DDoS Update

[Null]

Okay, the "blue bubble" in my diagrams are up. No non-cloudflare connections are allowed to the server. This is very experimental, and I will be keeping close tabs on the denials, but no legitimate traffic should be getting blocked.

If you are getting blocked, it's probably only going to be intermittent. This because your cloudflare IP is suddenly not blacklisted. That should never happen, though.

 

[ThatGuy]

Okay, the "blue bubble" in my diagrams are up. No non-cloudflare connections are allowed to the server. This is very experimental, and I will be keeping close tabs on the denials, but no legitimate traffic should be getting blocked.

If you are getting blocked, it's probably only going to be intermittent. This because your cloudflare IP is suddenly not blacklisted. That should never happen, though.

Null"s the man!

 

[Null]

Sorry for all the downtime this morning and afternoon.

I've completely rebuilt the following configurations:

• iptables
• apache
• cloudflare
• shell
• ftp

I've also improved the relationship between Kiwi and Orange and resolved a few issues with the mailserver.

These are all efforts to secure the website on an application level. I've heard reports that we've gotten faster, which is nice side-effect of not doing things sloppily. If more people can chip in on if they think things are slower/faster, I'd like to hear.

 

[c-no]

Well shit, people are actually paying $200 to attack our forums? All we do is talk about online weirdos, no idea why they feel so strongly that they need to stop us.

EDIT: Okay, so they're probably not spending $200. Still, spending any amount of money to attack our forums is just silly.

Especially when the better option is to just ignore the forum. If lol-cows attacked this forum because we had a thread on them, they can just ignore us or even mock us in someway. Even then, the forum isn't like ED where its a wiki that chronicles every single thing about them.

 

[Holdek]

You should report this to tech support at the hosting service.

 

[Null]

You should report this to tech support at the hosting service.

I have. Linode has offered to work with me in preventing large-scale botnet attacks should they affect other servers on our network.

 

[Blueberry]

Null is like Iron Man with that Robert Downey Jr Swag

 

[Centipede]

I'm assuming it's someone we got a thread on who's trying to DDoS our beloved forums. Most lolcows get their money from their parents/welfare, there's no way that anyone would spend money they earned on something as meaningless as this.

 

[Null]

I can't verify this, but based on suspicious spikes in traffic and an hour long period where the mailserver was inaccessible, I believe Orange was attacked.

Mail services cannot work with Cloudflare, because attaching the outgoing IP of Cloudflare to an email means that they would get blamed for any spam attacks. Because of this, mail carriers are always vulnerable to what's called an Identification Attack, which reveals a real IP address. Having moved our SMTP and webmail off to Orange (a small, cheap box specifically hosted for the purpose of being an easy target that our server does not depend on), it looks like it did its job and was targeted instead of Kiwi.

 

[Colress]

so whoever was responsible basically took the bait? that's pretty neat.

i've never actually quite been able to witness a server be attacked like that, so thank you for keeping us posted, Null. this has been an interesting thing to see.

 

[Null]

There is a Jace Stream tonight. I am going to preemptively add more stringent Cloudflare security measures.

 

[Xarpho]

On Tuesday afternoon, I couldn't access Kiwi much at all, 404'd at a Cloudfare page most of the time. It seems to be better now.

 

[☻]

Who the fuck would pay that?

Monthly tugboat at work

 

[Null]

The 5 minutes or so of downtime was due to an attack. This time, I believe it was on our TyceAndrews.com or the wiki

 

[Watcher]

Since the attacks started, how much money has the attacker spent in total to try and take the forums down?

 

[Null]

Since the attacks started, how much money has the attacker spent in total to try and take the forums down?

No idea. It depends on what service they use. This was probably a 1 hour attack, so that 5 minutes of DT cost them anywhere between $4 and $15 (assuming they use a botnet and not a personal service).

 

[Randall Fragg]

How many attacks have we had now? Just curious.

 

[Null]

How many attacks have we had now? Just curious.

Uh, 7 different instances of 1 ~ 4 hours each.

 

[Randall Fragg]

Since the attacks started, how much money has the attacker spent in total to try and take the forums down?

So, for the how much has this cost question, the most conservative estimate ($4 for 1 hour, all 7 instances have been one hour attacks) would be $28. (4x7).
Of course, given how I don't know the actual number of attack hours, or the rate paid, it's likely higher than that.
The most he could have paid would be $420 (4x7 for the total hours, $15 dollars per hour). I find this unlikely.

 

[MurcDusen]

The most he could have paid would be $420 (4x7 for the total hours, $15 dollars per hour). I find this unlikely.

No, that's totally sick and realistic!

Also, wonder whether there'll be attacks today again with the Jace/Tyce crossstreaming.