I'm pretty sure someone's trying to do some sort of denial of service attack - or probing extensively. (For Linux-Tips.us)

K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
11,775
Reaction score
10,337
Credits
97,436
Selection_074.png


The big peak is current, and the attack has gone on for a couple of days. Fortunately, that's all cached content that you're seeing there. Unfortunately, I have to pay for that bandwidth. It's not too expensive and I really like the service.

Also good news, the site has barely stumbled, with zero outages. The CPU is getting a lot of use, but RAM is still just above normal, so I don't think they'll get anywhere.

The CDN is showing a bunch of attacks over the past couple of days. It thwarts them, stopping them from actually harming the site. The site is running just fine - thanks to this and some security steps taken when configuring things. That's good. I didn't even know about the attack until I got an email informing me about the increased activity - and cost.

I say it's money well spent. I'm not 100% sure that it's a denial of service attack or if someone's just probing everything with a whole lot of bandwidth. Either way, does this mean I've finally hit the big time?!? LOL Is my site valuable enough to attack? I suppose it's a good thing that I didn't even notice. It means I've done my job well.
 
Last edited:


Interesting, David, and as you say, money well spent. :)

Just a suggestion - even though this is in Off Topic, it might be useful to mention this is from your website in the Title, lest people think it is to do with linux.org.

Avagudweegend

Chris
 
Good idea, edited the title.

And, absolutely money well spent. They appear to have gotten bored, but they got bored a few times already and then started it back up. The math says I'm getting thousands of attacks per minute at peak, which isn't too bad. It could be thousands of attacks per second.

So, whoever is paying for this botnet, they're getting ripped off. I've been able to identify the source of the traffic. It's largely from "Russia" - but proxies are available all over Russia and there's no way to be certain that that's where the traffic is really coming from. Another chunk of traffic is coming from Amazon (not them, someone using their cloud services).

It hasn't slowed the site down any. The site has been rock solid, though there was a small delay in accessing it for a couple of hours. We're talking a second or two, so nothing major. This is the first time the site has been 'attacked' like this and it's good to see the steps taken earlier (which I'll avoid detailing) were done properly.

At this point, I think the infrastructure can withstand bigger attacks and be reasonably fine. I changed some caching options, hopefully moving all the malicious traffic to CDN traffic. That's more expensive, but it doesn't impact the server. So, I think the site will handle it just fine.

I've recently had a (legitimate) large increase in traffic, as Google has let me out of the doghouse. So, maybe someone thinks they can take the site down and then try to make me pay with crypto currency to get it back online? I doubt the site offended anyone, so that's my best guess.
 
Has this attack mode settled down completely ? ....perhaps coinciding with the activity on Linux.org ?
 
Condobloke said:
Has this attack mode settled down completely ? ....perhaps coinciding with the activity on Linux.org ?
Click to expand...

It went on for a few days, before settling down. It wasn't too expensive, but it was CDN traffic that I pay for. It was indeed while this site was having some drama, so there's a chance of it being related to that.

The Content Delivery Network (CDN) has some decent protection vs DDoS attacks so much of the bandwidth was just denied requests. It was just a bunch of nuisance packets that went to the bit bucket, but there was a whole lot of 'em.
 
Whelp... Someone went to the site and clicked a whole lot of ad links.

They don't do this to help. They do this because it triggers Google's AI and they suspend your account. If it happens enough, Google cancels your account.

For a brief moment, I was like, "Wow! I made some money overnight."

Then I saw the little notice that the ads were suspended pending an investigation.

Thanks, f*ckfaces. Thanks a lot. I appreciate your attention.

*sighs* Well, I wasn't in it for the money. I'll have to search for alternatives. Maybe something based on impressions. I get a lot of page views.
 
wow....that is nasty shit crap.

I asked my initial question here because I just had an instinct that something was afoot.....just little things I see and take note of regarding some members monvements around the site and who they talk to, and whose profile they look at, and obscure crap like that.....which 90% of the time means diddly squat....but every now and then I hit the nail on the head.

I questioned my bank....why only a 5 character password......they replied we rely heavily on behaviour analysis. In other words, they watch Brian's usual habits etc etc......if those habits vary....they send a sms asking for me to enter the included code before they will allow 'me' to proceed.
 
Yeah, it's pretty dickheaded on their part. We'll see what Google says. If nothing improves, I'll try another ad publication service. I've looked around (very briefly) and others exist.
 
You must log in or register to reply here.

Staff online

Members online

Total: 1,101 (members: 6, guests: 1,095)

Latest posts

Top