Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Site Status - Important - Please Read

  1. #1
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,246
    Blog Entries
    2

    Exclamation Site Status - Important - Please Read

    Hi all,

    As I'm sure you are all aware, the performance of the site has been pretty bad the last couple of days. Investigating the cause, I've found there are currently ALOT of hits for three scripts on the site... members, register and search. To try and ascertain whats going on, I have temporarily renamed these so they are not accessible.

    Unfortunately, the net result is that the 'Whats New' button doesn't work, nor do signups and obviously member details won't work either.

    The problems appear to be stemming from the fact that the server is being throttled because we have exceeded some operational limits regarding resource usage. I am investigating, but it does appear that PGD is putting the server under a somewhat large load.

    I'll keep you all updated as and when I (a) make progress or (b) get more information.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  2. #2
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,246
    Blog Entries
    2
    I have just banned three IP addresses that appear to have been making a concerted effort to request the same files over and over and over again, clearly not a user so they are banned. Having just looked up the IP's I've banned, 3 out of the 4 IP's I've added tonight are from Ukraine or Moscow. They have all been making concerted efforts to register lots of accounts and access member data.

    The issue appears to have started on the 12th when we exceeded our maximum allowed process count for quite a while. As a consequence the hosting account has been throttled. I'm hoping that the throttle will be removed when the server notices that we're now behaving ourselves.

    Now I've banned a bunch of bad clients, I'm going to re-enable the search form, but the member profiles and registration scripts will remain offline for at least tonight.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  3. #3
    PGD Staff code_glitch's Avatar
    Join Date
    Oct 2009
    Location
    UK (England, the bigger bit)
    Posts
    933
    Blog Entries
    45
    Ah... Indeed things have just sped up BIG time.
    I once tried to change the world. But they wouldn't give me the source code. Damned evil cunning.

  4. #4
    You may have a vulnerability, or they may think you still have it. If you haven't patched vBulletin for this, please do so at once, as you could be at risk for a data breach:

    http://www.securityfocus.com/bid/47281
    http://www.vbulletin.com/forum/showt...Security-Patch

    It is only about a month old.

  5. #5
    Quote Originally Posted by code_glitch View Post
    Ah... Indeed things have just sped up BIG time.
    I'm afraid not.
    No signature provided yet.

  6. #6
    PGD Staff code_glitch's Avatar
    Join Date
    Oct 2009
    Location
    UK (England, the bigger bit)
    Posts
    933
    Blog Entries
    45
    On my end they have sped up noticeably since athena posted that... I'm not getting an 404s from time outs and pages' load times now are like usual after a long delay rather than really slow after a long delay...
    I once tried to change the world. But they wouldn't give me the source code. Damned evil cunning.

  7. #7
    It's still slow on this end too. Pages take from 30 secs up to a minute to load.

  8. #8
    Still too slow for me to use. Browsing the forum is just frustrating, so I don't bother until someone fixes this.
    Coders rule nr 1: Face ur bugz.. dont cage them with code, kill'em with ur cursor.

  9. #9
    PGD Staff code_glitch's Avatar
    Join Date
    Oct 2009
    Location
    UK (England, the bigger bit)
    Posts
    933
    Blog Entries
    45
    Oh its frustrating I agree... But look on the bright side for us admins: no SPAM! YAY!
    I once tried to change the world. But they wouldn't give me the source code. Damned evil cunning.

  10. #10
    Yeah, but you could have much bigger problems brewing if vB is not patched to fix the vulnerability. Given the type of attacks you are experiencing, it looks like they are trying to exploit this vulnerability or one like it.

    Usually, the way these things go, a vulnerability is discovered by an automated scanner targeting a specific piece of site software, then, once found, it gets put on a list that gets shared on various hacker underground sites (potentially even sold), then the criminals take over and start attacking the site, looking for private information to exploit. Even if the vulnerability gets patched, the attacks may take a few days to a week to subside. The only thing that can be done is make 100% sure the webserver and associated app software is fully patched, clean/scan the server for rogue processes and rootkits, disable attacked facilities, and block DoSing IP addresses.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •