Slow Forums: PF Under DDOS Attack

  • Thread starter Thread starter Borek
  • Start date Start date
  • #31


Getting better now, but certainly not like it should. Pages load sometimes like normal, sometimes it looks like 10 seconds.

If you are under attack, then you have enemies, no?
 
Physics news on Phys.org
  • #32


It's ok now. I wasn't able to post at all last night. I wrote up what was easily the funniest post I ever made and submitted it, but nothing came of it and now I can't remember what I wrote.
 
  • #33


Jimmy Snyder said:
It's ok now. I wasn't able to post at all last night. I wrote up what was easily the funniest post I ever made and submitted it, but nothing came of it and now I can't remember what I wrote.

No one's buying it.
 
  • #34


Pengwuino said:
No one's buying it.

Oh, I am. The exact thing that happened to Jimmy happened to me. What I wrote was http://www.youtube.com/watch?v=8gpjk_MaCGM" type funny. And now it's gone.

Thanks for making us lose the war, hackers. I hope you're happy.
 
Last edited by a moderator:
  • #35


its 6:15AM here in NY
the speed is getting better.
 
  • #36


Greg Bernhardt said:
finally got the big boys to help out, let me know if there are changes in performance

Grrr.. I just lost this post after time out, hunt them Greg, show no mercy !

6:22 am EST.

Rhody...
 
  • #37


rhody said:
Grrr.. I just lost this post after time out, hunt them Greg, show no mercy !

6:22 am EST.

Rhody...

It's a good habit to hit <ctrl A> and <crtl C> (windows) before clicking 'post reply'.

then when disaster strikes <ctrl V> does the trick, unstriking.
 
  • #38


Andre said:
It's a good habit to hit <ctrl A> and <crtl C> (windows) before clicking 'post reply'.

then when disaster strikes <ctrl V> does the trick, unstriking.

Yeah I do that in a hurry if I notice site problems. I learned this the hard way from another forum, though.

Anyway, from my perspective, the site is not yet back to normal but it is functional.
 
  • #39


lurky said:
Yeah I do that in a hurry if I notice site problems. I learned this the hard way from another forum, though.

Anyway, from my perspective, the site is not yet back to normal but it is functional.

When posting large posts, I go into gmail, and paste and save it as a draft. Have been burned many times before. I should have known better this am, but because response wasn't bad when getting into post, I assumed, wrongly, that the problem was fixed.
Live and learn I guess.

Rhody...
 
  • #40


PF has never been this much slow for me. Any page (of PF) rarely loads and it gets stuck on 'waiting for physicsforums.com'
 
  • #41


A couple of hours ago it seemed much better, on and off that is. Apparantly the cyber attack has been resumed.
 
  • #42


I guess. It's horribly slow.
 
  • #43


Seriously though, what has this forum ever done to anybody?
 
  • #44


G01 said:
Seriously though, what has this forum ever done to anybody?

if only it worked that way :) PF is big enough now that it's a target for any reason.
 
  • #45


G01 said:
Seriously though, what has this forum ever done to anybody?

Yeah, this is getting ridiculous. What kind of total loser would attack PF?
 
  • #46


Greg Bernhardt said:
if only it worked that way :) PF is big enough now that it's a target for any reason.

But what for? Why would a bunch of geeks attack a bunch of nerds? It’s like running a protection racket against bums. What are they going to pay you with? Dirty socks? It makes no sense I tells ya. :-p
 
  • #47


This has escalated into a very serious attack. I appreciate everyone's patience!
 
  • #48


Greg Bernhardt said:
This has escalated into a very serious attack. I appreciate everyone's patience!

Until the US gets SERIOUS about forming a task force (Homeland Secuirty, Dept of Commerce, etc...) to identify, and take out these miscreants, this will continue.

People will continue their bad behavior unabated, until a little emotion known as fear takes over. Fear from the example of the newly formed task forces ability to identify, arrest, detain, and deport said troublemakers. Once they (the bad guys) figure out the stakes just got exceedingly high, many, if not most will change their habits. What will remain are the insane, mentally ill and terrorist types. It is in every civilized country's interest to participate, and the US could lead the way. Enough ranting, there, I feel better, well, just a little.

Rhody...
 
Last edited:
  • #49


AHHHHHH this is crazy!

Are you sure its really a DOS and not some other server problem? How can you tell the difference?
 
  • #51


Did you recently suspend or ban any users?
 
  • #52


ladykrimson said:
Did you recently suspend or ban any users?

we do every day
 
  • #53


Greg Bernhardt said:
we do every day

That might be a good place to begin looking for suspects.
 
  • #54


Greg Bernhardt said:
we were attacked this morning/afternoon. the firewall is still catching up, so things might still be a little slow for a bit

Was this an attack on PF itself, or its bandwidth provider? It seems... odd to attack a forum with a sledgehammer when a knife would do the job (nothing personal).

I'm familiar however, with being hosted by a company that makes the mistake of hosting some IRC channel or network, or a similar target; it gets DDOS'ed, and everyone hosted suffers.

@Ladykrimson: someone would need a botnet ready to do this, and be willing to use it up too. I've been pissed at PF before, but this is... stupid and bizarre.

edit: I'd add... it's not exactly effective, so maybe it's some exceptionally incompetant script kiddy? Who the hell can't DDOS a website anyway? I'm annoyed and disgusted.
 
  • #55


For what it is worth:

http://www.buzzle.com/articles/free-ddos-detection-and-mitigation-tools-for-linux-servers.html"
By David Foreman
Published: 2/11/2011

From his supplied link:

David Foreman
University Of Pennsylvania graduate in 1985. Self employed real estate investor for 10 years. Now owner of Foreman and Pike Consulting, an Internet Marketing Firm.

Rhody...

P.S. Wouldn't it be cool if traceroute endroute of the responsible party(s) computer(s) were possible and to send them a little PF present of of our own.
 
Last edited by a moderator:
  • #56


nismaratwork said:
Was this an attack on PF itself, or its bandwidth provider? It seems... odd to attack a forum with a sledgehammer when a knife would do the job (nothing personal).

I'm familiar however, with being hosted by a company that makes the mistake of hosting some IRC channel or network, or a similar target; it gets DDOS'ed, and everyone hosted suffers.

They are targeting PF's IP addy. We are on a dedicated server.
 
  • #57


rhody said:
For what it is worth:

http://www.buzzle.com/articles/free-ddos-detection-and-mitigation-tools-for-linux-servers.html"

Thanks rhody. We are doing everything we can on the server and the firewall is blocking everything, but there will still be performance issues as the traffic although blocked, is still hitting the server. We need measures to be taken further up the network chain.
 
Last edited:
  • #58


Greg Bernhardt said:
They are targeting PF's IP addy. We are on a dedicated server.

Damn it... that's just stupid and cruel.

In my experience, there are limited ways to respond to a DOS attack:

1.) Report to authorities
2.) If you have a set number of attackers, block traffic from those subnets.
3.) Notify people and entities who's computers have been compromised
---- From here, this is speculation, hypothetical, and not an endorsement ----
4.) Compromise the botnet and sniff incoming packets directing the bots
-Backtrace... a putz like this isn't going to be on a decent networks of BNCs
-Leave a message, or disable controller
4.2) Compromise the botnet, use tools from packetstorm security, and turn it on the attacker
5.) Identify. Juno.
6.) If in a country outside of reasonable jurisdiction, identify critical resources affiliated with the botnet owner and attack them.
7.) Compromise the botnet, then shut it down without malicious means (change passwords, update, etc)
7.) Compromise with a worm.
 
  • #60


caffenta said:
But what for? Why would a bunch of geeks attack a bunch of nerds? It’s like running a protection racket against bums. What are they going to pay you with? Dirty socks? It makes no sense I tells ya. :-p

Apparently, these particular geeks don't appreciate open platform discussions about some things.

Greg, have you contacted the FBI, or the RCMP? Don't know whether your server is in the U.S. or Canada. Regardless, any sustained attack like this violates some key U.S. laws of the kind the FBI takes interest. I'm also aware of certain edge (as in U.S. electronic border) tracking stations which record anything bound for any IP in the U.S. If it's routed, it can be tracked back to at least the station immediately prior. On the other hand, if it's a DDoS attack originating from virii/trojans/worms within the U.S., a call to Symantec and a couple other leading antivirus manufacturers might prove helpful. Might be helpful if it's a DDoS from the outside, as well.
 

Similar threads

PF Slow Again - Possible DDoS Attack?
  • · Replies 4 ·
Replies
4
Views
2K
Bug Slow Forum Apr 8: Limited Access, JS Error
  • · Replies 7 ·
Replies
7
Views
2K
Chemical Forums down, or how I learned what slowloris is
  • · Replies 8 ·
Replies
8
Views
1K
Complaint Possible Causes of Slow Response from PF and Solutions for Users and Staff
  • · Replies 22 ·
Replies
22
Views
5K
  • Sticky
Announcement Easy ways you can support Physics Forums
  • · Replies 97 ·
4
Replies
97
Views
50K
JavaScript PF Alert Machine: Can I Monitor Forum Alerts Without Logging In?
  • · Replies 3 ·
Replies
3
Views
1K
Could we make a practical solar fridge?
  • · Replies 30 ·
2
Replies
30
Views
4K
ABC reference frame synchronous generator modelling in Ltspice
  • · Replies 1 ·
Replies
1
Views
3K
11 reasons why you should be a Gold Member
  • · Replies 13 ·
Replies
13
Views
3K
Undergrad Lorentz Transformation: Premises + Derivation
  • · Replies 5 ·
Replies
5
Views
2K