THR is down right now

[Derek Zeanah]

damn - I'm posting most of the tech support threads here.

THR is currently down. We were suffering from a DOS attack that was (mostly) due to a compromised server in Chicago. We were seeing inbound traffic of ~50 Mbits/second at the firewall (normal is about 0.768 Mbits) which was enough to swamp the machine. Rebooting the firewall got us back in, and I reconfigured the firewall a bit so it wouldn't run out of memory (my guess as to what caused the actual outage).

We were still seeing the traffic, and rather than pay for it I had my network provider intervene. THR has been 'null-routed' until the attacks stop, which pretty much means "you can't get there from here." The company that owns the compromised host has a disconnected abuse telephone line, and their web server is reporting errors, so they'll be tough to reach.

Once the attack dies, THR will come back to life.

(As an aside, I'm paying for a 10 Mbit link, but I apparently have significantly better than that.)

[ArfinGreebly]

Derek,

Any idea if this sort of thing is just "random" as a consequence of somebody leaving the gate open, or is this a more targetted kind of attack?

And if "targetted" is the verdict, what then?

[Derek Zeanah]

Quote:

Any idea of this sort of thing is just "random" as a consequence of somebody leaving the gate open, or is this a more targetted kind of attack?

Well, apparently THR's IP address was the recipient of all the attention.

I'm not clear on whether it's just the one compromised server in Chicago that's banging on the doors, or whether other machines are involved as well. I just know there's still a flood of packets trying to swim their way to THR's IP address.

[Surefire_U2]

Could user computers be attacked when attempting to go to the THR site?

(I'm not a techie, so if this sounds like a dumb question please be patient)

[SteelyNirvana]

I'm glad to know that its down and my internet explorer is'nt on the fritz. I was about to download a copy of netscape to see if I could get on. Hurry back THR

[txgho1911]

How about a backdoor address for the longtime members to bypass this rockstar tantrum?

[RNB65]

Derek, if the attack is coming from one machine, can't you just ask your ISP to block inbound packets from that IP address? It's tough to stop a DDOS, but a DOS coming from a handful of hosts should be pretty each to squelch.

[foob]

Why can't your ISP block the traffic from the compromised server only? How many could there be? At most a handful could have be compromised, probably all from the same company with the same subnet with the same servers with the same vulnerabilities.

[Derek Zeanah]

Quote:

Could user computers be attacked when attempting to go to the THR site?

(I'm not a techie, so if this sounds like a dumb question please be patient)

Nope.

Quote:

Derek, if the attack is coming from one machine, can't you just ask your ISP to block inbound packets from that IP address? It's tough to stop a DDOS, but a DOS coming from a handful of hosts should be pretty each to squelch.

If it's a handful, you're right.

Sorry I don't have more details. Once we confirmed the problem my ISP took care of the rest. I don't have the kind of diagnostic tools on the server to be able to determine which hosts (or how many) are involved.

Well, I didn't, anyway. Should be able to get solid info pretty quickly in the future, though.

[P95Carry]

Thx for heads up Derek ........ hope things resolve eventually.

[fistful]

Bad things happen when APS is down. For example, fistful gets really bored, and finally registers on TFL. And there goes the neighborhood.

By the way, can you all clue a brother about the identity of "mad lemur"? Unless it's the guy I'm thinking of.

[Sindawe]

OH NO!!! Who let fistful in here? We're doomed!

Thanks for the update Derek, I was wondering what was up when I could not get in during my lunch break. Creatures who launch DOS/DDOS attacks deserve to be pecked to death by cats.

[Kaylee]

Thanks Derek.

[Black Majik]

Thanks for the update Derek.

I guess I can take refuge here for a while...

[Oleg Volk]

The retarded lemur is who you think it is. I have no way of knowing if he's behind it, but I seriously doubt it.

[fistful]

Thanks, Oleg.

Sindawe, thanks for making me feel at home. Should I go ahead and change my screen name to Scapegoat already?

[helpless]

But all day I could not get on THR and I remembered TFL mentioned a lot over there so I headed over to see if there was any info.

Thanks for the report guys, gotta love the internet.

I will be posting here more often now.

-Helpless

[s32]

I'm also having trouble getting onto AR15.com.
Whats going on

[Mortech]

I don't feel so bad about being on here , I was registered here years before i registered at THR and now i have way more post over there .

[s32]

I'm just worried.
Why are so many gun forums messed up at the same time?

[Jorg]

Quote:

Why are so many gun forums messed up at the same time?

Here's a little song I wrote, you might want to sing it note for note. Don't worry, be happy. In every life we have some trouble. But when you worry you make it double. Don't worry, be happy. Don't worry, be happy now.

Hang in there, Derek. These things are a huge pain.

[ArfinGreebly]

Oleg/Derek,

PM sent regarding back channel capability.

[flatdog]

I was editing my last post on THR at approx. 1600 hrs (CST). yesterday. Well before last nights Republican debate when the site went down for me. Don't know if that helps or not.

The thought of a world with no High Road is "More than I can bear."

There ain't no fleas on TFL either

flatdog

[lee n. field]

Thank you for the update.

I've been using THR to keep on top of the Illinois SB1007 situation (the regular capacity magazine ban the usual suspects are trying to weasel through as we speak).

[BenW]

Quote:

Should I go ahead and change my screen name to Scapegoat already?

You might as well, since this is undoubtedly all your fault...