Hello everyone.
As you may have noticed the site was loading very slowly or even being completely unaccessible at times, sometimes for days.
Turns out we've been a target of a combination of aggressive AI bots crawling the site relentlessly plus a bunch of "Tencent" servers mostly routed through either California or Singapore spam attacking (DDOS) the site. This resulted in a resource bottleneck and eventually bringing the board down.
I'm progressively blocking all those sources but as I'm blocking new ones are still popping up.
Fingers crossed the site remains stable now but intermittent slowdowns might still occur until all are weeded out.
Just letting you know.
Cheers!
Recent downtimes and site being slow
Moderators: kiore, The_Metatron, Blip
- The_Metatron
- Moderator
- Posts: 23069
- Joined: Feb 28, 2010 8:32 pm
- Name: Jesse
- Country: United States
- Location: Lewis County, New York
Re: Recent downtimes and site being slow
Good hunting! Thanks.
- Calilasseia
- RS Donator
- Posts: 22840
- Joined: Feb 26, 2010 3:48 pm
- Country: England
- Location: Near Liverpool, UK
Re: Recent downtimes and site being slow
Any reason to suspect this is the work of a demographic other than general miscreants?
Though I'm wondering why a number of these attacks are being launched from servers in Singapore. That part is a tad puzzling.
EDIT: apparently there's a Chinese malware group operating from a cluster of Tencent servers, who are known to utilise DNS poisoning as part of their infiltration process. Their primary targets appear to be non-profit organisations with sensitive user bases, possibly including individuals whose personal details could expose them to blackmail. A sideline of said operations appears to include the tracking of political targets.
Though I'm wondering why a number of these attacks are being launched from servers in Singapore. That part is a tad puzzling.
EDIT: apparently there's a Chinese malware group operating from a cluster of Tencent servers, who are known to utilise DNS poisoning as part of their infiltration process. Their primary targets appear to be non-profit organisations with sensitive user bases, possibly including individuals whose personal details could expose them to blackmail. A sideline of said operations appears to include the tracking of political targets.
Signature temporarily on hold until I can find a reliable image host ...
- LIFE
- Site Admin
- Posts: 7167
- Joined: Feb 25, 2010 10:14 am
- Country: Germany
- Location: 3rd Rock from the Sun
Re: Recent downtimes and site being slow
Thanks for the research! I didn't try to track the source(s) other than a few whois lookups which revealed that they all basically came from providers with headquaters in China or surrounding areas. Tencent, Huawei-Cloud-Singapore, Chinanet, China Unicom etc. All are spamming the site with thousands of requests which I interpret as a coordinated attack. I did some crosschecking of suspicious IPs with public blacklist directories and sure enough, they all give matching records and are listed as abuse/spam. Unfortunately it's hard to pin them down since they rotate user agents/browser clients, operating system and service provider but I think I've blocked the biggest offenders so far. I'll keep monitoring.Calilasseia wrote: ↑Aug 12, 2024 5:11 pm Any reason to suspect this is the work of a demographic other than general miscreants?
Though I'm wondering why a number of these attacks are being launched from servers in Singapore. That part is a tad puzzling.
EDIT: apparently there's a Chinese malware group operating from a cluster of Tencent servers, who are known to utilise DNS poisoning as part of their infiltration process. Their primary targets appear to be non-profit organisations with sensitive user bases, possibly including individuals whose personal details could expose them to blackmail. A sideline of said operations appears to include the tracking of political targets.
Example: https://cleantalk.org/blacklists/119.8.164.235