Hello,
Here's what we know so far. On the 15th of July, I upgraded the forum software. Shortly after the upgrade, I noticed numerous broken links throughout the site. I fixed them all, but an hour later, the CPU usage skyrocketed beyond 100%, leading to database errors. I also observed 1,000 faults in the processes, rendering the forum non-functional.
I disabled all plugins and themes, reverting to the stock version of Xenforo, but the CPU performance didn't improve. I was considering potential solutions when I noticed a sudden drop in CPU usage, bringing levels back to normal. The website functioned properly for a while but then exceeded maximum capacity again, becoming dysfunctional without any intervention. I disabled all plugins via the command line since the ACP was unavailable. The site came back online, once more using the stock version.
Users were requesting dark mode and "users activity" feature, so I enabled them, which caused the site to slow down again. I continued to suspect the upgrade, as the site was fine before it.
However, after speaking with the hosting provider, they were certain it was a DDoS attack. Our typical traffic is around 40,000 hits per day, but between the 15th and 16th of July, we had about 11 million hits. This volume is highly unusual for a small site like ours, suggesting bad bots. We installed a captcha, but it didn't help much. A Xenforo developer who works for the company reverted the forum to the older version, fixed everything and advised against upgrading until all plugins are compatible. We were back to the state of a week ago with a functioning website and compatible plugins.
The website worked fine for another 12 hours before the CPU resources were maxed out again. Another experienced Xenforo developer who was helping me all along (Andy) also believes a DDoS attack is causing the issue, rather than a problem with the forum itself.
Originally, I transferred the domain to Cloudflare in December for DDoS protection, but the changeover took longer than expected, leading to numerous user complaints even after four days. With the old PDF shutting down that week, I reverted to the original host for a smoother user transition. Since then, transferring to Cloudflare has been on hold. My current host offers some DDoS protection, but I plan to switch to Cloudflare this week, despite potential user disruptions, as it's beneficial in the long run.
I noticed my tracking tools reported about 500,000 visits from Russia. Also... on the day of the attempted assassination of Donald Trump, we saw an increase to 1,200 users from the USA, compared to the usual 200 per day. So, there was natural traffic growth alongside the DDoS attack.
Please bear with us during these challenging times as the forum is fully recovered and we understand the issue. I have temporarily disabled some features and will re-enable them once the attack subsides. I might reintroduce the captcha to reduce unwanted bots until further notice. So I apologise in advance for the inconvenience. Please use the following link to find the latest posts in the meantime, if I keep switching it off in case
Thank you for your understanding.
