Did Eileen's Lounge Experience a DOS Attack Yesterday?

User avatar
BobH
UraniumLounger
Posts: 9534
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by BobH »

I know that someone else mentioned having problems logging in a few days ago. I was unable to log in all day yesterday.

I'd like to know if the problem was mine alone or affected all EL users.
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

(Moved from Scuttlebutt to Lounge Matters)

We did experience prolonged problems starting on the 1st of September. We're not 100% certain, but it was probably caused by large numbers of bots trying to access the Lounge and to log in.
Things are more or less back to normal, although the Lounge still appears to respond a bit slower than usual to me.
Best wishes,
Hans

User avatar
Skitterbug
BronzeLounger
Posts: 1296
Joined: 24 Jan 2010, 12:14
Location: Sitting in my computer chair!

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by Skitterbug »

Hi HansV,

I'm sure glad to be able to access Eileen's Lounge finally. I hope those "bots" were swatted soundly! It was frustrating running into log in problems, so I decided to wait for a few days before trying again.
Finally..... it is nice to be home again! Thanks for mending the glitches! :smile:
Skitterbug :coffeetime:
A cup of coffee shared with a friend is happiness tasted and time well spent.

User avatar
RonH
SilverLounger
Posts: 2182
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by RonH »

Early start today when I noticed that most of the users online were bots. I don't know whether one can block bots :scratch:
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

The ones listed as Bots are relatively harmless. The ones that do not identify themselves as bots and that do not follow the rules for bots are the problem.
Best wishes,
Hans

User avatar
John Gray
PlatinumLounger
Posts: 5500
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by John Gray »

The Lounge is suffering from botulism...! :fanfare:
John Gray

"Tigers are the ones who look like an orange barcode with teeth." - Philomena Cunk​​

User avatar
BobH
UraniumLounger
Posts: 9534
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by BobH »

Skitterbug, I too am glad to the home again.
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

William
StarLounger
Posts: 81
Joined: 08 Feb 2010, 21:48
Location: Wellington, New Zealand

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by William »

Fear not, good folk from the north. Some of us are used to having only bots for company here in the lounge. They seem to be friendly critters most of the time.

whosonfirst.png
You do not have the required permissions to view the files attached to this post.

User avatar
stuck
Panoramic Lounger
Posts: 8434
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by stuck »

William wrote:
06 Sep 2024, 03:13
...They seem to be friendly critters most of the time...
but as Hans pointed out it's not the 10 bots that identified as bots in the screenshot that caused the problems, it's the bots that are amongst the '55 guests' in your screenshot that caused the server overload.

Ken

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

Indeed - the 'registered' bots make themselves known as such, and adhere to the rules for bots, for example limiting the number of pages they scan per hour. But the majority of guests visiting us are anonymous bots that sometimes submit many page requests per second, from many different IP addresses.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2182
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by RonH »

Are there 'ways' to block bots or is this another sign of a complex future...
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
Leif
Administrator
Posts: 7282
Joined: 15 Jan 2010, 22:52
Location: Middle of England

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by Leif »

Blocking ranges of IP addresses does help, it can just be a bit difficult to log in and actually see who is online sometimes!
(Admins can see the IP addresses of everyone online.)
Leif

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16212
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by ChrisGreaves »

Leif wrote:
06 Sep 2024, 09:05
Blocking ranges of IP addresses does help, it can just be a bit difficult to log in and actually see who is online sometimes!
Hi Leif et al.
I am interested in the logic of this problem. It seems to me to be like my telephone spam calls: I lead a solo life here in the 709-area code and anticipate unsolicited calls from nowhere else in the world: people email me for the rare event of arranging to speak by phone from Tooronto, Australia, France etc.(1) To that end I have been looking for a blocker that allows ONLY 709-area codes to ruing my phone; anyone else can leave a message and I'll call them back.

phpBBS and allied software is different, I grant, but supposing that a front-end filter permitted recognition of:-
(a) All properly configured bots and
(b) All registered users
then would/what would be shut out?
(c) New users hoping to register
(d) New users hoping to lurk/browse to see what we are made of
(e) The illegal bots which cause problems?

I think that identifying illegal/unwanted entities is a critical part of the solution, and so subtracting legal entities from the mix leaves us with the remainder - that is, illegal entities.

You (all) are aware that I know nothing about running a phpBBS, but my mind runs along with "legal new users would accept a Captcha-like delay to verify that they are human".

Thanks; I don't need a detailed description of what the front-end data looks like, and having just checked a list of Administrators i see that you are all brighter than me, so I reason that you-all have probably kicked this idea around a bit.

I'm basing my logic on the idea that you/we don't have a problem with Registered Users logging in, so they are not part of the problem. What's left?

Thanks again, Chris
(1)One of the rare advantages of being 1.5+ hours out of step with the rest of North America and being not-quite-twelve hours away from The Eastern States of Australia. C
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

We do use a captcha for registering new users. This works well for preventing bots from registering a normal user (who can post).
But anyone with a browser can visit eileenslounge.com, and malicious/careless bots can do that thousands of times in quick succession.
Best wishes,
Hans

User avatar
stuck
Panoramic Lounger
Posts: 8434
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by stuck »

Presumably such bots can also collect user names, since they are public, and then try to login as a user by bombarding the login page with multiple attempts at the password?

If so, does phpBB have an option to require users to login using the email address they registered with? Since that isn't public.

Ken

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

No, but you get locked out after 3 failed attempts.
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16212
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by ChrisGreaves »

HansV wrote:
06 Sep 2024, 11:20
We do use a captcha for registering new users. This works well for preventing bots from registering a normal user (who can post).
Thank you Hans.
A bot that could register could then ferret out any data that I as a registered user could ferret out, but could do so much faster per hour, and do it 24/7, correct?
But anyone with a browser can visit eileenslounge.com, and malicious/careless bots can do that thousands of times in quick succession.
Such a bot could be written in VBA using free software if any registered user was as evil as I sometimes pretend to be, correct?

That is, the only difference between a malicious bot and a malicious registered user operating a bot is that registration. Correct?

If chrisgreaves decided to scour Eileen's Lounge, and phpBB detected rapid-fire data access, phpBB might then suppose that
Either chrisgreaves (or a registered user logged on) was guilty
Or one of the un-identified bots was guilty.
Correct?

Thanks again, Chris
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16212
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by ChrisGreaves »

HansV wrote:
06 Sep 2024, 13:50
stuck wrote:
06 Sep 2024, 13:27
... by bombarding the login page with multiple attempts at the password?
No, but you get locked out after 3 failed attempts.
But this 3-attempt lockout can not affect the malicious bots, Correct?
Thanks, Chris
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
Skitterbug
BronzeLounger
Posts: 1296
Joined: 24 Jan 2010, 12:14
Location: Sitting in my computer chair!

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by Skitterbug »

HansV wrote:
06 Sep 2024, 13:50
No, but you get locked out after 3 failed attempts.
So if somehow someone decided to try and log in as "me" and can't after three tries, I am guessing that the "real me" is now locked out? How do I ever get to return "home" again??? :scratch:
Skitterbug :coffeetime:
A cup of coffee shared with a friend is happiness tasted and time well spent.

User avatar
HansV
Administrator
Posts: 79444
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Did Eileen's Lounge Experience a DOS Attack Yesterday?

Post by HansV »

@Skitterbug: When you are locked out, you have to request a reactivation email. You then have to provide the email address you used to register with. If this matches the email address in our database, a message will be sent to that address.
Best wishes,
Hans