As you may have gathered the site has been down most of the day…
The servers came under a concerted denial of service attack (DOS).
The site is back up for now, but it is possible with the kiddies off school that we might have to take it off line to stop the script kiddies breaking it evry now and then
Looks like your new IP banning is upsetting the Spammers then eh?
smcaul:
Looks like your new IP banning is upsetting the Spammers then eh?
Looks more like the “groups” ace IT dept cocked up more like
For the record…
The DOS attack was not against TruckNet UK, but we caught the backlash being hosted and backed up on the same server network
and now I intend to do what I have been doing all day, and enjoy the holidays with very excitable 2 and 5 yr old kids…
seasons greetings to you all
Rikki-UK:
For the record…
The DOS attack was not against TruckNet UK, but we caught the backlash being hosted and backed up on the same server networkand now I intend to do what I have been doing all day, and enjoy the holidays with very excitable 2 and 5 yr old kids…
seasons greetings to you all
But several other sites hosted on that server were not affected and one seemed a tad slow today
just to add Seasons Greetings to you and the family
Hi all. The bad news is that I’m deputising for Rik this evening, so the bad ol’ days are back, albeit for one night only.
Ok. Here’s a quick rundown on what happened Chez Arse today to try and help some of the less technically literate understand the state of play…So that would be me[/i] then.
I came on duty in Rik’s place at approximately 10am this morning. The site was, at that point, up and running although slow. It was in the process of trying to make an edit that I realised we had problems, and made a quick scout of the Admin Panel and the backroom bits that were played with yesterday to check something hadn’t inadvertently been clicked which shouldn’t have been…At which point the whole lot went down so I panicked!!!
TNUK is still currently hosted on the same server we have always been on, in good old Lebanon, Missouri - we won’t move over until the big software upgrade, wheneever that may be. Therefore the quickest way to assuage my guilt was to check up on TNUSA, which was also down at this point. The TN Webmail was not, but that is on a third and different server so was no particular surprise - although normally it’s the mail that’s down when everything else is up.
Now the next thing to do is to contact our good ol’ friends the US Techies. One of the things leftover from my days as Manager of this forum is a mutually agreed protocol which says that if I log in the contact messenger for these guys, they’ll leave a message letting us know what’s going on so we’re not wasting their valuable time whilst sorting it out. They’ve been absolutely 100% in sticking to this ever since, as it saved grief on both sides of the pond, so I knew that when I say all the guys were online but busy and no message was left, it had to be something big.
Long story short, TNUSA came up at dinnertime, albeit slowly - it’s on a different specific server to this site but within the same group - and things finally calmed down enough to find out the info Rik posted above just as TNUK came back up.
Because other sites which have nothing to do with us, RBI, or even the transport industry, are hosted within the same server group, if one of those sites gets an attack all the others are affected too. Apparently a Denial Of Service is where a lot of people either manually - or more usually, using BotNets (Google is your friend ) - all try and log onto a site together and bring it down through weight of download requests. The specific site is irrelevant, to behonest, these guys rarely have an agenda, they just think it’s fun. Each to their own…But that’s why it happens a lot at this time of year. At least one other site I visit has suffered the same problem and still isn’t back up.
Still, we’re back now, so let’s make the most of it while we can. Taking the site down will be a last resort ONLY, but I’m sure we’d all rather protect the database in the longer term than throw it all away for the sake of one night if it comes to that.
Right then…Who can I edit…Rubs hands together with anticipation
Ps. I’ll be about in chat on and off for most of the night if you have any further questions, although that’s about all I know to be honest.
Pps. I’ll leave this thread in here for the rest of the evening so everyone gets a chance to get bored by it, then shuffle it off to it’s rightful place in Feedback when I hit the hay. Just so’s you know, like.
well i was going to join u in chat.
It took me a couple of attempts to get into chat, so if anyone’s struggling then just keep trying. It let me in eventually.
its goosed.
Bugger.
On it.
Have re-enabled Guest log-in for one night only whilst this gets sorted. Remember that if it gets abused, I can just as quickly turn it off again.
Have checked and it does work that way.
(including all data and membership details
does this include passwords of the members
or is this protected under the data protection acts
As for stopping the spammers or robot registrations a simple script re-write will stop this…I know of one site that does this and does not get spammed with ■■■■■■ sellers.
Mind you i find ■■■■■■ does help me by stopping me pee on my feet and it also help stop me from rolling out the bed
I’m lost Jim…Where are you quoting from? Might be able to help then…
As for anti-spam mods, it’s being worked on, but this board has already been modded to a major extent to make it fit with the security systems they have in place on the server that what would be a simple mod on a standard PHP board would be a major deal here. Hence it’s easier all round just to sort it when we come off opensource software completely. I think that’s what the deal is, anyway - as I said, I’m no techie, just holding the fort.
If your asking what will happen to all the e-mail addys and passwords in the database here, then yes, they will be imported straight onto the new board when we get it. That’s why so much beta-testing and planning has to go into the move - the aim is to build the new board on top of the existing database rather than taking the existing database with us to a new board, if that makes sense…
HTH
Hence it’s easier all round just to sort it when we come off opensource software completely
No No No
Ask your techies to look at traffic shaping and either ipchains or iptables.*
Ddos attacks are directed at a specific port, if you block this port and drop packets to a blackhole the Ddos will stop.
Basic server security should have all ports dropped and redirected to the blackhole apart from needed ones such as web, mail & ftp etc etc
*iptables=ipchains but newer
Traffic shaping for security purposes is limiting the amount of ICMP-unreachables that a firewall can return within a given amount of time. This way, a proper portscan would take much more time to do. As long as there is no answer to a portscan packet, the portscanner will not know for sure if the port is open or not. Slow scanning is the only way to know for sure and when the firewall is protecting a large number of hosts slow scanning could take weeks. During that time, the portscanner is clearly visible and that’s something most portscanners will try to avoid. This can be done by defining traffic shape classes for the PPP interface
No no no no to you too! (Thanks for that, will draw people’s atention to it)
The security thing which caused the DOS attack was nothing to do with this site specifically, and is being well and truly sorted by those that can.
The bit I was on about above concerns re-modding this board to add spam hacks, and why no-one is doing it right now. It’s been too modded already with non-standard mods and would be a ridiculous pain in the arse, basically.
Bit of crossed wires there, I think!
As I’ve said before, I’m NO techie and wouldn’t even pretend to be, I’m only passing on what I’ve been told in a way that I think I’ve understood it, speaking as a layman.
I may well be talking out of my very ample arse. It wouldn’t be the first time…But the intention is generally good.
Yes Yes Yes
Agree with crossed wires, was posting regarding :-
Rikki-UK:
The servers came under a concerted denial of service attack (DOS).
Hi all. The bad news is that I’m deputising for Rik this evening, so the bad ol’ days are back, albeit for one night only.
and the shock that you are coming off opensource software
It does not matter that the attack was not directed at your site specifically. If you are really interested in networks and how they work i could bore you for weeks but if you want a general overview and configuring tips then a few weeks of reading info posted on here will keep you entertained
I have been using this site for years and still haven’t a clue
(back to the top & over to you )
Linux-user:
Hence it’s easier all round just to sort it when we come off opensource software completely
No No No
Ask your techies to look at traffic shaping and either ipchains or iptables.*
Ddos attacks are directed at a specific port, if you block this port and drop packets to a blackhole the Ddos will stop.
Basic server security should have all ports dropped and redirected to the blackhole apart from needed ones such as web, mail & ftp etc etc
*iptables=ipchains but newer
Traffic shaping for security purposes is limiting the amount of ICMP-unreachables that a firewall can return within a given amount of time. This way, a proper portscan would take much more time to do. As long as there is no answer to a portscan packet, the portscanner will not know for sure if the port is open or not. Slow scanning is the only way to know for sure and when the firewall is protecting a large number of hosts slow scanning could take weeks. During that time, the portscanner is clearly visible and that’s something most portscanners will try to avoid. This can be done by defining traffic shape classes for the PPP interface
Me thinks a little to much info