Forum Updates and DDoS attack

Mr X · Jul 21, 2024

Now the attack is shifted from Russia to China. We are controlling over 99% of bots but these are few examples of leaks.

I am about to sleep so will look into it tomorrow. This data consists of the last 2 hours only

HeratKabul · Jul 21, 2024

Mr X said:
Now the attack is shifted from Russia to China. We are controlling over 99% of bots but these are few examples of leaks.

I am about to sleep so will look into it tomorrow. This data consists of the last 2 hours only

View attachment 55967

View attachment 55968

These appear to be Chinese startups scraping PDF user comments for AI training... (F-word) communists

Fatman17 · Jul 21, 2024

At times can't move beyond this security check?

Dalit · Jul 21, 2024

Mr X said:
Now the attack is shifted from Russia to China. We are controlling over 99% of bots but these are few examples of leaks.

I am about to sleep so will look into it tomorrow. This data consists of the last 2 hours only

View attachment 55967

View attachment 55968

Is it possible these users are using VPN to conceal their real IP?

Viet · Jul 21, 2024

AjayGhatak said:
In corporate with a 10,000 laptops and IoT devices / kiosks, it’s simply not practical to not do automated updates. The trick usually is to have control over what updates get deployed on your assets. So your own IT can validate any changes and then deploy it. But then likes of Crowdstrike just bypass that and assume the role of IT of an enterprise while deploying their changes. Businesses love it because they think it reduces their cost. But in reality it makes the more fragile. The last line of defence is now gone and if Crowdstrike strikes, its takeover for all these businesses. There is no safety net of local IT to prevent a broken deployment.

It’s a combination of ignorance, cost cutting, and blind trust. It seems Crowdstrike skipped internal mandatory security check. Microsoft approves the update without mandatory check. Companies IT approve and auto deploy update without internal check.

PK784 · Jul 21, 2024

Dalit said:
Is it possible these users are using VPN to conceal their real IP?

This is likely as these are commonly used proxys used for malware attacks. The real location/IP could be anywhere.

Khansaheeb · Jul 21, 2024

AjayGhatak said:
Do ask your host to block any and all connection requests other than those from cloudflare ip range after you complete the domain transfer to cloudflare... there are sites that keep a record of past dns responses that can be used to bypass cloudflare.

The DDOS attack should be blocked by the internet provider , don't think cloudfare can do much.

AjayGhatak · Jul 21, 2024

Khansaheeb said:
The DDOS attack should be blocked by the internet provider , don't think cloudfare can do much.

Its ... the question of who becomes weakest. Your application server and database OR your network connection. For the forum kind of websites, its usually the former. So, internet provider can not do much. But yes, for network flooding internet providers can filter out but for application and database compute exhaustion, you need something like cloudflare which will rate limit automated requests and filter bogus requests with a context.

Why it works? Because... the way it is architected and the problem it is solving. Its scalable and they have resources for doing it.

In short, it works because ... chain is strongest as its weakest link and your application server and database often end up being weakest.

flowerfan · Jul 22, 2024

HeratKabul said:
These appear to be Chinese startups scraping PDF user comments for AI training... (F-word) communists

Apprear to be Chinese? You are very suspicious.

Shafsins · Jul 22, 2024

Fatman17 said:
View attachment 55975
At times can't move beyond this security check?

was facing the same issue since morning, seems to be working now though, after 7 hours.

bengalcdn · Jul 22, 2024

Fatman17 said:
View attachment 55975
At times can't move beyond this security check?

Ya same here, I can got in twice but then when I tried to go the next page again couldn’t access.

Mr X · Jul 22, 2024

this is an example of what we are dealing with

There are few IPs which I am okay to name and shame When using the laptop. One IP had accessed the website 7.7 million times before blocking it… a few IPs with 5 million times

We will be moving to highly powerful VPS very soon.. just need to resolve few issues before that

Mr X · Jul 22, 2024

It's temporarily fixed but the issue is very serious. I have taken several days off from work due to this but due to busy life, I can't be present in front of the computer all the time. Everytime I go away, the site crashes.

It will likely be okay for few hours if not permanently. Let's see

Areesh · Jul 22, 2024

HeratKabul said:
These appear to be Chinese startups scraping PDF user comments for AI training... (F-word) communists

Bhai tu p@jeet hai

Maan lai

Viet · Jul 22, 2024

Mr X said:
this is an example of what we are dealing with

View attachment 56037

There are few IPs which I am okay to name and shame When using the laptop. One IP had accessed the website 7.7 million times before blocking it… a few IPs with 5 million times

We will be moving to highly powerful VPS very soon.. just need to resolve few issues before that

Should cloudfare be able to block those bots, attackers? No?

Forum Updates and DDoS attack

Mr X

Moderator

HeratKabul

Full Member

Fatman17

THINK TANK: CONSULTANT

Dalit

Elite Member

Viet

Elite Member

PK784

Full Member

Khansaheeb

Elite Member

AjayGhatak

Full Member

flowerfan

Member

Shafsins

Member

bengalcdn

Full Member

Mr X

Moderator

Mr X

Moderator

Areesh

Elite Member

Viet

Elite Member

Users who are viewing this thread

Pakistan Defence Latest

Country Watch Latest

Latest Posts

Share this page