Regarding the April 2013 Server Downtime
#1
I want to apologize to everyone again for the downtime we have experienced over the past few weeks. I have had to have the server rebooted more often in the past two weeks than in a long, long time. Only this evening have I found time to add more IP addresses to our firewall to help fight the problem.

We run several types of Websites off this dedicated server: SF-Fandom (which includes both a Wordpress site and a VBulletin forum among other content), Xenite.Org, SEO Theory, and a few smaller sites.

On a daily basis, Chinese hackers (and a few occasional others) attempt to log directly into the server through FTP (File Transfer Protocol) and SSH (the Secure Shell environment). These login attempts form what is called a "Brute Force" and/or "Dictionary" attack. They use many different possible screen names and password combinations. Our server is hardened and even if they had the logins and passwords they would never be able to get in. Nonetheless, they are using software to probe our system for exploits and so they will never realize that we cannot be so easily broken into (yes, there are still vulnerabilities that might be exploited -- I don't want to invite trouble by claiming we have perfect defenses).

In addition to the Chinese hackers we are also plagued by two types of Web spam: forum profile spammers (who also use software to register many spam accounts) and blog comment spammers (who use software too).

We have blocked tens of thousands of IP addresses (mostly from eastern Europe and Asia) that are routinely used by these Web spammers to protect the forums from registration spam. Still, they find new IP addresses to exploit and every day we receive from 10 to several dozen new spam registrations that have to be manually reviewed and deleted before the new IP addresses can be added to the block list.

All of our blogs are protected by two anti-spam tools (Akismet and Stop Spammer Registrations). These tools blacklist known spammer emails and/or IP addresses. However, rejecting spammer comments and registrations does not prevent them from trying to connect to our server. Every now and then our server is simply overwhelmed by hundreds of concurrent attempts to connect.

These are not the only measures we take to protect the server but I won't discuss the other methods publicly.

I wanted to provide a thorough explanation, though, because this wave of attacks has been as wearying for me as I am sure it has been for many of you.

The spam registration attacks appear to be increasing due to frustration among Web spammers with recent crackdowns by Google against unethical linking practices. Despite the fact their links are no longer working as expected, the spammers keep hitting the same forums over and over again. And these attacks almost always presage or coincide with poor economic times. When the world economy goes bad more people turn to "Internet marketing" and the hope that passive income (advertising) will change their lives.

Unfortunately, the false promises of black hat link building practices are being sold by enough people that this problem will probably never go away.

That said, we have not been idle. Hardly a day goes by, even when I am ill, when I don't take some action somewhere on the server to fight the hackers and/or spammers. I know it's irritating to see the forums go offline so much but hopefully we'll get a break in the next few weeks as I catch up on blacklisting more exploited proxy servers and zombie computers (such as are used by the hackers and spammers).
Reply

MYCode Guide

Possibly Related Threads...
Thread Author Replies Views Last Post
  April 2021 Advertising Experiment Michael 0 125 April 3rd, 2021, 03:55 PM
Last Post: Michael
  Server Performance Issues Michael 0 592 September 25th, 2014, 01:37 AM
Last Post: Michael
  September 14, 2013 Server Downtime = Chinese hackers BoardAdmin 5 916 October 21st, 2013, 09:10 AM
Last Post: Nightspore
  Apology for August 29, 2013 Server Outages BoardAdmin 0 518 August 30th, 2013, 01:20 AM
Last Post: BoardAdmin
  January 2013 IP Address Changes Michael 1 718 February 12th, 2013, 12:13 PM
Last Post: Michael
  About the Server Outages BoardAdmin 2 777 January 14th, 2013, 01:05 PM
Last Post: Michael
  PLEASE READ: Chinese Hackers Continually Attacking Our Server Michael 0 758 September 9th, 2012, 01:45 AM
Last Post: Michael
  Forum downtime BoardAdmin 1 784 September 7th, 2012, 04:42 AM
Last Post: Michael
  HEADS UP - Planning Regular Server Outages Michael 0 673 June 26th, 2012, 03:25 PM
Last Post: Michael
  March 3-4 weekend server outages Michael 0 668 March 5th, 2012, 01:23 PM
Last Post: Michael

Forum Jump: