AQ downtime

[vinz]

Hi all,

AQ was down from about 11PM last night. Apologies to those who require their nightly dose of AQ before they hit the sack.

Apparently, AQ is now popular enough to attract Denial of Service attack. The attack overloaded our server resources which caused an automatic shutdown.

We are checking with the host company to see what we can do to prevent DoS attacks, but I doubt there is much we can do other then to stay on our toes and recover quickly when it does happen.

Regards,

[grey_fox]

If you are using a dedicated server, see if you can get them to install IP floodguard (might be chargeable).

Get them to install mod_security and have rules inserted in. If you have SSH/SSH2 access, do a netstat -nap and check for TIME_WAIT connections from a certain range of IP addresses, if you see more than 10 from a certain similar range, you could well be under a DDoS attack. Normally it'll be a few IP addresses together or a group of attackers working together to perform the DDoS.

Install AFP (Active Firewall Policy) and BFD (Brute Force Detection) as well.

Hope this helps you out.

[grey_fox]

I think you guys are getting hit again...


--- aquaticquotient.com ping statistics ---
11 packets transmitted, 7 received, 36% packet loss, time 11094ms
rtt min/avg/max/mdev = 38.555/39.225/39.615/0.380 ms, pipe 2

Get your dedicated server admin(s) to intervene. Loading is really slow again. Can't be the IBM network that I am on is slow, other sites are loading quickly.

[|squee|]

I second grey_fox, I was surfing around that time and loading was very long, even freezing.

[vinz]

Sheesh...!

[benny]

Apparently, AQ is now popular enough to attract Denial of Service attack. The attack overloaded our server resources which caused an automatic shutdown.

Looks like we have enemies.. Who can it be? Why would anybody want to do this to a free fish keeping forum? Strange.....

Cheers,

[BFG]

I agree. Why on earth would people do such a thing to a community forum that is free for all to use to help others gain some knowledge about this hobby? Must be a group out there not happy with all the free flow of ideas being shared here.

[grey_fox]

Well,

As you know, the internet is filled with strange and destructive people. Normally once you have gained popularity, there are folks with malicious intent. Trust me, I've experienced 15 or more 'dead' servers after a major DDoS on my entire cluster. Then you will wonder why there are such people around...

It can be from rival website(s) which is highly unlikely. However I would suggest AQ's admins to find out more from your datacenter (DC) folks at where you server is hosted at.

In Singaporean context, these folks are known as the "bo liao" folks with too much time on their hands...

[XnSdVd]

Long story short, we rock!

[solonavi]

They could juz be using AQ as their practise ground. They dun need to have a reason to do any attack. Typically, we can classify them as those "script kiddies" group of hackers.

Cheers
JC

[vinz]

I'm suspecting it's a sales tactic. I've noticed my recent spam mails have been advertising anti-DoS software. Coincidence? The attacks are not sustained either.

Anyway, we'll be looking into the bigger picture.

[solonavi]

For spam, I've joined the "Blue Frog" community. Seems to be making gd progress. http://www.bluesecurity.com/blue-frog/

Cheers
JC