Site Status - Important - Please Read

[AthenaOfDelphi]

Hi all,

As I'm sure you are all aware, the performance of the site has been pretty bad the last couple of days. Investigating the cause, I've found there are currently ALOT of hits for three scripts on the site... members, register and search. To try and ascertain whats going on, I have temporarily renamed these so they are not accessible.

Unfortunately, the net result is that the 'Whats New' button doesn't work, nor do signups and obviously member details won't work either.

The problems appear to be stemming from the fact that the server is being throttled because we have exceeded some operational limits regarding resource usage. I am investigating, but it does appear that PGD is putting the server under a somewhat large load.

I'll keep you all updated as and when I (a) make progress or (b) get more information.

[AthenaOfDelphi]

I have just banned three IP addresses that appear to have been making a concerted effort to request the same files over and over and over again, clearly not a user so they are banned. Having just looked up the IP's I've banned, 3 out of the 4 IP's I've added tonight are from Ukraine or Moscow. They have all been making concerted efforts to register lots of accounts and access member data.

The issue appears to have started on the 12th when we exceeded our maximum allowed process count for quite a while. As a consequence the hosting account has been throttled. I'm hoping that the throttle will be removed when the server notices that we're now behaving ourselves.

Now I've banned a bunch of bad clients, I'm going to re-enable the search form, but the member profiles and registration scripts will remain offline for at least tonight.

[code_glitch]

Ah... Indeed things have just sped up BIG time.

[Murmandamus]

You may have a vulnerability, or they may think you still have it. If you haven't patched vBulletin for this, please do so at once, as you could be at risk for a data breach:

http://www.securityfocus.com/bid/47281
http://www.vbulletin.com/forum/showt...Security-Patch

It is only about a month old.

[Ñuño Martínez]

Ah... Indeed things have just sped up BIG time.

I'm afraid not.

[code_glitch]

On my end they have sped up noticeably since athena posted that... I'm not getting an 404s from time outs and pages' load times now are like usual after a long delay rather than really slow after a long delay...

[Traveler]

It's still slow on this end too. Pages take from 30 secs up to a minute to load.

[chronozphere]

Still too slow for me to use. Browsing the forum is just frustrating, so I don't bother until someone fixes this.

[code_glitch]

Oh its frustrating I agree... But look on the bright side for us admins: no SPAM! YAY!

[Murmandamus]

Yeah, but you could have much bigger problems brewing if vB is not patched to fix the vulnerability. Given the type of attacks you are experiencing, it looks like they are trying to exploit this vulnerability or one like it.

Usually, the way these things go, a vulnerability is discovered by an automated scanner targeting a specific piece of site software, then, once found, it gets put on a list that gets shared on various hacker underground sites (potentially even sold), then the criminals take over and start attacking the site, looking for private information to exploit. Even if the vulnerability gets patched, the attacks may take a few days to a week to subside. The only thing that can be done is make 100% sure the webserver and associated app software is fully patched, clean/scan the server for rogue processes and rootkits, disable attacked facilities, and block DoSing IP addresses.