Epic ongoing BATTLE with Singaporean botnet; UPDATE #2 - it's over...for now!

[w-u-2-o]

All,

My apologies for the interruptions in service, but the board is currently engaged in an epic battle with a botnet or other bad actors located in Singapore.

Whatever their goals it has essentially amounted to a denial of service attack.

The board had reached 300,000 guest users and ground to a halt.

I have enabled a much stricter IP address block list, but now that total is only down to 37,000!

At this point I'm going to have to block the entire IP range of Singapore. My further apologies to any members who might be located there. All I can tell you is that you may wind up having to use a VPN to overcome that geo-restriction.

More to follow as the battle progresses...

73,

Scott

[w-u-2-o]

Update #1: making some progress.

I've got the number of established connections at the firewall output down to < 100, and the number of page pulls in a 1 minute period to < 300. The AIs tell me this is pretty good.

You can see where the attack started on 9 Feb. We are now headed into the 20th hour of the attack and it continues unabated.

Capture.JPG (44.75 KiB) Viewed 134 times

I now have to make the changes to the firewall (iptables) persistent across reboots, create scripts for the blocklists to auto-update, and I think that I will add country blocking for both Russia and China as well.

The bots tend to make between 6 and 8 simultaneous connections to the forum per IP address. I will also probably modify the web server to limit it to 4.

As this is not my "day job" it's probably going to take me another two or three days to get this done.

The battle continues!

[KA5KKT]

√

[JJ4SDR]

Thank you for your efforts Scott!!

Juha
NI2M

[w-u-2-o]

Update #2: it looks like the attack is over.

Capture.JPG (38.64 KiB) Viewed 59 times

That's nice, because now work to increase the forum's defenses can proceed in a more leisurely manner. Because there WILL be a next time.

I appreciate everyone's patience yesterday, thank you.

Please note: as improvements to the firewall are made it may be necessary to restart the server and/or restart the forum. This may kick people off and/or log them out. Please continue to be patient. I will post again when the work is complete. In the meantime, things should be 90% back to normal.

Thanks,

Scott

[K1LSB]

Thank you very much, Scott!

This incident makes me wonder why on earth would anyone decide to devote any resources to a directed attack against this website?

Mark

[PH7R]

Is it an attack or CN downloading all info to feed AI models?