News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Forum guest count from China goes way up

Started by EL34, August 21, 2024, 08:33:25 AM

Previous topic - Next topic

shawnb61

It's beyond ridiculous...

Yesterday I got ~150,000 "Likes" hits alone (in addition to all the other activity...) mostly from China & FastPlanet.  FastPlanet seems to have some form of presence in the UK, Canada, & Texas, and does the exact same type of "Likes" attack.

DDOS-style, also reported here: https://www.simplemachines.org/community/index.php?topic=590069.0

Most IPs only hit you 1-100x, but it's across many, many IP ranges, some examples: 104.239.*.*, 84.33.*.*, 45.53.*.*, 45.192.*.*, 206.41.*.*, 45.41.*.*, 45.61.*.*, 45.192.*.*, 64.137.*.*
A question worth asking is born in experience & driven by necessity. - Fripp

Sir Osis of Liver

Using forum bans is not best way to go, bots are reaching forum and increasing server load.  Blocking them with .htaccess prevents them from reaching forum.  I'm using this to clean up forum that was being hammered by chinese bots -


# Updated 11-22-24
Order Allow,Deny
Deny from 47.128.0.0/16
Deny from 59.56.0.0/16
Deny from 59.59.0.0/16
Deny from 59.60.0.0/16
Deny from 60.167.0.0/16
Deny from 60.169.0.0/16
Deny from 60.172.0.0/16
Deny from 60.174.0.0/16
Deny from 110.81.0.0/16
Deny from 110.82.0.0/16
Deny from 110.87.0.0/16
Deny from 113.99.0.0/16
Deny from 113.133.0.0/16
Deny from 113.228.0.0/16
Deny from 113.229.0.0/16
Deny from 113.231.0.0/16
Deny from 113.235.0.0/16
Deny from 113.236.0.0/16
Deny from 113.237.0.0/16
Deny from 113.238.0.0/16
Deny from 113.239.0.0/16
Deny from 117.24.0.0/16
Deny from 117.27.0.0/16
Deny from 117.28.0.0/16
Deny from 117.29.0.0/16
Deny from 117.232.0.0/16
Deny from 117.235.0.0/16
Deny from 118.113.0.0/16
Deny from 118.249.0.0/16
Deny from 120.32.0.0/16
Deny from 120.33.0.0/16
Deny from 120.34.0.0/16
Deny from 120.35.0.0/16
Deny from 120.37.0.0/16
Deny from 120.38.0.0/16
Deny from 120.40.0.0/16
Deny from 120.42.0.0/16
Deny from 121.206.0.0/16
Deny from 121.207.0.0/16
Deny from 125.77.0.0/16
Deny from 219.136.0.0/16
Allow from all


You can see which IPs are being blocked here.
When in Emor, do as the Snamors.
                              - D. Lister

a10

Amazon left, now the chinese, mostly 113.*, took over. Am giving up any concentrated fights, as it looks like zero impact on server \ general speed.

It's AI world, they will vacuum-absorb everything, always, again & again for the rest of human existence. The hosters just have to adapt to reality, provide adequate capacity as a new norm.
2.0.19, php 8.0.30, MariaDB 10.6.18. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.
Stand with 🇺🇦

shawnb61

We have no monetization; it's basically out of our pockets.  Labor of love...  LOL, fitting...

So we're on the cheapest business plan, and when things like this happen, we exceed allotted CPU often by 4-5x. 

Vendor is cool (doesn't throttle in any way), but does say we need to deal with it. 

So, we play whack-a-mole with the traffic. 
A question worth asking is born in experience & driven by necessity. - Fripp

Steve

My pet rock is not feeling well. I think it's stoned.

a10

Wrote earlier I was not going to bother, so I believed until the chinese hordes came back >:( :( reinstated the china-htaccess, with results.

2024-11-24 Page views: 87796
2024-11-30 Page views: 8814
2.0.19, php 8.0.30, MariaDB 10.6.18. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.
Stand with 🇺🇦

Advertisement: