Physics Forums is currently experiencing significant slowdowns and connectivity issues due to a DDoS attack that began earlier in the day. Users are reporting long page load times, errors related to MySQL, and intermittent access to the site and chat features. The forum's team is actively working with their data center to mitigate the attack, but performance may remain inconsistent as the firewall catches up. Discussions among users speculate on the motivations behind the attack, expressing frustration and confusion over why such a community would be targeted. Overall, while some users report improvements, many still face challenges with site functionality.
Again, my IP seems to be blocked, I can use some random free proxy to connect to PF, but for some reason server doesn't like my current address. Previous post was from the IP assigned by my ISP, the one that is blocked. Pings don't pass through. Seems like nobody else has problems.
I wonder if I am not blocked because some of IPs in my range are blacklisted? They are assigned dynamically once per 24h, so blocking them doesn't make much sense.
I will try to reset modem, perhaps I will get a new IP this way.
Did you get a different IP?
Because usually you get a "lease", meaning you'll get the same IP until the lease expires.
Completely different, 79.185.*.* vs 83.6.*.*.
#355
Evo
Staff Emeritus
24,029
3,323
Borek said:
Resetting modem helped, so there is no doubt it is IP related.
Throws net over Borek.
Sit, stay!
Oh wait, this isn't chat.
#356
Evo
Staff Emeritus
24,029
3,323
I like Serena said:
Did you get a different IP?
Because usually you get a "lease", meaning you'll get the same IP until the lease expires.
Borek said:
Completely different, 79.185.*.* vs 83.6.*.*.
If you have a dynamic IP address, you'll only keep that address until you disconnect from your ISP, the next time you log on, you will be given another IP address from you ISP. ILS, is that what you mean by a *lease*?
If you have a dynamic IP address, you'll only keep that address until you disconnect from your ISP, the next time you log on, you will be given another IP address from you ISP. ILS, is that what you mean by a *lease*?
I was just verifying that there was indeed an actual change in IP before assuming that the old IP was blocked.
It seemed unlikely that Borek wouldn't have checked, but sure is sure. :)
If you're interested, the concept of a lease in this context is for instance explained here:
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol"
Last edited by a moderator:
#358
Evo
Staff Emeritus
24,029
3,323
I like Serena said:
:)
I was just verifying that there was indeed an actual change in IP before assuming that the old IP was blocked.
It seemed unlikely that Borek wouldn't have checked, but sure is sure. :)
If you're interested, the concept of a lease in this context is for instance explained here:
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol"
Ah, well I worked for AT&T that developed the internet for the US government. I worked on data networks from the early 70's. Never heard that term, we never used it. Someone posting on wikipedia wouldn't know that. <insert Aflac duck here> nah, nah.
This must be a term that cropped up after the 70's. (Shows how old I am). :(
Last edited by a moderator:
#359
jhae2.718
Gold Member
1,184
20
If, for some horrible, unfathomable reason, you are on Windows, maybe try:
Code:
ipconfig \release
ipconfig \renew
?
#360
StevieTNZ
1,934
873
Evo said:
Ah, well I worked for AT&T that developed the internet for the US government.(
If, for some horrible, unfathomable reason, you are on Windows, maybe try:
Code:
ipconfig \release
ipconfig \renew
?
My computer is not directly connected to the net, there is a router and a modem (it could be a single device, but for historical reasons there two separate ones). See traceroute output posted earlier.
So I can get a new IP from the router, but for PF I will be still using the same IP.
My computer is not directly connected to the net, there is a router and a modem (it could be a single device, but for historical reasons there two separate ones). See traceroute output posted earlier.
So I can get a new IP from the router, but for PF I will be still using the same IP.
Quite right!
But I believe that pathping and traceroute will not show the external IP address of your modem.
To see that you need an external server. Typically by browsing for instance to "http://www.whatismyip.com". That will tell you what your actual IP address is.
You may want to check if that changes after a reset of your modem.
Oh, and you can probably also see it on the admin web page of your modem.
Use http://<internal ip address of your modem> to see that.
Most modern modems contain a webserver to configure it.
I expect the external IP address to be dynamically assigned by the ISP. And I expect it might not change after a reset of your modem (not until the lease expires). But that really depends on how the DHCP of your ISP is set up.
(Sorry if I'm saying things here that you're already aware of.)
But I believe that pathping and traceroute will not show the external IP address of your modem.
To see that you need an external server. Typically by browsing for instance to "http://www.whatismyip.com". That will tell you what your actual IP address is.
You may want to check if that changes after a reset of your modem.
Actually I used my PF superpowers to check IP from which I posted - same effect. Ping and traceroute I used to check where the problem starts, and seems like I can blame PF server, not something in my path to the server.
Never seen whatismyip before, thanks for that. Now that I think about it, it is obvious someone did it, just like all those HTTP header checkers I used in the past. I guess I could setup such a site in a blink. Well, say 15 minutes, I hate browsing php manual.
I expect the external IP address to be dynamically assigned by the ISP. And I expect it might not change after a reset of your modem (not until the lease expires). But that really depends on how the DHCP of your ISP is set up.
It is dynamically assigned, and - as far as I know - it is automatically changed once a day. And as the test showed, it it assigned with each connection.
They assign IPs from two completely separate ranges, I have a feeling 79.blah.blah.blah works much better than the other one, but - as we know - the plural of anecdote is not data (thanks for LisaB for posting that).
Argh, still the same IP, again the same situation - my pings are not coming through, 100% packet lost. I am posting now using proxy.
Code:
borek@invincible ~ $ ./checkPF
PING physicsforums.com (74.86.200.109) 56(84) bytes of data.
--- physicsforums.com ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 8999ms
traceroute to physicsforums.com (74.86.200.109), 15 hops max, 40 byte packets
1 192.168.0.7 (192.168.0.7) 0.631 ms 0.578 ms 0.540 ms
2 10.0.0.138 (10.0.0.138) 1.008 ms 1.017 ms 0.973 ms
3 * * *
4 xxx.tpnet.pl (xxx.xxx.xxx.xxx) 55.796 ms 24.359 ms 30.486 ms
5 hbg-b2-link.telia.net (213.248.89.93) 56.974 ms 41.270 ms 42.138 ms
6 hbg-bb2-link.telia.net (80.91.246.8) 41.579 ms 45.743 ms 40.837 ms
7 nyk-bb2-link.telia.net (80.91.247.125) 123.141 ms nyk-bb2-link.telia.net (80.91.247.123) 128.526 ms 127.521 ms
8 dls-bb1-link.telia.net (213.155.130.209) 162.234 ms dls-bb1-link.telia.net (213.155.130.67) 224.847 ms 162.587 ms
9 te3-3.bbr02.eq01.dal01.networklayer.com (213.248.102.174) 167.530 ms 170.632 ms 200.703 ms
10 po6.dar02.sr01.dal01.networklayer.com (173.192.18.213) 186.588 ms 165.011 ms 175.117 ms
11 po2.fcr03.sr04.dal01.networklayer.com (66.228.118.190) 169.002 ms 171.485 ms 180.097 ms
12 * * *
13 * * *
14 * * *
15 * * *[
Argh, still the same IP, again the same situation - my pings are not coming through, 100% packet lost. I am posting now using proxy.
For your reference, here's my traceroute appended (from the Netherlands).
The last part is identical (as expected).
Furthermore my traceroute does not reach physicsforums.com either.
I think that means that it has been blocked by a firewall or something.
That should not be a problem though.
ping did come through the first time, but a second time it didn't.
And EEEWWWWW!
Since then I have lost the connection physicsforums.com entirely (at about 2011-06-11T18:30:00Z).
This never happened before!
I only got 502/504 gateway timeouts, and never for more than a couple of minutes.
I suspect the very test I did here triggered a DoS defense mechanism on PF!
I reset my modem, indeed getting a new external IP address in the same subnet, but the problem persists.
I tried from elsewhere with "telnet physicsforums.com 80" and that worked, but on my own computer this doesn't since I'm unable to connect.
Right now (2011-06-11T19:20:00Z) I'm still blocked entirely - posting through a proxy now.
Edit: Right now (2011-06-11T19:30:00Z) I can connect again.
Does the DoS perchance have a timeout of 1 hour?
For reference here are my trace results (before the disconnection):
Code:
traceroute to physicsforums.com (74.86.200.109), 30 hops max, 60 byte packets
1 10.246.124.1 (10.246.124.1) 2.371 ms 2.516 ms 3.157 ms
2 SpeedTouch.lan (10.0.0.138) 9.318 ms 9.720 ms 10.119 ms
3 [I]<deleted>[/I]
4 [I]<deleted>[/I]
5 [I]<deleted>[/I]
6 asd2-rou-1002.NL.eurorings.net (134.222.97.17) 46.770 ms 21.122 ms 54.049 ms
7 asd2-rou-1022.NL.eurorings.net (134.222.230.34) 25.445 ms 33.176 ms 34.337 ms
8 asd2-rou-1001.NL.eurorings.net (134.222.225.194) 34.847 ms asd2-rou-1001.NL.eurorings.net (134.222.229.101) 35.765 ms asd2-rou-1001.NL.eurorings.net (134.222.229.105) 36.241 ms
9 adm-b5-link.telia.net (213.248.102.161) 36.820 ms 42.628 ms 42.782 ms
10 adm-bb2-link.telia.net (80.91.253.170) 43.610 ms adm-bb1-link.telia.net (80.91.246.220) 66.704 ms adm-bb2-link.telia.net (213.155.130.44) 44.507 ms
11 ldn-bb1-link.telia.net (80.91.245.106) 82.521 ms 82.648 ms ldn-bb2-link.telia.net (80.91.253.209) 56.086 ms
12 ash-bb1-link.telia.net (80.91.251.209) 108.333 ms ash-bb1-link.telia.net (213.248.65.210) 109.889 ms ash-bb1-link.telia.net (80.91.246.68) 109.196 ms
13 dls-bb1-link.telia.net (80.91.252.122) 143.052 ms dls-bb1-link.telia.net (213.155.130.69) 147.107 ms dls-bb1-link.telia.net (80.91.252.122) 147.089 ms
14 te3-3.bbr02.eq01.dal01.networklayer.com (213.248.102.174) 147.436 ms 150.523 ms 150.806 ms
15 po6.dar02.sr01.dal01.networklayer.com (173.192.18.213) 239.810 ms 239.577 ms 155.216 ms
16 po2.fcr03.sr04.dal01.networklayer.com (66.228.118.190) 139.120 ms 145.286 ms 145.737 ms
17 * * *
18 * * *
19 * * *
Code:
PING physicsforums.com (74.86.200.109) 56(84) bytes of data.
64 bytes from physicsforums.com (74.86.200.109): icmp_seq=1 ttl=47 time=137 ms
64 bytes from physicsforums.com (74.86.200.109): icmp_seq=2 ttl=47 time=136 ms
64 bytes from physicsforums.com (74.86.200.109): icmp_seq=3 ttl=47 time=139 ms
There are strange things happening, I believe they started to appear after nginx has been installed, but I can be easily wrong.
I suspect these are 2 separate things.
I think the very test with traceroute/ping triggered a hardware DoS on PF with presumably a timeout of 1 hour.
This means that you get the message: "unable to connect".
The gateway timeout suggests that the hardware is still functioning properly (PF is still reachable on HTTP), but that nginx (I presume it's configured as a proxy or as a load balancer?) can't reach the actual PF web server, generating a HTML gateway timeout message.
Some threads try to load i52.tinypic.com that never happens; I've noticed this for a few days. I using Firefox 5.
#374
Ivan92
201
3
I get the occasional can't connect; something nginx 504 or something, but PF is running fine.
#375
Lancelot59
640
1
Seems to be running fine to me.
#376
danR
352
4
Has been going very slow (pages take a long time to display) for the past couple of days on Mac Safari/Opera/FF. I've checked other vBulletin run sites (medical, Engineering), no problems, lightning-fast.
Then, it has its moments where everything is back to normal.
I've tried clearing cookies, cache, browsing (not signed in). No difference.
Addendum: I'm also in a university area, with exceptionally good internet service, on a very reliable ISP. I have never had an internet issue in 2 years. I had a Safari upgrade a week or so ago, but that doesn't explain Opera/FF anyway.
Last edited:
#377
Ivan92
201
3
danR said:
Has been going very slow (pages take a long time to display) for the past couple of days on Mac Safari/Opera/FF. I've checked other vBulletin run sites (medical, Engineering), no problems, lightning-fast.
Then, it has its moments where everything is back to normal.
I've tried clearing cookies, cache, browsing (not signed in). No difference.
I have been running on Mac Safari and no pages have been loading slowly these last couple of days.
#378
Studiot
5,440
10
Was very slow about 10 days ago but been fine more recently.
South West UK.
Perhaps it's like a tide or other periodic phenomenon moving around the globe?
#379
Nik_2213
1,218
493
Tonight's running slower than usual, IMHO.
(NW UK)
The last few days, pages have been loading incredibly slow. They hang on loading the ads. So either some advertiser out there has coded their Flash in some stupid way that causes it to hang, or the ad server itself is having problems. My guess would be with the former.
But in either case, this is not a DDoS attack. It's some stupid ad programmer who doesn't care whether the page his ad is displayed on is actually able to load.
The last few days, pages have been loading incredibly slow. They hang on loading the ads. So either some advertiser out there has coded their Flash in some stupid way that causes it to hang, or the ad server itself is having problems. My guess would be with the former.
https://www.physicsforums.com/payments.php
Last edited:
#384
DaveC426913
Gold Member
23,838
7,833
Greg Bernhardt said:
https://www.physicsforums.com/payments.php
ba-zing!
Last edited by a moderator:
#385
Jack21222
209
1
Ben Niehoff said:
The last few days, pages have been loading incredibly slow. They hang on loading the ads. So either some advertiser out there has coded their Flash in some stupid way that causes it to hang, or the ad server itself is having problems. My guess would be with the former.
But in either case, this is not a DDoS attack. It's some stupid ad programmer who doesn't care whether the page his ad is displayed on is actually able to load.
And again. Note there is a half an hour gap in posts at PF between 12:30 and 13:00 PM my time (that is, last half an hour). Earlier there were posts every few minutes, which suggests it was a problem with PF, not with my link.
Same problem here but the speed looks normal again
#394
rhody
Gold Member
679
3
Drive-by intermittent hacker attacks perhaps, if so, how fiendishly clever on their part, let's hope that this scenario is NOT the case. Any comments ? Greg ? Admins ?
There was a long delay to sign in, a message at the bottom of the page said "waiting for xxxx.mathjax.org". If I get it again, I'll note what the "xxxx" is.
Drive-by intermittent hacker attacks perhaps, if so, how fiendishly clever on their part, let's hope that this scenario is NOT the case. Any comments ? Greg ? Admins ?
Rhody...
nginx simply crashed. no attack
lisab said:
There was a long delay to sign in, a message at the bottom of the page said "waiting for xxxx.mathjax.org". If I get it again, I'll note what the "xxxx" is.
There was a long delay to sign in, a message at the bottom of the page said "waiting for xxxx.mathjax.org". If I get it again, I'll note what the "xxxx" is.
This is our new LaTeX engine, sometimes it has its own quirks.
I see this message several times a day on average. In my case it is most likely Opera related
