Forum Updates and DDoS attack

[lightning f57]

Thanks for the update, are there still some changes to put in?

Regards

 

[HeratKabul]

I don’t want to speculate but it could be anyone. There are too many possibilities to mention such as a user not happy with the forum or got banned and trying to take a revenge to the conspiracy theory of involvement of CIA, RAW or Mossad or individuals from rival forums hiring professionals to do this activity.

Most likely, it's revengeful maniacs from ISI or auto-bots scraping data for AI training. You know, you are sitting on a gold-mine of user-generated data right ?.

Western AI scrapers copy data silently, they will never bring down a forum. This crude scraping work is either of Chinese or some un-skilled startup.

 

[HeratKabul]

Most likely some IT Cell/Scam center in Noida pooled together their family's collective savings to pay some russians for a DDOS attack

Think beyond the box. They do not need to hire, they have such IT talent that can do themselves.

RAW/Mossad/Mi6/CIA do not go after small fish like PDF or Arshad Sharif in Kenya, that cheapness is exclusive to Pakistani or Saudi intelligence apparatus.

 

[Mr X]

Expect disruptions for 2 more days

1) I took 3 days off from work because of the website and got pending tasks to do

2) I need to sleep

3) I have taken all the preventive measures, I know and advised by other developers in order to minimize DDoS.

4) All the pending tasks since the launch of this forum were completed which I really wanted to do in December including moving ........ to cloudflare and ....... and ...... and .......

Hopefully after two days. The site will be back to normal

 

[Sharma Ji]

Damn.. who done it, but ? Us gangu gang ?

 

[Fatman17]

I am one of the effecties and I am going to be very patient also. Good luck with it.

 

[j_hungary]

Hello,

Here's what we know so far. On the 15th of July, I upgraded the forum software. Shortly after the upgrade, I noticed numerous broken links throughout the site. I fixed them all, but an hour later, the CPU usage skyrocketed beyond 100%, leading to database errors. I also observed 1,000 faults in the processes, rendering the forum non-functional.

I disabled all plugins and themes, reverting to the stock version of Xenforo, but the CPU performance didn't improve. I was considering potential solutions when I noticed a sudden drop in CPU usage, bringing levels back to normal. The website functioned properly for a while but then exceeded maximum capacity again, becoming dysfunctional without any intervention. I disabled all plugins via the command line since the ACP was unavailable. The site came back online, once more using the stock version.

Users were requesting dark mode and "users activity" feature, so I enabled them, which caused the site to slow down again. I continued to suspect the upgrade, as the site was fine before it.

However, after speaking with the hosting provider, they were certain it was a DDoS attack. Our typical traffic is around 40,000 hits per day, but between the 15th and 16th of July, we had about 11 million hits. This volume is highly unusual for a small site like ours, suggesting bad bots. We installed a captcha, but it didn't help much. A Xenforo developer who works for the company reverted the forum to the older version, fixed everything and advised against upgrading until all plugins are compatible. We were back to the state of a week ago with a functioning website and compatible plugins.

The website worked fine for another 12 hours before the CPU resources were maxed out again. Another experienced Xenforo developer who was helping me all along (Andy) also believes a DDoS attack is causing the issue, rather than a problem with the forum itself.

Originally, I transferred the domain to Cloudflare in December for DDoS protection, but the changeover took longer than expected, leading to numerous user complaints even after four days. With the old PDF shutting down that week, I reverted to the original host for a smoother user transition. Since then, transferring to Cloudflare has been on hold. My current host offers some DDoS protection, but I plan to switch to Cloudflare this week, despite potential user disruptions, as it's beneficial in the long run.

I noticed my tracking tools reported about 500,000 visits from Russia. Also... on the day of the attempted assassination of Donald Trump, we saw an increase to 1,200 users from the USA, compared to the usual 200 per day. So, there was natural traffic growth alongside the DDoS attack.

Please bear with us during these challenging times as the forum is fully recovered and we understand the issue. I have temporarily disabled some features and will re-enable them once the attack subsides. I might reintroduce the captcha to reduce unwanted bots until further notice. So I apologise in advance for the inconvenience. Please use the following link to find the latest posts in the meantime, if I keep switching it off in case

What's new

Thank you for your understanding.

Do ask your host to block any and all connection requests other than those from cloudflare ip range after you complete the domain transfer to cloudflare... there are sites that keep a record of past dns responses that can be used to bypass cloudflare.

Seems like someone is using the new plugin and backdoor this attack.

This is most likely coming from a member or someone who know the website is being upgrade. You probably know about this tho

 

[j_hungary]

Ddos can be stoped right by making a protection sofware to detect human or not human visitors ?

I see Arab Defense Forum use it

You can't actually stop them this way (By the way, adding captcha is one of the way to sieve out human and bot)

 

[Mr X]

You can't actually stop them this way (By the way, adding captcha is one of the way to sieve out human and bot)

I know, it was on for few hours but right now the forum could be down once more for the reasons mentioned in the private message earlier. Let me still turn the captcha On

 

[Mr X]

Damn.. who done it, but ? Us gangu gang ?

Someone with deep pockets

It’s not that cheap to do the ddos of this scale.

 

[Sharma Ji]

Someone with deep pockets

It’s not that cheap to do the ddos of this scale.

damn, I cant imagine who would

there's a fair few of us tricolor flag-bearers here

fighting fair

 

[Sharma Ji]

and there's enough infighting among the Indians themselves..hmm

it could be guru dutt

 

[j_hungary]

Someone with deep pockets

It’s not that cheap to do the ddos of this scale.

usually state sponsored

The question is which states...

 

[j_hungary]

I know, it was on for few hours but right now the forum could be down once more for the reasons mentioned in the private message earlier. Let me still turn the captcha On

Yeah, don't worry, take you time.

 

[Mr X]

I should preferably turn the board off for 1 hour but I am not doing it.

The site could be down when the server transfer is complete that is not helping me to sleep (5am in London)