2010, 04:27:57 PM
Not cool :/ , GL team i hope you guys fix it soon
Title: Re: SimpleMachines Server issues
Post by: Deaks on October 29, 2010, 08:21:26 PM
good luck core :)
Title: Re: SimpleMachines Server issues
Post by: Alex' Manson on October 30, 2010, 04:41:27 AM
aww, good luck at fixing this..
Title: Re: SimpleMachines Server issues
Post by: Powerbob on October 30, 2010, 08:59:52 AM
some low life folks at it again :(
Title: Re: SimpleMachines Server issues
Post by: NanoSector on October 30, 2010, 07:42:45 PM
Damn, I just wanted a new theme :( The themes part is down.

Just looked up DDoS at Wikipedia and it doesn't seem too good.....I hope you guys restore fast!

Good luck with the fixing!
Title: Re: SimpleMachines Server issues
Post by: Nolt on October 31, 2010, 05:35:07 AM
For me Customize section works fine.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on October 31, 2010, 07:29:16 AM
For me Customize section works fine.
I get HTTP Error 500 if I try to access the Themes section of it. The rest works fine.
Title: Re: SimpleMachines Server issues
Post by: 1Chope on October 31, 2010, 09:32:15 PM
I don't know why people will be attacking this nice website, some people are wicked, how can they be so rude? SMF is one of the best software on the net and the best thing is  -  it is free, i will surely pay to get SMF if it dares go premium.Thanks for the updates, hope you handles it well
Title: Re: SimpleMachines Server issues
Post by: rjckE on November 01, 2010, 04:05:13 AM
I hate SMF haters  >:(
Title: Re: SimpleMachines Server issues
Post by: LibertyPrime on November 24, 2010, 02:53:29 PM
Sorry to bring this back up, but it still seems to be causing problems.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on November 24, 2010, 02:55:06 PM
Sorry to bring this back up, but it still seems to be causing problems.
And it's also reported to still cause issues :P
Title: Re: SimpleMachines Server issues
Post by: LibertyPrime on November 24, 2010, 02:57:42 PM
Thanks for informing me.  It's really annoying when I go to post on a forum, only to have it constantly not load.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on November 24, 2010, 02:59:04 PM
Thanks for informing me.  It's really annoying when I go to post on a forum, only to have it constantly not load.
Then you don't know my site :P Only thing it does is give me database errors.
Title: Re: SimpleMachines Server issues
Post by: LibertyPrime on November 24, 2010, 04:32:20 PM
How long does it usually take to respond to sites being down by the DDOS?
Title: Re: SimpleMachines Server issues
Post by: Illori on November 24, 2010, 05:16:37 PM
things happening on any forum other then this one is NOT related to the issues this site is facing.
Title: Re: SimpleMachines Server issues
Post by: LibertyPrime on November 24, 2010, 05:34:47 PM
Oh.  The forum in question is hosted by SMF.
Title: Re: SimpleMachines Server issues
Post by: Norv on November 24, 2010, 05:46:09 PM
SMF does not host any other forums than this one. Forums may be installed by their admins using the software we're providing, but we are not hosting them.
Title: Re: SimpleMachines Server issues
Post by: LibertyPrime on November 24, 2010, 06:04:57 PM
Okay.  I'll try to contact the main admin of the forum and let him or her know.
Title: Re: SimpleMachines Server issues
Post by: butchs on November 25, 2010, 08:52:16 AM
Dear SMF users and visitors,

Over the past few days, and currently still, SimpleMachines.org is under a low level DDoS attack. The server team has been working at best effort on keeping the site stable and running smoothly but unfortunately we still have experienced a few hiccups. Due to the nature of our setup, it may appear to be working like a flash light from time to time.

We are still working on the issue and making modifications both software and hardware side to ensure you do not experience any trouble from this lame action.

We apologise for any inconvenience and hope you will understand.

Thank you and happy foruming,
- Simple Machines Team

Just install Forum Firewall (http://forum.pctweakr.com/index.php/topic,499.0.html), it is designed to take care of DOS attacks and much more...  The mod has been waiting for approval at the SMF Mod Site since October 24th.
Title: Re: SimpleMachines Server issues
Post by: 青山 素子 on November 25, 2010, 02:32:39 PM
Depending on the type of DDoS, that may not do a single thing. There are plenty of ways to flood a connection without actually going up to the application running on the web server, or even the application layer of the OSI network stack.

At least in the past, I recall most of the attacks were either SYN floods, or just lots of requests against the webserver for a static file. Even a high enough rate of HEAD requests against, say, /community/Themes/smsite2/images/site/smsite_logo.jpg could cause the web server to have issues.
Title: Re: SimpleMachines Server issues
Post by: Kindred on November 26, 2010, 12:19:30 AM
and also,  we try not to install mods here and keep simplemachines.org as close to baseline install as is realistic (for variety of reasons)
Title: Re: SimpleMachines Server issues
Post by: willemjan on December 08, 2010, 04:41:46 AM
Are there any updates on this issue? Have the attacks stopped, or is there an solution for the problem? Any news what so ever?
Title: Re: SimpleMachines Server issues
Post by: Hj Ahmad Rasyid Hj Ismail on December 08, 2010, 03:24:52 PM
I just faced that "interruption" again today. So, I don't think that is solved as yet.
Title: Re: SimpleMachines Server issues
Post by: CoreISP on December 08, 2010, 03:45:16 PM
The attacks still seem to be going, though many measures that have been taken are keeping us up and running with hardly any issues. You may face a error from time to time when you are being sent to another server thanks to the load balancing, but that should be about it. :)
Title: Re: SimpleMachines Server issues
Post by: willemjan on December 08, 2010, 04:09:59 PM
Thanks for the update!  ;D
Title: Re: SimpleMachines Server issues
Post by: b4pjoe on December 09, 2010, 02:14:48 AM
The attacks still seem to be going, though many measures that have been taken are keeping us up and running with hardly any issues. You may face a error from time to time when you are being sent to another server thanks to the load balancing, but that should be about it. :)

Where are they coming from and why?
Title: Re: SimpleMachines Server issues
Post by: CoreISP on December 09, 2010, 06:41:15 AM
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on December 09, 2010, 08:27:23 AM
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.
phpBB fanboys LOL
Title: Re: SimpleMachines Server issues
Post by: CoreISP on December 09, 2010, 12:09:21 PM
Nah, that seems a bit far fetched :)
Title: Re: SimpleMachines Server issues
Post by: b4pjoe on December 09, 2010, 12:31:51 PM
They are comming from pretty much all over the world, it's not limited to a certain country or provider, unfortunately. Why is the question we all like the answer to :( I seriously dont know.

I was just wondering because usually there is a reason why sites are attacked and the attackers usually want it known why it is being done. Like WikiLeaks. Just seems strange that a forum site would be attacked as they really don't have an agenda that I know of.
Title: Re: SimpleMachines Server issues
Post by: Bolt™ on January 25, 2011, 12:39:28 PM
Some people should just get a life tbh
Title: Re: SimpleMachines Server issues
Post by: butchs on January 25, 2011, 02:50:33 PM
Naw, they are after everyone!  It is just that SMF is a bigger target than most.

I would not be surprised if most the traffic here is non-human.
Title: Re: SimpleMachines Server issues
Post by: CoreISP on January 25, 2011, 03:14:25 PM
I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human :)
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely :) (Or atleast: stop it from harming the server :P)

Today we received another attack, some may have noticed that sometimes the server became very slow.
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver ;D
Title: Re: SimpleMachines Server issues
Post by: NanoSector on January 26, 2011, 07:39:48 AM
I hope you guys get it sorted soon :)

fixing issues isn't that fun to do, lol
Title: Re: SimpleMachines Server issues
Post by: busterone on February 11, 2011, 11:20:33 PM
It seems to be an ongoing issue still.  Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress.  :(
Title: Re: SimpleMachines Server issues
Post by: NanoSector on February 12, 2011, 01:18:40 PM
It seems to be an ongoing issue still.  Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress.  :(
Works fine for me ???
Title: Re: SimpleMachines Server issues
Post by: busterone on February 12, 2011, 05:38:28 PM
Back to normal today.  :)
Title: Re: SimpleMachines Server issues
Post by: Road Rash Jr. on February 13, 2011, 10:23:02 AM
It seems to be an ongoing issue still.  Each attempt to use the search for the last 3 days has been fruitless. Each time, the server is under stress.  :(

I get the same report but not so much from searching, just changing folders will bring it on even today it happened twice this morning.
Title: Re: SimpleMachines Server issues
Post by: Masterd on February 13, 2011, 12:49:40 PM
Those DDOS attacks are annoying me!
Title: Re: SimpleMachines Server issues
Post by: GravuTrad on February 23, 2011, 10:13:45 AM
http://www.simplemachines.org/community/index.php?topic=422954.0
Title: Re: SimpleMachines Server issues
Post by: TheMortician4 on February 24, 2011, 09:31:14 AM
I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human :)
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely :) (Or atleast: stop it from harming the server :P)

Today we received another attack, some may have noticed that sometimes the server became very slow.

I am averaging between 300 and 350 attempts a month to access the site by non-member related persons. So far GoDaddy, and SMF have proven strong.

Hope that continues.....
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver ;D
Title: Re: SimpleMachines Server issues
Post by: 1speced on February 25, 2011, 05:29:51 PM
WOW i can't even access my forums now try if you want [link removed by moderator: see the support forum from your provider]
Title: Re: SimpleMachines Server issues
Post by: Illori on February 25, 2011, 05:31:54 PM
please contact your host, that has nothing to do with the issues this site is facing. please do not use this thread for support issues.
Title: Re: SimpleMachines Server issues
Post by: robinson01 on May 04, 2011, 06:57:30 AM
Thats ok,we hope soon you can fix it,keep working on it..
Title: Re: SimpleMachines Server issues
Post by: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on May 12, 2011, 04:54:45 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...
Title: Re: SimpleMachines Server issues
Post by: 青山 素子 on May 12, 2011, 11:28:39 AM
A real DDoS attack (putthing as much legitimate-looking traffic as possible through) won't be stopped by much. If it's a real DDoS, you'll need to consult with your hosting provider for options to mitigate the attack.

If it's low-level and the IPs aren't constantly changing and you have a dedicated or VPS, something like mod_cband in Apache HTTPd will probably help. You can rate-limit connections.
Title: Re: SimpleMachines Server issues
Post by: CoreISP on May 12, 2011, 01:13:48 PM
Actually put such a measure in front of Apache, combining it with the firewall. I usually find that more comfortable and reliable.
Title: Re: SimpleMachines Server issues
Post by: butchs on May 15, 2011, 06:43:31 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security.  First off you should have a hardware firewall such as a Cisco ASA.  Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers.  FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again.  Finally they go elsewhere...  If you are getting hit super hard.  Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months.  I tried many things (which are still in place).  They always came back and took down my site with DOS.  Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
Title: Re: SimpleMachines Server issues
Post by: NanoSector on May 15, 2011, 07:58:01 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security.  First off you should have a hardware firewall such as a Cisco ASA.  Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers.  FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again.  Finally they go elsewhere...  If you are getting hit super hard.  Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months.  I tried many things (which are still in place).  They always came back and took down my site with DOS.  Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
Yes but this already has been mentioned before, a modification will not work.
Title: Re: SimpleMachines Server issues
Post by: CoreISP on May 15, 2011, 11:35:43 AM
mod_security? No thank you.
As already explained on multiple occasions, these attacks are not picked up by our hardware firewall. They are legitimate traffic, low-level plus it is not in full related to the login attacks as many people seem to think.
Title: Re: SimpleMachines Server issues
Post by: butchs on May 15, 2011, 08:08:44 PM
Getting conflicting info here.  ???
Title: Re: SimpleMachines Server issues
Post by: CoreISP on May 16, 2011, 03:09:35 AM
Getting conflicting info here.  ???


What conflicting info?
Title: Re: SimpleMachines Server issues
Post by: butchs on May 16, 2011, 09:26:27 PM
If a modification will not work it is a high end assault on your server that compromises your upstream protection.  But, if it is a low end assault then Bad Behavior is designed for such things.  With cache, strict mod, project honeypot and logging off, it will handle large servers with ease, having minimal member blocking.  You can run with "Display statistics" of and no-one but the bots will know...   :o
Title: Re: SimpleMachines Server issues
Post by: CoreISP on May 17, 2011, 08:16:02 AM
As I said, they are legitimate requests. They are only slightly different from regular requests and go undetected.
I have setup a customised protection setup to handle this and it seems to work out well so far, especially with the nginx setup SleePy made to balance the loads. No need for measures that decrease overall performance.
Title: Re: SimpleMachines Server issues
Post by: butchs on May 17, 2011, 07:48:29 PM
BB (http://bad-behavior.ioerror.us/documentation/who-uses-bad-behavior/) operates on larger sites than this one with no performance issues.  It runs in the low millisecond range.  The SMF version with cache is faster than all other ports.

All I was trying to do is help.  I am glad you have everything under control.  Sorry to annoy you...
Title: Re: SimpleMachines Server issues
Post by: DHC on May 19, 2011, 11:23:39 AM
BB (http://bad-behavior.ioerror.us/documentation/who-uses-bad-behavior/) operates on larger sites than this one with no performance issues.  It runs in the low millisecond range.  The SMF version with cache is faster than all other ports.

All I was trying to do is help.  I am glad you have everything under control.  Sorry to annoy you...


Just a small point, but one worth making I think - whereas some of the SMF folks might feel a bit miffed, the exchange of information was quite helpful and I appreciate you taking the time. The SMF folks seem quite adept at dealing with such matters, but I would wager there are a large number of members who are not nearly so adept (I am in that category) and having the opportunity to read this exchange of information offers insights and ideas.

Soooo . . . I say THANKS to you and to the SMF folks who participated in the topic.

FWIW
Title: Re: SimpleMachines Server issues
Post by: CoreISP on May 19, 2011, 08:17:29 PM
I thought I replied to this topic.
I was not annoyed :) I appreciate the thinking. The more people that think about something, the better.

There's just a lot more to keep in mind than blocking things while blocking things... If that makes any sense :P So not everything can or should be applied.
Title: Re: SimpleMachines Server issues
Post by: agentstaobao on June 09, 2011, 10:21:15 AM
This evening, posting a new reply took long.  Anywayz, hope that is be fixed soon.