Don’t really want to post too many details on what just happened on the server, let’s just say that it wasn’t a nice thing to attempt and it won’t be happening again.
Whilst on the subject, there’s a vBulletin upgrade out and I’ll hopefully get round to it before Balrog finishes his DIY :chuckle:
DT.
Gives you plenty of scope 
I thought it was my internet gone FUBAR because TPR is usually up.
I tried to get on here and tried to check my email and neither worked so I thought it was me. Forgot that the first email thunderbird checks is my TPR one :chuckle:
it would seem someone somewhere is intent on taking down the server, with whatever method they can.
In simple terms, the server is/was :xfinger: being flooded with requests and our server is not beefy enough to cope. If it’s a script kiddy, they’ll get bored soon, until then I’ll keep doing what I can.
DT.
Well done DT 
I noticed that our site was down. Thanks for getting it stable again DT!
Glad to see it back up this morning DT, hope they get bored soon
There will probably be a few more too before I’m finished.
Tried to check the forums yesterday and after clicking on the bookmark, was met with a box requesting a username and password for the server.
most of the weekend the server was under attack, and with the configuration of the server we are hosted on and the style of attack, there was little I could do.
The box is a freebsd custom kernel on a 123-reg dedicated server package, unlimited bandwidth. They are ‘supposed’ to prevent this form of attack even reaching the server, so they don’t compile into the server kernel anything that can prevent this type of thing. The hardware isn’t up to a huge amount, so I think the policy must be this way due to that. What happened though was the checking that is meant to be done in the routing at 123-reg failed to do it’s job, I suppose there is a definate thought in my head that you get what you pay for.
To the attacks, there were a few ip addresses using multi threaded applications to trawl through the entire site, in not a nice way. So a single ip address was basically hogging as many apache processes as possible. I added what I could to prevent it, and this was enough for the first round of attacks, then I simply could not devote the time required to prevent the second round of attacks. As many know I’m moving house soon (tomorrow) so I have more important things to attend to.
As there are other sites hosted on the box, I simply disabled the sites under attack to keep the others live. Last night with the authentication enabled I was able to get in and change the guest usergroup permissions, preventing a guest viewing threads. This morning I’ve gradually put the server back to normal state, at the moment guest can view forums but not threads.
This is preventing :google: from indexing us. Once I’ve got the house move sorted I’ll spend the time required to return us to ‘normal’ operations. The good news with my house move being delayed so much is that we move tomorrow, and I get internet the morning after 
All relevant people that needed to be informed of the misuse of computer (which this type of attack falls under) have been notified. I’m sure you can appreciate that I can’t give out details of this, but things have been done.
Malk.