Saturday, December 24, 2016

Blocking the Attackers!

We are being hit by a number of different users but I do not know why. Our host "Register.ca" has blocked what appears to be the primary offenders that are arriving here from an IP address that is of the form:

46.229.*.*

I just checked on one, which first I had to learn how to do, and yes it is a blacklisted site:

http://whoisip.ovh/blacklist/46.229.168.74

A new file has now been placed on our server where we can add in the addresses that we want to restrict, but that means checking the logs on a daily basis, checking where they are coming from (why would also be nice but I have no idea how to do that - Peter?) and then blocking them. They then receive a "403 response" which means "access denied".

It would seem to me that the better alternative is to only allow certain IP addresses but that is another question for another day.

For now, we will have to BLOCK anything that looks suspicious and that might mean blocking a valid member if they are in that block. If that happens you will have to send me a message so we can investigate. Of course that means that I hope that you have read this post so you know to do that! I will copy this over to the BLOG that we use to notify members of issues:

http://cefresearch.blogspot.ca

Make sure you BOOKMARK that site so you know to go there whenever there is a problem.

I must now go and check the logs (they are massive lists!) and see who has been attacking the site.

It appears this has to be done for the phpBB3 forum as well as the wiki site.

Richard

Please note that I know nothing about this so I am "learning on the fly". This could be the start of a major shift as to how we operated this forum as volunteers. These attacks cost us BIG $$ as we are billed for all the OVERAGE so this is not just a case of an inconvenience.

The daily logs have to be checked and they are HUGE as they record everyone that came to the site:


Then you have to check if they are bad, or just block them anyway if they look suspicious:



Then you have to put in the block. I am working on that aspect!

Friday, December 23, 2016

POSTED TO FORUM 1710 EST

PostPosted: Fri Dec 23, 2016 5:11 pm     Post subject: IMPORTANT NOTICE December 23, 2016 - OUTAGES
We have been under an outside attack and so unfortunately we had to shut down the site while our host was working quickly in the background to block the access. That may now be fixed but we are watching events very closely, as the attacks drive up the COMPUTE CYCLES and is a COSTLY problem.

MOST IMPORTANT - remember that any time the site is down that we post the announcements here:

http://cefresearch.blogspot.ca

Please BOOKMARK that site and keep it for future reference. If there are any additional problems over the next few hours or days I will post the notices to that site. I can NOT post notices here if we have locked the site.

I have left the WIKI site closed for the current time as I noticed a large influx of information into that site and I have not had an opportunity to find out why. Our host believes it was a surge on the FORUM and not the WIKI.

Richard

CRITICAL MESSAGE December 23, 2016

The CEFSG Forum is temporarily closed while our host at Register.ca tries to find out what is happening.

Our fee to run this site is based on the storage we use, bandwidth and compute cycles. Something has gone terribly wrong with the COMPUTE CYCLES. They have suggested it could be:

  1. An advertising campaign we are running.
  2. A malicious attack.
At the moment I am heading off to run a BACKUP of the Forum and wait to see what they can find out. There is nothing different that I know of, other than considerably more GUESTS but they have READ ONLY privileges.

Stay tuned ... and I hope everyone remembered to come to this blog if there was ever an issue!

Richard