Suddenly lots of server processes because of SMF forum

L2Scarlet · June 16, 2024, 05:49:16 AM

Hi, suddenly SMF forum 2.0.19 started to create lots of server processes without changed anything on server and/or forum scripts. What can be the problem? Where to look? (No php errors or anything in logs).

On same server I have multiple SMF forums installed same version 2.0.19 and there are OK, no errors (only one forum is creating problems).

"Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.__"

__EDITED! I uninstalled the crap. Problem solved! I don't recommend this software anymore... It's malefic.

Steve · June 16, 2024, 06:53:47 AM

Quote from: L2Scarlet on June 16, 2024, 05:49:16 AMI don't recommend this software anymore... It's malefic

You mean SMF? If so, I'm sad to hear that you think that because it's simply not true. We could have helped you but you've chosen a different path.

Marking solved.

Kindred · June 16, 2024, 07:47:25 AM

You probably got hit by malicious bots which -- if you had not correctly configured your system -- might cause undue use of server resources.

Our software works just fine when correctly configured

L2Scarlet · June 16, 2024, 08:31:37 AM

Our software works just fine when correctly configured

Yes, and it was like that for years till the freakin Voodoo happened and now I decided to uninstall all my SMF forums to avoid issues like this. Ty for fast reply anyway... (Other users should be warned in future with some announcement like: "Hey DON'T uninstall it and wait for support reply!)
Ty anyway...

Arantor · June 16, 2024, 08:51:48 AM

Better not ever run any website because the voodoo can and does happen to all of them. Especially forums and blogs.

Kindred · June 16, 2024, 09:06:41 AM

You posted at 5:49am (my time)

I had responded by 7:47am... andvi would have responded with more help, but you have already un-installed and called our software malware....(which it is not)

Your issues are due to bots. Not our software.
We do not have real-time support. We are all volunteers... so getting an answer within 2 hours, given the time that you posted seems entirely reasonable to me. Not our fault if you are so impatient.

If you want to Reload your forums, we can help you configure them correctly to stop the bots.
If not, have a nice life -- but don't claim that our software is bad or malicious just because you had issues and would rather quit than fix them.

shawnb61 · June 16, 2024, 09:13:59 AM

Almost certainly bots. It's gotten much worse lately with everyone feeding their content-hungry LLMs/AI.

Several recent threads on this here due to the increasing volume.

(Plus all that weird automated hacking/vulnerability probing is in very high gear again... Must be an election year...

)

Today, SMF - like every other platform - leaves bot management to the site admins.

But not all admins know how to do that.

I wonder if we need to find a better way to share bot management source & examples. I'm thinking sitemaps (to help good bots rapidly find updates), robots.txt (to help good bots avoid links that shouldn't be indexed), and .htaccess directives (to slice bad bots in the jugular).

L2Scarlet · June 16, 2024, 10:28:50 AM

ok, it's my bad... I said that this SMF forum is malefic because it is very vulnerable to bots and weird attacks.

Attached printscreen from AW Stats!
https://i.imgur.com/Pb9A004.png

(That's happened when Cloudflare is Paused and ******ty hosting company) it requires manually IP bans

zedd151 · June 16, 2024, 11:16:46 AM

Before you burn any bridges here, you should always ask your questions and WAIT for an appropriate response. Because of your knee-jerk reaction, the volunteers here may not respond to you any further (at their discretion of course).
You have burnt a bridge prematurely, imo.

Yes, they are volunteers here, with real life things to do... so patience is a must.

Kindred · June 16, 2024, 06:35:41 PM

And no... smf is not any more vulnerable than any other web script. I had to make similar updates for my WordPress based sites which were getting pounded.

And no... you don't need to ban by ip address... you need to limit by USER-AGENT, as demonstrated by about 300 different webmaster sites who talk about bad-bots

Aleksi "Lex" Kilpinen · June 17, 2024, 12:30:36 AM

That looks and sounds like a cheap DOS attack. Can't really blame SMF for you getting attacked.

Alibaba Cloud LLC AL-3 (NET-47-74-0-0-1) 47.74.0.0 - 47.87.255.255
ALIBABA CLOUD HK ALIBABA CLOUD HK (NET-47-76-0-0-1) 47.76.0.0 - 47.76.255.255

Might want to contact Alibaba and complain to them.

Also, you say no error logs, but a 5xx should be logged, might also want to ask your host what's up.
Though, could just be your server was completely paralyzed by the attack. The error message is not SMF though, it is your server.

Also also, you've seen this before, it's not your first time getting swarmed.
You called SMF unstable crap in 2019, and again now, for pretty much the exact same reason.
If that's what you really think, I invite you to look in to alternatives and stop whining.

What ever you decide though, a word of advice for the future:
If something isn't working right, nuking it is rarely the answer. You never learn what went wrong, so you never learn to avoid it in the future.
If your car stops running, you don't immediately sell it for scrap do you? Most folks would start with checking obvious things like gas and ignition.
But you scrapped the car in 40 minutes here, because you didn't find an obvious immediate solution.

L2Scarlet · June 17, 2024, 03:35:52 AM

"Can't really blame SMF for you getting attacked."
It's SMF forum platform... the SMF forum created all the NPROC processes (and definitely not the other website from my server)

Perhaps it can happen with any version of SMF "also".
This type of software like SMF forum, VBulletin, Invision Power Board, etc. requires CLoudflare service like Bot Fighting Mode for sure otherwise .. uninstall it. (A normal "in-house" coding website will never do something like this!).

Kindred · June 17, 2024, 04:55:55 AM

I don't run cloudflare or any service like that - and I directly support 15 sites running smf and other softwares

The basic point is that YOU are over reacting and blaming smf, but you don't actually have the knowledge to even know what's going on. Instead of letting us help you, you scream "your software is malicious" and stomp your feet like a 2-year old having a tantrum.

Arantor · June 17, 2024, 05:43:52 AM

Every request you get in generates a server process to respond to it, that's literally how it works.

So if you get 500,000 requests from Alibaba you're going to get lots of processes spawned to deal with it.

Doesn't matter what platform that is, you're going to get it happen. Like one of my clients who doesn't use SMF, that recently had a DDOS attack of 18 million requests in a 24 hour period - showed the exact same behaviour. Lots of server processes, then 503s and the exact same sorts of errors.

I guarantee if your other site got that level of traffic it would similarly have trouble.

L2Scarlet · June 17, 2024, 11:05:08 AM

I know how it works but can't understand why it happens on SMF forum...

and never happened on normal/simple (in-house coded) website.

It's very obvious why... but ty for defending the SMF forum software... it's normally to be like that.
I'll end this thread here and maybe it will be useful for other SMF forum users/devs in future (if any!).

Kindred · June 17, 2024, 12:48:51 PM

it doesn't happen on a "simple website" because a "simple website" does not require database connections and namespace lookups, etc etc etc... HTML is plan and simple (although even that CAN be pounded into error with enough bots)

As we have said, it's not just SMF. It's EVERY scripted website -- every forum, ever blog, every product catalog...

Seriously, instead of continuing to try to make it seem like this is SMF's fault, why don't you actually READ and comprehend what we have written?

dodos26 · June 17, 2024, 01:26:20 PM

You should be able to look at the Apache logs to see the number of requests and their source. And also to estimate traffic.

Arantor · June 17, 2024, 01:29:48 PM

Quote from: Kindred on June 17, 2024, 12:48:51 PMwhy don't you actually READ and comprehend what we have written

He is either unwilling or incapable. Someone who gets a pet theory will inevitably twist the facts to fit their theory.

I guarantee if that simple hand-coded website was based around any database (like any regular CMS), the volume of traffic shown (500k+ hits) would have triggered the same phenomenon.

The reality is that, actually, SMF is pretty lightweight by today's standards - nothing I write in Laravel performs as efficiently as SMF does, for example. (And it can't, Laravel has a much higher overhead per request than SMF does. Incidentally, so does WordPress.)

Steve · June 18, 2024, 07:02:47 AM

Good place to lock this.

News:

Suddenly lots of server processes because of SMF forum