Page 1 of 1

Slow forum and spam posts

Posted: Tue Aug 06, 2019 7:11 pm
by Arokhs Twin
I'm sure a lot of you know the site can be slow sometimes and some page elements do not load. The site is being hammered by spambots; there's thousands per day hitting the registration page and also trying to post as a guest. 99% get stopped by the anti spam system but a few do get through every now and then which I can't do a lot about.

Seem as these attacks come from thousands of different IP addresses it's impossible to stop them from trying to register. It's putting a lot of load on the server due to the scripts that run server side and the SQL database server with tons of queries as it checks a number of things before passing stage 1 of detecting a spammer.

The server CPU usage is well over 80% at times and should be more or less idle. As this site is hosted on a VMware based virtual server the hardware resources are shared with other virtual servers and ones that use a lot of cpu, memory etc usage will be slowed down. Basically one physical server can host multiple virtual servers and this site runs on one of them.

Looking at my server logs the site was disabled 58 times in the last 7 days due to excessive hardware resource usage.

Bear with us on this and keep trying if you can't register or post and in the meantime I will see if I can stop the spam tide.

Re: Slow forum and spam posts

Posted: Tue Aug 06, 2019 9:56 pm
by Arokhs Twin
Update - majority of spam was coming from spoofed IP addresses but I managed to find out their real addresses and it was from 3 addresses in Russia and one in Israel. They have been blocked in the .htaccess file so can't even access the site.

This should stop it (for now)

Re: Slow forum and spam posts

Posted: Thu Aug 08, 2019 4:27 am
by MBK_MBK
Greetings.

I do not think it is a "fortuitous coincidence"... :|
It may sound like paranoia, but what I am going to say is based on the facts that I have experienced. That pernicious activity of spamer, resembles the DDOS attacks that communist and satanic hackers usually do; the same ones that have been bothering to modders like us, from several years ago...
And please, excuse me, don't be offended by what I just said. It is not about "where someone is"; but it is about, "if someone is a good person, or not". I wouldn't even be surprised if attacks were received from China by someone (a bastard named Wang Kai); that Sryml and me already know him...


I have not noticed slowdowns or load blockages; just a little while loading large images, but that's normal because I was adding such images to the posts.
Well, in my computer, all the forum works perfectly. Thank you very much. :)

Re: Slow forum and spam posts

Posted: Thu Aug 08, 2019 5:50 pm
by Arokhs Twin
No problem, no offense taken. The spam attacks over the past few days came from 3 ISP's located in the Ukraine and one in Israel. A new attack happened yesterday with >10 registrations which got through the anti-spam system. Again from Ukraine but different IP. The anti spam system now stops them posting if they manage to register; most just sign up and have links to sites they want to advertise in their signature so they rank higher in google searches due to linkbacks to their site.

Some do get through every now and then but I delete them when I log in.

Re: Slow forum and spam posts

Posted: Thu Aug 08, 2019 6:36 pm
by MBK_MBK
Friend, I'm glad everything is fine.
I don't have enough words to thank the incredible work you do for so many years, keeping the forum clean and safe; so that Drakan an BoD fans and modders can communicate regardless of distances or time. Eternal gratitude.

Re: Slow forum and spam posts

Posted: Fri Oct 25, 2019 5:22 pm
by Sryml
Hi Admins,

I recently couldn't access the Arokh's lair forum normally, and the page prompts me that I was blocked by the Cloudflare service. Does it prohibit all IP access from China?
I don't know what caused it. I have been unable to access the forum for a month. I can only temporarily use the SSR proxy to access the forum. please help me! :?


Re: Slow forum and spam posts

Posted: Fri Oct 25, 2019 6:43 pm
by Arokhs Twin
I placed a ban on all known China ISP's for a few weeks due to a DDOS attack and spam flooding. I've changed it so that genuine users are able to get through now.

EDIT: upon unbanning China the site was overloaded again. Now I understand that banning the whole country was too drastic but I had to do that until I had time to look at it further. There's too many IP addresses to ban so i've managed to identify the user from the user agent string and block that which seems to have worked. It took me a whole evening and most of today to identify the DDOS attacks which seemed to be a brute force attempt at gaining the forum and wordpress admin passwords. If any genuine user cannot access the site normally let me know as it *should* let genuine users through and block bots and spammers that submit an abnormally high number of page requests in a short space of time.

I do use cloudflare but only the basic plan. To stop these attacks altogether it would cost $200 USD per month. That's not something I'm obviously willing to spend. If the attack resumes by other means then I'll have to block again until threat can be identified.

As MBK_MBK said " I wouldn't even be surprised if attacks were received from China by someone (a bastard named Wang Kai); that Sryml and me already know him..." could it be him?

Re: Slow forum and spam posts

Posted: Sat Oct 26, 2019 5:15 pm
by Sryml
It may be Wang Kai, I am not sure. I am sorry that I don't know too much about cybersecurity, but China is a country with a large population. On the Internet, China seems to be accused of having the largest proportion of attack sources, and it is also the country with the largest proportion of attacks.
Helpless. . . :? :?

Always thank the people who guard this forum! :)

Re: Slow forum and spam posts

Posted: Sun Oct 27, 2019 9:56 pm
by Arokhs Twin
Well the attacks from China have resumed even worse than before. A Captcha is now enforced for the entire country so legitimate users can still access the site but automated spamming / brute force attacks cannot.

Re: Slow forum and spam posts

Posted: Tue Nov 05, 2019 5:59 pm
by Arokhs Twin
Russia and Ukraine added to list of spam countries due to recent spam registrations. Legitimate visitors should not be affected but you will see a brief browser check pop up when you first visit the site. This checks to see if the user is a real person or a spambot like Xrumer. You need to have Javascript enabled for this to work or it will fail and deny access.