Forum attack?

In Announcements

Hello. Today there was what looked like an attempt at a distributed denial of serVice attack on the forums. Requests came in from thousands of different IP's, all using "LWP::Simple x.xx" user-agent type. This is a PERL module, so it's obviously not legitimate browsers. I implemented a user-agent block on LWP::Simple, and a few other user agents that shouldn't be used on this site, such as "wget"(used for downloading the entire site to your hard drive). If anyone has problems using their browser, LMK. Thanks.


--
Derek

This is the crap I hate about the web. Thanks for letting us know. Hopefully there are no problems.

I wonder if someone has some beef with the site, or if it's just goons being retarded...



Not sure. It could be a random attack on phpBB sites, or someone might not like The NES Files, etc. I can't find any damage, other than the bloated web stats(the thing that alerted me to the problem initially)...


--
Derek

By the way, is there a way to get that back on the right track?

there should be no ill effects from it, Roth. it was put to a stop before the site got hammered too badly.

About the bloated web stats, I mean.



Well, the webstats are the ones that I look at personally. As for the record # of visitors that you see at the bottom, I'll see if I can find that value in the table, but I doubt it...


--
Derek

Hello. Today there was what looked like an attempt at a distributed denial of serVice attack on the forums. Requests came in from thousands of different IP's, all using "LWP::Simple x.xx" user-agent type. This is a PERL module, so it's obviously not legitimate browsers. I implemented a user-agent block on LWP::Simple, and a few other user agents that shouldn't be used on this site, such as "wget"(used for downloading the entire site to your hard drive). If anyone has problems using their browser, LMK. Thanks.


--
Derek

Dude, are you like a computer geek? I mean that in a good way, because that means you can like disable hacker attempts and stuff. It would be good to have an administrator who can protect his forums from hackers.



Dude, are you like a computer geek? I mean that in a good way, because that means you can like disable hacker attempts and stuff. It would be good to have an administrator who can protect his forums from hackers.

I say every good webmin should have the knowledge to disable serVices and lock down the server properly. Derek obviously knows his stuff, as he had PHP patched up before the worm and everything has been quickly taken care of.

Really I think everyone should have the knowledge to get around in a Unix like environment (or even a windows/mac environment) since unix variants run the back end of nearly everything you access on the internet. It would just prevent a lot of the virii and garbage we have around today.



Dude, are you like a computer geek? I mean that in a good way, because that means you can like disable hacker attempts and stuff. It would be good to have an administrator who can protect his forums from hackers.

Yes, I'm very much a computer geek. As I posted in the other forum, I'm a Software Engineer, so I know my way around computers quite well. I have a nack for hardware as well, but I don't really enjoy that much anymore-- too many stoopid hassles...


--
Derek



Dude, are you like a computer geek? I mean that in a good way, because that means you can like disable hacker attempts and stuff. It would be good to have an administrator who can protect his forums from hackers.

I say every good webmin should have the knowledge to disable serVices and lock down the server properly. Derek obviously knows his stuff, as he had PHP patched up before the worm and everything has been quickly taken care of.


I can be kinda slow to patch things sometimes, simply because my overall architectures usually minimize the possibility of exploits actually happening on my systems-- like most of the Windows vulnerabilities that need RPC ports open-- i'm not foolish enough to have those open on the public internet!!




Well, the server The NES Files and these forums are currently running on, is Windows 2003. The load on the server is increasing quite a bit with The NES Files, Sensible Software, and soon my other venture site, (very rough now-- not officially live yet). I'm thinking of getting a Linux box at my ISP to run these and maybe other forums, and maybe convert The NES Files over to php(it's ASP now).

Unix variants don't run "nearly everything" on the back-end of the Internet. 20 years ago, that was very true. Now there's a considerable number of Windows servers, not to mention Mainframes running OS/390 or such, etc. *nix is definitely the most commonly used still, but still not 'nearly everything'... Personally, I really like Linux for some things(particularly my network firewall), but some things are just easier in Windows(like XML with the MSXML parser!).


--
Derek



How long have you been working on that site? There seems to be quite a bit of info on there!



How long have you been working on that site? There seems to be quite a bit of info on there!

I bought the domain last week, I believe. I started work a few weeks ago. I'm a software engineer, though-- there's much less work there than you'd expect...


--
Derek



It just seems like a whole lot of typing for such a little time! Darn engineers!



It just seems like a whole lot of typing for such a little time! Darn engineers!

Hehehe. Typing data is for amateurs. Although I type fast, I didn't type the data-- I just wrote the code, designed the graphics, chose color schemes, designed the database, etc...


--
Derek

damn dude wtf is going on, at home i can+t evem log into the site, here at my sista´s place i can,mega weird.



PM me your IP at home, along with what browser you are using. I had to ban about a dozen IP's yesterday due to hackers, and a good deal of them were in the Netherlands, so your IP may have found its way into the list somehow... LMK, and I'll see what I can do. Thanks.


--
Derek

Hi dkalweit,
just want to know from someone experienced like you. When I register, there is fields that ask for email address, ym and msn. One of my friend told me, never put mine on them, because spammers are looking theri victims from there. is that true?

Hi dkalweit,
just want to know from someone experienced like you. When I register, there is fields that ask for email address, ym and msn. One of my friend told me, never put mine on them, because spammers are looking theri victims from there. is that true?

If you make your Email public, then yes-- spammers can harvest them from the site. Honestly, I believe trying to keep Email addresses from spammers is futile. Either way, set your Email correctly and set it as non-visible, so that you'll get forum notifications from the site when someone replies to your messages.


--
Derek

Thanks dkalweit.

Yeah, yesterday I was on the site and got a little penguin holding a sign saying it knew my ISP and crap...normal spyware, I hope...but I had to clean up my machine. Has anyone had this crap before on this site?

Do you mean the thing that was/is in someones sig image?

Probably. Dat ain't spyware, dat's harmless.



That's not spyware at all. Your browser reports all of that information to every site you go to, manuel's sig just has a simple little script to read and display it back to you.

correction:
I had something like that in my sig until about 2 weeks before.

But it's really nothing to worry about. We mods know everybody's IP around here.
Not that we could do anything with it.

Heh. I put more memory into my ancient computer and installed a firewall and the Internet as a whole has not been a problem since. The "penguin" turned out not to be a problem even before that...I should do a better job at getting back to my past posts!

Not a forum attack, but...



This is just one of many things that have gone wrong when I've accessed the forums (or tried to) in the last few days. And I've accessed the 'Files from four computers, my home one and three school computers, one a mac. Each time something squirrely happened.

I still didn't think anything of it until Toddvania mentioned something about having problems, as well. Anyone else been having trouble?




i've seen that on a few occasions. it's nothing serious. just a random forum glitch

Yes, but this appeared after I got numerous "can't query forum topics" messages.


The last couple of days, I got this same message! Also the same things Jenni just mentioned. Last night I got some green monster holding a sign (like the penguin), saying it knew my ISP & "I know what you did last summer," what the hell been acting weird lately.


The last couple of days, I got this same message! Also the same things Jenni just mentioned.

The server the site was on was dying. The site was moved to a new server yesterday morning.



Those have been explained to you...

THEY ARE NOT A PROBLEM WITH THE SITE!

If you can attempt to listen THIS time. it's just a simple little piece of code that reads and displays the information your browser reports to EVERY website you've EVER gone to. if you don't like it, don't use the internets.

And we've already got a resident user that overuses italics, lets leave it at that.






Hey, I you very much.



Hey, I

That's


I can stop whenever I want, you very much.




That also happened to me for about 2 days




I get it, but my posts make it on anyway, so I don't mind so much.





i was getting that earlier, but like 'Newb said, my posts still go through

Okay, I think Derek got that all taken care of. Post here if you have any more problems.

I'm noticing alone of quadruple posts and the like, please on hit 'Submit' once .





i was getting that earlier, but like 'Newb said, my posts still go through


I'm still getting this message in about 1 post out of 5.

Same Here

Alright... NOW posting should work better for everyone. Let us know if there are any more problems. Thanks.

Can't send a PM.........

All I get is a bunch of errors followed by "timed out"..

UPDATE: I am still having trouble posting sometimes

It should have sent the message anyway... test it out. Send me an email, I'll tell you if it got through.

I Sent it Uber....



Danke!

No problems for me anymore!



...came through, and I just replied. No problems on my end.

Alright, third time's a charm. Hopefully all issues are taken care of now. Per usual, let us know if there are still errors and the like. Thanks again everyone.

Holy Hell...



Think my brother's internet has problems? I think my brother's internet has problems.

Your brother is using Internet Exploder, that's his problem.



FIREFOX!!!! Anyways sometimes when I go to the forums here it says "Server can't be found".

I know it wasn't serious, but it's not IE's fault.
There was only one error, well four, but the one caused the other three.
When fsockopen was run it couldn't connect to that IP, which is a sensible software address. unless there is some kind of fluky connection or special scripting it was just a bad time to connect.

Well it looks like NESXtreme caused a shitstorm.

@Luke or any admin:
I dont know much about the board code but would it be possible to have a flood control on the number of posts by a user? Say no more then 5 posts in 10 minutes time or something. It would make it alot easier to cleanup all the garbage left from these asses.

@Luke or any admin:
I dont know much about the board code but would it be possible to have a flood control on the number of posts by a user? Say no more then 5 posts in 10 minutes time or something. It would make it alot easier to cleanup all the garbage left from these asses.

There are flood control options, Perhaps it's time to investigate their use.

And possibly deal with the cause of this spam...