British Columbia Aquariums banner

1 - 16 of 16 Posts

·
Banned
Joined
·
797 Posts
Discussion Starter #1
A heads up to mods on this site...what is happening to arownaclub.ca could happen here too...

About an hour ago, our monitoring systems alerted us to a very high load on the web server hosting arowanaclub.ca. After investigating the issue, we determined that your site was experiencing a HUGE influx of traffic. You can actually see this number at the bottom of your forums - Most users ever online was 4,181 Today at 5:35 PM.

To protect other customers on the server, we were forced to temporarily suspend your account until the traffic stopped. We are seeing this happen a lot lately with vBulletin forums and it appears to be some sort of botnet scanning for vulnerabilities in the software. After about an hour of hammering your site, the traffic disappeared and we were able to bring your site live again.
Arowanaclub.ca admin: thanks for the notice. So, is this a DNS attack or some kind of variant of one?

No. This was literally just 5000 machines loading your site at once. It's very odd but we are seeing this same pattern on many vb installations right now.... You're not the only one
Unfortunately, we had to suspend it again as the attack continued. At this point, we must do a 12 hour suspension in order to ensure other customer sites aren't affected.
 

·
Banned
Joined
·
797 Posts
Discussion Starter #5
Arowanaclub Admin: Do you think this could be due to a recently registered user who could be "rogue" somehow? Any idea as to motive?

Not likely. Normally I would say yes, but over the past several weeks, we've seen this happen on almost two dozen VB sites. Thousands of users (From Russia, mainly) flood the site for several hours, then disappear. From what we've been able to figure out, it's either a poorly programmed search engine attempting to index the entire site at once or it's an exploit scanner.
This morning we unsuspended your account after the 12 hour suspension and almost immediately your site again became overwhelmed with requests. Per our AUP, we must now suspend the site for 48 hours.

There is unfortunately nothing we can do to work around this problem, as unsuspending your account has an immediate effect on the other sites hosted on this server due to the huge load that it receives.
And so the buggers are still at it. Looking at getting a whole new secure server at a secure Canadian hosting company...could take a few days...
 

·
Registered
Joined
·
1,277 Posts
Arowanaclub Admin: Do you think this could be due to a recently registered user who could be "rogue" somehow? Any idea as to motive?

And so the buggers are still at it. Looking at getting a whole new secure server at a secure Canadian hosting company...could take a few days...
A new server at a different hosting company isn't going to stop the attack. The attack is directed at the domain, so regardless of where it is hosted, it is going to happen. If server gets hosted elsewhere, and the new provider starts to get attacked immediately, they could find themselves with no hosting period!

There are multiple ways to filter things out depending on access/setup but... that could also possibly block legitimate users on other hosted systems (depending on setup/configuration of course again) so the easy solution is, suspend the account so requests use minimal system resources and ride it out
 

·
Registered
Joined
·
5,556 Posts
Tightening up the htaccess and upgrading the vbulletin version would probably help. Probably using an old exploited version and the ruskies are searching for vulnerabilities with thousands of bots.
 

·
Registered
Joined
·
5,556 Posts
What version of Vbulletin did that use that was vulnerable? Shawn updated to 4.1.10 to try to prevent this from happening.
 

·
Registered
Joined
·
5,556 Posts
Even if 4.x is vulnerable it wouldn't be as wide spread\as easy as a target, so they'd target other sites.

Glad to hear they updated and all is well Stratos.
 

·
Banned
Joined
·
797 Posts
Discussion Starter #14
arowanaclub.ca is under dns attack again. Really annoying. I have heard from a few other mods of other forum sites (non fish related) that dns attacks are becoming more frequent.
 

·
Registered
Joined
·
373 Posts
They are becoming more frequent it seems... and on the topic of DDOS attacks - this youtube video explains it really well:
 

·
Banned
Joined
·
797 Posts
Discussion Starter #16
Thanks for that link, very interesting :)

The site is back up. A new record number of simultaneous users on January, 18, 2015- 14,973! Too bad they were all "zombie" computers.
 
1 - 16 of 16 Posts
Top