May 15, 2007, 05:21 PM | #1 |
Senior Member
Join Date: March 30, 2000
Location: South GA
Posts: 267
|
THR is down right now
damn - I'm posting most of the tech support threads here.
THR is currently down. We were suffering from a DOS attack that was (mostly) due to a compromised server in Chicago. We were seeing inbound traffic of ~50 Mbits/second at the firewall (normal is about 0.768 Mbits) which was enough to swamp the machine. Rebooting the firewall got us back in, and I reconfigured the firewall a bit so it wouldn't run out of memory (my guess as to what caused the actual outage). We were still seeing the traffic, and rather than pay for it I had my network provider intervene. THR has been 'null-routed' until the attacks stop, which pretty much means "you can't get there from here." The company that owns the compromised host has a disconnected abuse telephone line, and their web server is reporting errors, so they'll be tough to reach. Once the attack dies, THR will come back to life. (As an aside, I'm paying for a 10 Mbit link, but I apparently have significantly better than that.)
__________________
-- Derek "An elective despotism was not the government we fought for." --Thomas Jefferson |
May 15, 2007, 05:45 PM | #2 |
Member
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
|
Targetted?
Derek,
Any idea if this sort of thing is just "random" as a consequence of somebody leaving the gate open, or is this a more targetted kind of attack? And if "targetted" is the verdict, what then?
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- gh@c2 "Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- gh@c2 Last edited by ArfinGreebly; May 15, 2007 at 06:24 PM. |
May 15, 2007, 06:05 PM | #3 | |
Senior Member
Join Date: March 30, 2000
Location: South GA
Posts: 267
|
Quote:
I'm not clear on whether it's just the one compromised server in Chicago that's banging on the doors, or whether other machines are involved as well. I just know there's still a flood of packets trying to swim their way to THR's IP address.
__________________
-- Derek "An elective despotism was not the government we fought for." --Thomas Jefferson |
|
May 15, 2007, 07:15 PM | #4 |
Senior Member
Join Date: November 26, 2004
Posts: 197
|
Could user computers be attacked when attempting to go to the THR site?
(I'm not a techie, so if this sounds like a dumb question please be patient) |
May 15, 2007, 07:48 PM | #5 |
Member
Join Date: December 30, 2006
Posts: 43
|
I'm glad to know that its down and my internet explorer is'nt on the fritz. I was about to download a copy of netscape to see if I could get on. Hurry back THR
|
May 15, 2007, 07:57 PM | #6 |
Member
Join Date: September 26, 2005
Posts: 45
|
How about a backdoor address for the longtime members to bypass this rockstar tantrum?
__________________
socialnewswatchDOTcom instead of Drudge |
May 15, 2007, 08:02 PM | #7 |
Senior Member
Join Date: October 17, 2006
Location: Richmond, VA
Posts: 167
|
Derek, if the attack is coming from one machine, can't you just ask your ISP to block inbound packets from that IP address? It's tough to stop a DDOS, but a DOS coming from a handful of hosts should be pretty each to squelch.
|
May 15, 2007, 08:27 PM | #8 |
Member
Join Date: July 22, 2006
Posts: 99
|
Why can't your ISP block the traffic from the compromised server only? How many could there be? At most a handful could have be compromised, probably all from the same company with the same subnet with the same servers with the same vulnerabilities.
|
May 15, 2007, 08:38 PM | #9 | ||
Senior Member
Join Date: March 30, 2000
Location: South GA
Posts: 267
|
Quote:
Quote:
Sorry I don't have more details. Once we confirmed the problem my ISP took care of the rest. I don't have the kind of diagnostic tools on the server to be able to determine which hosts (or how many) are involved. Well, I didn't, anyway. Should be able to get solid info pretty quickly in the future, though.
__________________
-- Derek "An elective despotism was not the government we fought for." --Thomas Jefferson |
||
May 15, 2007, 09:28 PM | #10 |
Senior Member
Join Date: May 18, 2004
Location: South PA, and a bit West of center!
Posts: 300
|
Thx for heads up Derek ........ hope things resolve eventually.
__________________
Chris - P95 (P97 also!) Guns don't kill people - people kill people. NRA Certified Instructor & NRA Life Member. Rohrbaugh interest/ownership? - Rohrbaugh Forum Rohrbaugh R9 FAQ Site |
May 15, 2007, 09:35 PM | #11 |
Junior Member
Join Date: May 15, 2007
Posts: 5
|
Bad things happen when APS is down. For example, fistful gets really bored, and finally registers on TFL. And there goes the neighborhood.
By the way, can you all clue a brother about the identity of "mad lemur"? Unless it's the guy I'm thinking of. |
May 15, 2007, 09:48 PM | #12 |
Member
Join Date: November 5, 2002
Location: Just outside of the PRoB
Posts: 56
|
OH NO!!! Who let fistful in here? We're doomed!
Thanks for the update Derek, I was wondering what was up when I could not get in during my lunch break. Creatures who launch DOS/DDOS attacks deserve to be pecked to death by cats.
__________________
When you dream, there are no rules. People can fly, anything can happen... |
May 15, 2007, 09:52 PM | #13 |
Senior Member
Join Date: June 14, 2000
Location: The Last Homely House
Posts: 1,677
|
Thanks Derek.
|
May 15, 2007, 10:01 PM | #14 |
Member
Join Date: May 21, 2004
Posts: 76
|
Thanks for the update Derek.
I guess I can take refuge here for a while...
__________________
~Richard |
May 15, 2007, 10:02 PM | #15 |
Staff Alumnus
Join Date: December 6, 1999
Location: Nashville, TN
Posts: 7,022
|
The retarded lemur is who you think it is. I have no way of knowing if he's behind it, but I seriously doubt it.
|
May 15, 2007, 10:21 PM | #16 |
Junior Member
Join Date: May 15, 2007
Posts: 5
|
Thanks, Oleg.
Sindawe, thanks for making me feel at home. Should I go ahead and change my screen name to Scapegoat already? |
May 15, 2007, 10:53 PM | #17 |
Member
Join Date: March 8, 2007
Location: Gunshine State.
Posts: 15
|
I never post here, mostly troll...
But all day I could not get on THR and I remembered TFL mentioned a lot over there so I headed over to see if there was any info.
Thanks for the report guys, gotta love the internet. I will be posting here more often now. -Helpless |
May 15, 2007, 11:11 PM | #18 |
Junior Member
Join Date: February 14, 2007
Posts: 4
|
Arfcom??
I'm also having trouble getting onto AR15.com.
Whats going on |
May 15, 2007, 11:19 PM | #19 |
Senior Member
Join Date: December 30, 2000
Location: Shelton WA
Posts: 120
|
I don't feel so bad about being on here , I was registered here years before i registered at THR and now i have way more post over there .
__________________
S&W Model 10 38SPec , 19-3 S&W 39-2 , 59 S&W 1006 , 1066 , 3913 S&W M&P40 |
May 15, 2007, 11:21 PM | #20 |
Junior Member
Join Date: February 14, 2007
Posts: 4
|
TFL is great
I'm just worried.
Why are so many gun forums messed up at the same time? |
May 15, 2007, 11:43 PM | #21 | |
Junior Member
Join Date: August 11, 2006
Posts: 3
|
Quote:
Hang in there, Derek. These things are a huge pain. |
|
May 15, 2007, 11:43 PM | #22 |
Member
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
|
Back Channel
Oleg/Derek,
PM sent regarding back channel capability.
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- gh@c2 "Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- gh@c2 |
May 16, 2007, 07:50 AM | #23 |
Junior Member
Join Date: May 19, 2004
Location: Louisiana
Posts: 0
|
I was editing my last post on THR at approx. 1600 hrs (CST). yesterday. Well before last nights Republican debate when the site went down for me. Don't know if that helps or not.
The thought of a world with no High Road is "More than I can bear." There ain't no fleas on TFL either flatdog
__________________
" Perfectly matched violence never solved anything." |
May 16, 2007, 07:54 AM | #24 |
Senior Member
Join Date: October 12, 2002
Location: The same state as Mordor.
Posts: 5,569
|
Thank you for the update.
I've been using THR to keep on top of the Illinois SB1007 situation (the regular capacity magazine ban the usual suspects are trying to weasel through as we speak). |
May 16, 2007, 07:58 AM | #25 | |
Senior Member
Join Date: December 15, 2001
Location: CA
Posts: 282
|
Quote:
|
|
|
|