The main mtm bbs

[Phineus]

Please excuse the interruption but there seems to be a bot at work that's preventing the main from working properly. I've been trying for the past couple hours to lock it out, but the unresponsiveness of the page is obstructing any serious effort. So, I just turned it off. Hopefully in a short while the bot will be tired of this game and we can return to normal.

[Phineus]

Update.

After hunting around I found an address that leads back to Keene, New Hampshire. It was pounding away trying to spam the bbs even tho it could no longer access the page. It was running system resources through the roof, and thus bogging down the server. For the time, I've killed all the processes and things seem back up to speed.

However, several people have been downloading like a house-a-fire and using download managers to boot. Yesterday alone we kicked out over five and a half gigs of transfer (and that's just http). So, I've turned off anonymous ftp as well as access to the other iso files. I'll try again after the weekend, but if people don't quit with the d/l managers I'll just terminate the big file downloads.

Meantime, let's hope that's it for the trouble. I'll turn the forum back on shortly and see how it goes.

[Rep Fan]

I was wondering what was going on over there.

I don't understand people that use D/L Managers anyway, if you have a high speed connection, it's going to haul anyway, so what's the point? If you use dial up, it's not going to haul, using one doesn't help.

It's like grabbing an electric fence, why?

[Phineus]

D/L managers were originally made for dial up. The most important feature was the ability to resume broken downloads so you don't have to start all over again from the beginning. It can be a life saver. Then they added file leaching to them so you could maximize your slow connection. And as long as you're on dial up, it poses no problem to anybody. But! Enter Broadband. Now that same technology, that same logic, can in effect single handedly launch DoS attacks. Then! Enter robots, script kiddies and the like. When in the hands of spammers, they just shut you down. Today, for us, it was a combination of both. The downloaders weren't the end of the world, but they got in the way while I was trying to trouble shoot the spammer. It got to the point I couldn't tell who was doing the most harm. So, I needed to eliminate all variables so the big files got turned off. With that out of the way, I could focus on the specific problem of overloading the server (as opposed to through-put). For the time being, it looks like things are fine again. My concern will be the spammer resuming once the bbs is opened back up. We'll see. I may have to add in some sort of verification code to post. I'd rather not (too much work) but if they force my hand...

[Kdawg]

Was that the cause of the whole site being slowed in loading yesterday?

[SLO_SCATTER]

That sucks Phin. Some people don't deserve to be able to use a computer if they can't respect others and show a little courtesy.

I'm glad you got the bbs back up and running.

[Malibu350]

I noticed the slow down big time last night but thought it was my connection... sometimes everything just moves like molassis.

Good job on heading off the attack

[SLO_Jumper]

I'd rather not (too much work) but if they force my hand...

We'll live with what ever call you make.

[Phineus]

Was that the cause of the whole site being slowed in loading yesterday?

Yes.

And just for the sake of talking, here's a few stats for you. Since day one, traffic has been increasing. To the point that thursday was probably one of the heaviest yet, at 5.6 gigs of transfer in just a single day. And I suspect friday and today would have continued the trend. And that's fine as far as it goes. But then the spammer/flooder also increased dramatically the total number of hits on the server.

<center>
<img src="http://mtm2.com/~forum/images/webstats20040924.gif" width="520" height="408"></center>

The two things we're interested in that diagram are the green and the red bars. The green shows the number of http hits on the site and the red shows the amount of transfer. When I turned off the bbs, the hits dropped like a shot. When I turned off the files, the transfer dropped. However, you have to note that that's just http (not ftp) and it doesn't measure system resources or monitor the apache server.

Normally, the cpu load is less than a couple percent. And the majority of that is dedicated to running the server and delivering files. Welp, yesterday, when the bbs busted, that put resources up over forty and fifty percent, and attempts to fix it actually made it get worse before it got better. A hidden thing in this mix is the number of connections that the web server allows, and it's not listed anyplace. So, what was happening was the bot/spammer/lamer/flooder sucked up all the connections so that when we tried to access the site, apache, the server, said, uh, all connections used up... you'll have to wait until they're free again, which, of course, they never were. Add to that, broadband d/l managers leaching files. In this case, the network card is working like a pipe. You're trying to force eight inches of water through a one inch pipe. Something isn't going to fit, not everything is going to get through. That accounted for much of the slow down as well.

The trick, then, was trying to pin point what was doing what. I'd find something, fix it, then the change wasn't what it should have been... because there were several things at work. It's these sort of situations that made me reluctant about running our own server. I'm not at all confident I'll always be able to cope and deal with these problems. This time, however, we got lucky - and I hope that's the end of it again for another little while.

Meantime 248 days, 13:50 without a reboot ;-)

[ZOtm_BigDOGGe]

Do you think this was just idiots who actually wanted the files, or could it have been a form of "denial of service" attack by flooding the site intentionally to make the server unusable? Any way to tell the difference?

[Phineus]

The bbs was a bot designed to flood with a link to specific sites. I didn't bother clicking to see where they led. Normally, I just delete those the moment I see them. This time, they spoofed the ip address and used random names. Would've been very hard to catch. On 'this' forum, we've just been registering the names and deactivating them but the bbs doesn't have that kind of feature. Even this forum would've been hard pressed to stop that kind of onslaught - probably would've had to force membership for a couple days. Was it malicious? Prolly not intentionally so, or it would be back already. I could get technical about the what's what but I don't really want to bore you guys, or even myself, with the details. Suffice it that wwwboards were one of the very first ever made and it just wasn't built to fend of lamers. It's made for honest people. CH built an asp based bbs of a similar disign. If he ever shared the code, or at least explained the structure, I might try and make a new version. Till then, these inconveniences will happen from time to time. Happened on the old one (many many times) but in that case, it was somebody else's server, and he appeared very competent so it never really caused much trouble - tho when it went down, it usually took him a week or so to get around to fixing it. In those cases, it was always a bored kid with nothing better to do. This time was a bot - with nothing better to do.

For the files tho, there's no doubt in my mind it's just selfishness. Or, more properly put, it was thoughtlessness. If kids, probably, stopped for two seconds to give a thought to what they were doing, then they probably wouldn't do it. Most wouldn't. And we can weather the few defiant ones. But they just don't stop to consider.

And when it happens all at once.... lol, keeps me jumping for the day.

[Eat Dirt]

...I am beging to think if i go out for a while...Evry thing starts to mess up x.o
Beacuse not only did this fourm mess up, Another one i goto also did o.o
Well, Glad you got rid of it phin! Cheers!