May 4th, 2013, 04:52 AM
I want to apologize to everyone again for the downtime we have experienced over the past few weeks. I have had to have the server rebooted more often in the past two weeks than in a long, long time. Only this evening have I found time to add more IP addresses to our firewall to help fight the problem.
We run several types of Websites off this dedicated server: SF-Fandom (which includes both a Wordpress site and a VBulletin forum among other content), Xenite.Org, SEO Theory, and a few smaller sites.
On a daily basis, Chinese hackers (and a few occasional others) attempt to log directly into the server through FTP (File Transfer Protocol) and SSH (the Secure Shell environment). These login attempts form what is called a "Brute Force" and/or "Dictionary" attack. They use many different possible screen names and password combinations. Our server is hardened and even if they had the logins and passwords they would never be able to get in. Nonetheless, they are using software to probe our system for exploits and so they will never realize that we cannot be so easily broken into (yes, there are still vulnerabilities that might be exploited -- I don't want to invite trouble by claiming we have perfect defenses).
In addition to the Chinese hackers we are also plagued by two types of Web spam: forum profile spammers (who also use software to register many spam accounts) and blog comment spammers (who use software too).
We have blocked tens of thousands of IP addresses (mostly from eastern Europe and Asia) that are routinely used by these Web spammers to protect the forums from registration spam. Still, they find new IP addresses to exploit and every day we receive from 10 to several dozen new spam registrations that have to be manually reviewed and deleted before the new IP addresses can be added to the block list.
All of our blogs are protected by two anti-spam tools (Akismet and Stop Spammer Registrations). These tools blacklist known spammer emails and/or IP addresses. However, rejecting spammer comments and registrations does not prevent them from trying to connect to our server. Every now and then our server is simply overwhelmed by hundreds of concurrent attempts to connect.
These are not the only measures we take to protect the server but I won't discuss the other methods publicly.
I wanted to provide a thorough explanation, though, because this wave of attacks has been as wearying for me as I am sure it has been for many of you.
The spam registration attacks appear to be increasing due to frustration among Web spammers with recent crackdowns by Google against unethical linking practices. Despite the fact their links are no longer working as expected, the spammers keep hitting the same forums over and over again. And these attacks almost always presage or coincide with poor economic times. When the world economy goes bad more people turn to "Internet marketing" and the hope that passive income (advertising) will change their lives.
Unfortunately, the false promises of black hat link building practices are being sold by enough people that this problem will probably never go away.
That said, we have not been idle. Hardly a day goes by, even when I am ill, when I don't take some action somewhere on the server to fight the hackers and/or spammers. I know it's irritating to see the forums go offline so much but hopefully we'll get a break in the next few weeks as I catch up on blacklisting more exploited proxy servers and zombie computers (such as are used by the hackers and spammers).
We run several types of Websites off this dedicated server: SF-Fandom (which includes both a Wordpress site and a VBulletin forum among other content), Xenite.Org, SEO Theory, and a few smaller sites.
On a daily basis, Chinese hackers (and a few occasional others) attempt to log directly into the server through FTP (File Transfer Protocol) and SSH (the Secure Shell environment). These login attempts form what is called a "Brute Force" and/or "Dictionary" attack. They use many different possible screen names and password combinations. Our server is hardened and even if they had the logins and passwords they would never be able to get in. Nonetheless, they are using software to probe our system for exploits and so they will never realize that we cannot be so easily broken into (yes, there are still vulnerabilities that might be exploited -- I don't want to invite trouble by claiming we have perfect defenses).
In addition to the Chinese hackers we are also plagued by two types of Web spam: forum profile spammers (who also use software to register many spam accounts) and blog comment spammers (who use software too).
We have blocked tens of thousands of IP addresses (mostly from eastern Europe and Asia) that are routinely used by these Web spammers to protect the forums from registration spam. Still, they find new IP addresses to exploit and every day we receive from 10 to several dozen new spam registrations that have to be manually reviewed and deleted before the new IP addresses can be added to the block list.
All of our blogs are protected by two anti-spam tools (Akismet and Stop Spammer Registrations). These tools blacklist known spammer emails and/or IP addresses. However, rejecting spammer comments and registrations does not prevent them from trying to connect to our server. Every now and then our server is simply overwhelmed by hundreds of concurrent attempts to connect.
These are not the only measures we take to protect the server but I won't discuss the other methods publicly.
I wanted to provide a thorough explanation, though, because this wave of attacks has been as wearying for me as I am sure it has been for many of you.
The spam registration attacks appear to be increasing due to frustration among Web spammers with recent crackdowns by Google against unethical linking practices. Despite the fact their links are no longer working as expected, the spammers keep hitting the same forums over and over again. And these attacks almost always presage or coincide with poor economic times. When the world economy goes bad more people turn to "Internet marketing" and the hope that passive income (advertising) will change their lives.
Unfortunately, the false promises of black hat link building practices are being sold by enough people that this problem will probably never go away.
That said, we have not been idle. Hardly a day goes by, even when I am ill, when I don't take some action somewhere on the server to fight the hackers and/or spammers. I know it's irritating to see the forums go offline so much but hopefully we'll get a break in the next few weeks as I catch up on blacklisting more exploited proxy servers and zombie computers (such as are used by the hackers and spammers).