The internet has been anything but smooth since Christmas as it seems some dickheads unleashed an attack on all php-based sites, particularly those who use the phpBB forum software exploiting a security hole in the latter.
Fortunately Xaraya doesn’t suffer from that although it is written in PHP. However, because of the hundreds of thousands of hits that is sent our way, it brings the server down to its knees and of course becomes inaccessible. As the attacks are coming from various IP addresses, there is no way that we can ban a particular address.
I guess the only thing we can do is wait for it to boil over.
Until then, I’ll restart the server processes once in a while. Bear with me please, it’s not my fault remember and there is nothing I can do about it. If you know how to help with this issue, you’re more than welcome to contact me.
Comments
Under Attack
Was a little slow connecting to you. Glad I did my patching earlier. I got a couple thousand hits in an hour then back to normal. http://PNphpbb.com has been down for the past couple of days which I guess isnt good news for some people. Think I might fire up Xaraya on a test site and see whats up.
Under Attack
Well I guess that’s what’s ailing my site as well. Good to know that I wasn’t singled out.
Re: Under Attack
Xaraya as far as I can tell is immune from these attacks, what happens though is the script doing the attack tries to pull genuine pages and then tries to insert itself in the session information which doesn’t do anything as far as Xaraya is concerned but it does pull the relavent genuine pages out of the db and displays them. At one point I was getting more than 750 requests per second. That brought the server to its knees.
Looking at the log files now, the attack seems to have stopped which allows me now to restore it to the regular url. The interesting thing about this is once the site was put on alyousif.tv it became hugely faster – although both domains are on the same server. Which brings me to the realisation (and looking at older log files) that most anonymous connections we’ve been having here are from RSS aggregators, which again drains a lot of resources from the server as (I think) the RSS feeds are not cached, but go directly to pulling things from the database. I’ve got to ask about that to confirm, but I have a feeling this is the case. I think the operation would be a lot less draining on resources had the RSS feeds also been cached.
iptables kills them
Here’s a command (if you’re using linux) to completely kill morons you don’t want to ever connect to your webserver if you have root access:
[b]iptables -A INPUT -s
This nukes them really really good and immediately too.