Recent downtimes and site being slow

Check here for news about the site.

Moderators: kiore, The_Metatron, Blip

User avatar
LIFE
Site Admin
Posts: 7167
Joined: Feb 25, 2010 10:14 am
Country: Germany
Location: 3rd Rock from the Sun

Recent downtimes and site being slow

Post by LIFE »

Hello everyone.

As you may have noticed the site was loading very slowly or even being completely unaccessible at times, sometimes for days.

Turns out we've been a target of a combination of aggressive AI bots crawling the site relentlessly plus a bunch of "Tencent" servers mostly routed through either California or Singapore spam attacking (DDOS) the site. This resulted in a resource bottleneck and eventually bringing the board down.

I'm progressively blocking all those sources but as I'm blocking new ones are still popping up.

Fingers crossed the site remains stable now but intermittent slowdowns might still occur until all are weeded out.

Just letting you know.

Cheers! :cheers:
User avatar
Fenrir
Posts: 4423
Joined: Mar 25, 2011 10:12 am
Country: Australia

Re: Recent downtimes and site being slow

Post by Fenrir »

Ta
Religion: it only fails when you test it.-Thunderf00t.
User avatar
The_Metatron
Moderator
Posts: 23069
Joined: Feb 28, 2010 8:32 pm
Name: Jesse
Country: United States
Location: Lewis County, New York

Re: Recent downtimes and site being slow

Post by The_Metatron »

Good hunting! Thanks.
User avatar
Calilasseia
RS Donator
Posts: 22840
Joined: Feb 26, 2010 3:48 pm
Country: England
Location: Near Liverpool, UK

Re: Recent downtimes and site being slow

Post by Calilasseia »

Any reason to suspect this is the work of a demographic other than general miscreants?

Though I'm wondering why a number of these attacks are being launched from servers in Singapore. That part is a tad puzzling.

EDIT: apparently there's a Chinese malware group operating from a cluster of Tencent servers, who are known to utilise DNS poisoning as part of their infiltration process. Their primary targets appear to be non-profit organisations with sensitive user bases, possibly including individuals whose personal details could expose them to blackmail. A sideline of said operations appears to include the tracking of political targets.
Signature temporarily on hold until I can find a reliable image host ...
User avatar
LIFE
Site Admin
Posts: 7167
Joined: Feb 25, 2010 10:14 am
Country: Germany
Location: 3rd Rock from the Sun

Re: Recent downtimes and site being slow

Post by LIFE »

Calilasseia wrote: Aug 12, 2024 5:11 pm Any reason to suspect this is the work of a demographic other than general miscreants?

Though I'm wondering why a number of these attacks are being launched from servers in Singapore. That part is a tad puzzling.

EDIT: apparently there's a Chinese malware group operating from a cluster of Tencent servers, who are known to utilise DNS poisoning as part of their infiltration process. Their primary targets appear to be non-profit organisations with sensitive user bases, possibly including individuals whose personal details could expose them to blackmail. A sideline of said operations appears to include the tracking of political targets.
Thanks for the research! I didn't try to track the source(s) other than a few whois lookups which revealed that they all basically came from providers with headquaters in China or surrounding areas. Tencent, Huawei-Cloud-Singapore, Chinanet, China Unicom etc. All are spamming the site with thousands of requests which I interpret as a coordinated attack. I did some crosschecking of suspicious IPs with public blacklist directories and sure enough, they all give matching records and are listed as abuse/spam. Unfortunately it's hard to pin them down since they rotate user agents/browser clients, operating system and service provider but I think I've blocked the biggest offenders so far. I'll keep monitoring.

Example: https://cleantalk.org/blacklists/119.8.164.235
Locked