Suddenly lots of server processes because of SMF forum

[L2Scarlet]

Hi, suddenly SMF forum 2.0.19 started to create lots of server processes without changed anything on server and/or forum scripts. What can be the problem? Where to look? (No php errors or anything in logs).

On same server I have multiple SMF forums installed same version 2.0.19 and there are OK, no errors (only one forum is creating problems).


"Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.__"


__EDITED! I uninstalled the crap. Problem solved! I don't recommend this software anymore... It's malefic.

[Steve]

I don't recommend this software anymore... It's malefic

You mean SMF? If so, I'm sad to hear that you think that because it's simply not true. We could have helped you but you've chosen a different path.

Marking solved.

[Kindred]

You probably got hit by malicious bots which -- if you had not correctly configured your system -- might cause undue use of server resources.

Our software works just fine when correctly configured

[L2Scarlet]

Our software works just fine when correctly configured

Yes, and it was like that for years till the freakin Voodoo happened and now I decided to uninstall all my SMF forums to avoid issues like this. Ty for fast reply anyway... (Other users should be warned in future with some announcement like: "Hey DON'T uninstall it and wait for support reply!)
Ty anyway...

[Arantor]

Better not ever run any website because the voodoo can and does happen to all of them. Especially forums and blogs.

[Kindred]

You posted at 5:49am (my time)

I had responded by 7:47am... andvi would have responded with more help,  but you have already un-installed and called our software malware....(which it is not)

Your issues are due to bots. Not our software.
We do not have real-time support. We are all volunteers... so getting an answer within 2 hours, given the time that you posted seems entirely reasonable to me. Not our fault if you are so impatient.

If you want to Reload your forums, we can help you configure them correctly to stop the bots.
If not, have a nice life -- but don't claim that our software is bad or malicious just because you had issues and would rather quit than fix them.

[shawnb61]

Almost certainly bots.  It's gotten much worse lately with everyone feeding their content-hungry LLMs/AI. 

Several recent threads on this here due to the increasing volume.

(Plus all that weird automated hacking/vulnerability probing is in very high gear again... Must be an election year... )

Today, SMF - like every other platform - leaves bot management to the site admins.

But not all admins know how to do that. 

I wonder if we need to find a better way to share bot management source & examples.  I'm thinking sitemaps (to help good bots rapidly find updates), robots.txt (to help good bots avoid links that shouldn't be indexed), and .htaccess directives (to slice bad bots in the jugular).

[L2Scarlet]

ok, it's my bad... I said that this SMF forum is malefic because it is very vulnerable to bots and weird attacks.

Attached printscreen from AW Stats!
https://i.imgur.com/Pb9A004.png


(That's  happened when Cloudflare is Paused and ******ty hosting company) it requires manually IP bans

[sudoku]

Before you burn any bridges here, you should always ask your questions and WAIT for an appropriate response. Because of your knee-jerk reaction, the volunteers here may not respond to you any further (at their discretion of course).
You have burnt a bridge prematurely, imo.

Yes, they are volunteers here, with real life things to do... so patience is a must. 

[Kindred]

And no... smf is not any more vulnerable than any other web script.  I had to make similar updates for my WordPress based sites which were getting pounded.

And no...  you don't need to ban by ip address... you need to limit by USER-AGENT, as demonstrated by about 300 different webmaster sites who talk about bad-bots

[Aleksi "Lex" Kilpinen]

That looks and sounds like a cheap DOS attack. Can't really blame SMF for you getting attacked.

Alibaba Cloud LLC AL-3 (NET-47-74-0-0-1) 47.74.0.0 - 47.87.255.255
ALIBABA CLOUD HK ALIBABA CLOUD HK (NET-47-76-0-0-1) 47.76.0.0 - 47.76.255.255

Might want to contact Alibaba and complain to them.

Also, you say no error logs, but a 5xx should be logged, might also want to ask your host what's up.
Though, could just be your server was completely paralyzed by the attack. The error message is not SMF though, it is your server.

Also also, you've seen this before, it's not your first time getting swarmed.
You called SMF unstable crap in 2019, and again now, for pretty much the exact same reason.
If that's what you really think, I invite you to look in to alternatives and stop whining.

What ever you decide though, a word of advice for the future:
If something isn't working right, nuking it is rarely the answer. You never learn what went wrong, so you never learn to avoid it in the future.
If your car stops running, you don't immediately sell it for scrap do you? Most folks would start with checking obvious things like gas and ignition.
But you scrapped the car in 40 minutes here, because you didn't find an obvious immediate solution.

[L2Scarlet]

"Can't really blame SMF for you getting attacked."
It's SMF forum platform... the SMF forum created all the NPROC processes (and definitely not the other website from my server)
Perhaps it can happen with any version of SMF "also".
This type of software like SMF forum, VBulletin, Invision Power Board, etc. requires CLoudflare service like Bot Fighting Mode for sure otherwise .. uninstall it. (A normal "in-house" coding website will never do something like this!).

[Kindred]

I don't run cloudflare or any service like that - and I directly support 15 sites running smf and other softwares

The basic point is that YOU are over reacting and blaming smf, but you don't actually have the knowledge to even know what's going on. Instead of letting us help you, you scream "your software is malicious" and stomp your feet like a 2-year old having a tantrum.

[Arantor]

Every request you get in generates a server process to respond to it, that's literally how it works.

So if you get 500,000 requests from Alibaba you're going to get lots of processes spawned to deal with it.

Doesn't matter what platform that is, you're going to get it happen. Like one of my clients who doesn't use SMF, that recently had a DDOS attack of 18 million requests in a 24 hour period - showed the exact same behaviour. Lots of server processes, then 503s and the exact same sorts of errors.

I guarantee if your other site got that level of traffic it would similarly have trouble.