Are we suffering attempted DDoS attacks.

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
you may not consider it a majour site, but parrot forums was down for two and a half days this week

It happens to the best of 'em, though the more major sites usually have a bigger budget and can get back online sooner.

i'm going to need your email address and password to verify the security of all your domains, because you are the greatest threat to your security

You've probably seen my email address, or at least one of 'em. I'm pretty much the easiest person on the planet to dox, and I'm okay with that. Also, you'd need more than my email and password (for truly important things), 'cause I love 2FA. If I can use 2FA, I use it.

I suspect there's a plugin that'd enable it on ZenForo sites, but I've never looked...

Actually, lemme look...

Heh... It's already an option. If this was my site, any one with elevated permissions would be required to use 2FA. So, mods and admins would have to have 2FA enabled - if it was up to me.
 


CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
924
Reaction score
395
Credits
7,841
It happens to the best of 'em, though the more major sites usually have a bigger budget and can get back online sooner.



You've probably seen my email address, or at least one of 'em. I'm pretty much the easiest person on the planet to dox, and I'm okay with that. Also, you'd need more than my email and password (for truly important things), 'cause I love 2FA. If I can use 2FA, I use it.

I suspect there's a plugin that'd enable it on ZenForo sites, but I've never looked...

Actually, lemme look...

Heh... It's already an option. If this was my site, any one with elevated permissions would be required to use 2FA. So, mods and admins would have to have 2FA enabled - if it was up to me.
well, now you know who you need to mail your phone to.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
well, now you know who you need to mail your phone to.

That's kinda tempting. You have to deal with all my phone calls and text messages!
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,106
Reaction score
6,983
Credits
31,168
...plugin that'd enable it on ZenForo sites,

Zen is Buddhist, we use XenForo (probably pronounced the same).

We already have 2FA here - if you go into your account and choose Passwords and Security, it is likely disabled by default but you can enable it there.

On topic, I have not looked for figures but probably can, and would be surprised if we do not have 99% uptime.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
We already have 2FA here - if you go into your account and choose Passwords and Security, it is likely disabled by default but you can enable it there.

I never spend any time in there. I'll have to enable it, as I'm a moderator with elevated permissions.

Because the site is behind CF, to do real uptime testing have it open the site and pick a word that's always on the page. The uptime monitors can/will test for that if you want. You might pick a phrase like "newsletter", which is on every page but is not on the CF page that shows when the site is down.

Hetrix is a solid service provider for free. You can even share the results with a public URL, but you can't set up a status page without the aid of Rob (as it requires a DNS record change).
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
Update: I don't see it. From looking online, only admins (may) have that option. It's not in any of my account settings.

I am but a mod, so I don't have that option.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
And 2FA has been enabled, with backup codes saved in a safe place.

I chose email, which means logging in via my cell may be problematic, but I'm far more likely to lose my phone than I am to lose my email address and that password is complicated enough so that I don't even know it!
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,106
Reaction score
6,983
Credits
31,168
Boofhead (and I mean that in the nicest possible way, I will likely be on the rum in about 2 hours) - have you tried clicking it to see if it works for you? You can cancel out without enabling it.
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
5,546
Reaction score
4,648
Credits
33,684
That's deep(ish) !!!!
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,106
Reaction score
6,983
Credits
31,168
Scratch the last part of my above post then, we almost crossed beams - dangerous according to Ghostbusters.
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
5,546
Reaction score
4,648
Credits
33,684
works for me

I use 2FAS

I just logged out....and then back in using 2 factor authentication via that app.

I have some codes stored in case of failure....but I don't think I will need them. The 2fas app works perfectly.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
but I don't think I will need them

I've had it fail on other sites, not my own, but still... So, definitely make sure to not lose 'em. I'm not sure if even an admin could recover your account? You'd have to ask them to know.

2FA giveth and 2FA taketh away!
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
8,071
Reaction score
6,928
Credits
65,521
Update: Now THAT was an outage to be concerned about!

@Rob, that one was a good one. Under normal circumstances, I'd figure you were rebooting stuff, but it was a full 45 minutes with sporadic connectivity.
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
5,546
Reaction score
4,648
Credits
33,684
We have DDOS mitigation that can be turned on at a moment's notice.

Has the moment passed yet /?... @Rob
 
Last edited:

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,106
Reaction score
6,983
Credits
31,168
I'll go out on a limb here and say you can record here if you are experiencing an outage of say more than 10 minutes, and I can take a look. My phone will ping (just got one from Brian, but that is to a conversation). Make allowance for the fact that I live in a state with no daylight saving and it is always at UTC+10. I log out by my 7PM each night to cook the evening meal, and am in bed two hours later.

If you wake me I will be forced to kill you.

Wiz
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Staff online

Members online


Latest posts

Top