Chemical Forums down, or how I learned what slowloris is

  • Thread starter Thread starter Borek
  • Start date Start date
  • Tags Tags
    Forum
Click For Summary

Discussion Overview

The discussion revolves around the recent downtime of chemicalforums.com, attributed to a slowloris DDoS attack. Participants explore the nature of the attack, its implications, and the challenges faced in mitigating such threats. The conversation touches on technical aspects of forum scrapers and the potential motivations behind the attacks.

Discussion Character

  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant describes the DDoS attack on chemicalforums.com, detailing the technical challenges faced and the response from the hosting provider.
  • Another participant questions the assumption that the attackers are script kiddies rather than state actors, prompting further discussion on the motivations behind such attacks.
  • A participant explains what a forum scraper is, distinguishing it from other types of web traffic and noting the potential for abuse.
  • Concerns are raised about the inability to determine the origin of the attack and the uncertainty regarding when the site might be operational again.
  • Another participant expresses skepticism about the likelihood of consequences for state actors or deterrents for non-state actors involved in such attacks.
  • One participant reports that the site appears to be back online, though the stability of this status is uncertain.

Areas of Agreement / Disagreement

Participants express differing views on the nature of the attackers, with some suggesting they are script kiddies while others propose the possibility of state actors. The discussion remains unresolved regarding the motivations and implications of the attacks.

Contextual Notes

The discussion highlights limitations in understanding the source of the attacks and the effectiveness of current mitigation strategies. There is also a lack of consensus on the classification of the attackers.

Borek
Mentor
Messages
29,177
Reaction score
4,606
As many of you know I am an admin/moderator at chemicalforums.com, site in many ways similar to PF, just related to chemistry. CF was hit much stronger than PF by changes in the way ppl use forums/websites to get info, we lost a lot of traffic, but it was still working up to the last week.

No idea if this part is related to the story, still: about a month ago we were hit by forum scrappers, bombarding site with thousands of requests from multiple IPs, slowing the site to a crawl (loads like 20 20 20). Turned out most of these IPs originated from China, so I manually blocked most of the China Telecom (for those more technical: manual boomer way, whois to check the IP origin, then deny by range in .htaccess). It helped.

Fast forward to the last Saturday, when the site became non-responsive at all. That is: no problem to log in into the console with ssh, system looks OK, load almost zero, no suspicious threads, but no way to get anything out of the forum via http(s). That was way beyond my technical savviness, so I asked our provider support for help. Turned out site is under slowloris DDoS attack, with requests coming from around 190k IPs. We did some tweaking to the apache configuration, but to no avail. Perhaps adding nginx as a reverse proxy could help, sadly, the attack was causing issues with other VMs on the same node, so we were shut down. As of today nobody is able to say when/whether we will be back online (this is not intended to be a criticism, support was always great and I trust them they are doing their best).

That's just to let you know about things that happen. I did some digging, turns out places like an innocent, non-controversial scientific forum can be taken down by a script kiddie willing to spend few bucks on proxies. No idea if that's the case, but it is always a possibility.
 
Reply
  • Wow
  • Sad
  • Informative
Likes   Reactions: DrClaude, pinball1970, Vanadium 50 and 5 others
Computer science news on Phys.org
Why do you think these are script kiddies and not state actors learning their trade?
 
Vanadium 50 said:
Why do you think these are script kiddies and not state actors learning their trade?

What I am trying to say is you don't need to be anything more than a script kiddie to put the site down. All the tools are on the table (example scripts on github, cheap distributed proxies as a service) and basically some googling is all you need to find them.
 
Reply
  • Like
Likes   Reactions: dwarde, Vanadium 50 and russ_watters
What's a forum scrapper? Google gives me forums for scrappers, but I'm guessing that's not what hit you. Right?
 
I am also a member of www.chemicalforums.com. I visited several times in the last week to this website, but I found the following page instead.
1725201592991.png


When shall I observe these www.chemicalforums.com website again working as usual ?
 
Bandersnatch said:
What's a forum scrapper? Google gives me forums for scrappers, but I'm guessing that's not what hit you. Right?

Someone who tries to make a copy of the site by requesting all possible pages (in this case: messages) to copy their content. In a way it is not different from what search engines do, but they typically are much more relaxed with their requests (that is they don't bombard the site with thousands of requests per minute, overloading the system) and at least in theory they can be blocked just by telling them (with a file called robots.txt) that they should not index the site.

robots.txt is notoriously ignored though, it is kind of a courtesy concept. Not that long ago I had to block Microsoft and Amazon bots manually (I wonder if they don't scrap forums for content to feed their AI/LLM).
 
WMDhamnekar said:
When shall I observe these www.chemicalforums.com website again working as usual ?

No idea, that's the problem, As long as we under attack we probably won't get back online, but we have no means to find out where the attack originates from or who is behind, so there is no way to stop it :frown:

These thing don't go forever, one day someone will kill the script or switch it to attack some other site.
 
This is going to continue until:
(1) There are consequences to state actors.
(2) Enough non-state actors are jailed to serve as a deterrent to the rest.

Neither shows any signs of happening soon. Which is why we can't have nice things.
 
Reply
  • Like
Likes   Reactions: Borek
Seems like we are back on line.
 
Reply
  • Like
Likes   Reactions: DrClaude, OmCheeto and Ibix

Similar threads

Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
What is the most cost-effective way to generate electricity from a waterwheel?
  • · Replies 7 ·
Replies
7
Views
5K
What if Gravity could be controlled?
  • · Replies 1 ·
Replies
1
Views
4K
Programs Feeling stuck in a major I don't care for
  • · Replies 7 ·
Replies
7
Views
4K
  • Sticky
Physics Forums Global Guidelines
  • · Replies 2 ·
Replies
2
Views
504K
WaveGrid - Non-equilibrium Emergence Sandbox
  • · Replies 1 ·
Replies
1
Views
2K
What colors and attributes could alien flora & fauna have?
  • · Replies 15 ·
Replies
15
Views
6K
How Can I Become a Theoretical Physicist at 17?
  • · Replies 7 ·
Replies
7
Views
5K
News Nader tells youths to brace for draft
  • · Replies 8 ·
Replies
8
Views
3K
Where to from here? (I need a mixture of academic and life guidance I think )
  • · Replies 12 ·
Replies
12
Views
3K