DDOS’ed

By Shamus Posted Sunday Aug 19, 2018

Filed under: Notices 33 comments

Last night I uploaded some updates to the site theme. A little while later, the site went down. On the control panel I could see my CPU and process usage were both pegged at 100%. I naturally assumed the outage was related to the changes I’d just made. I spent hours fussing with things, trying to figure out what I’d done wrong. I finally reverted everything and discovered that the problem persisted.

I reached out to support and they determined I was experiencing a DDOS attack, and the site update was unrelated. Lots of unrelated IP addresses from around the world were all hammering away at the WordPress login script, probably trying to brute-force using common passwords. It’s a hopeless effort on their part. My blog password is in excess of 128 bits, which means the sun will burn out before this botnet cracks it. Still, they managed to overwhelm the site and take it down. So I guess technically this wasn’t really a DDOS. It was a hack attempt that accidentally became a DDOS due to my site being a little undermatched for this particular botnet.

I’m reasonably sure this DDOS isn’t the first. You might remember my adventures with 1 & 1 Hosting. What I think was happening is I was getting slammed with this same botnet. Instead of notifying me or investigating, 1 & 1 just took my site down until the bots gave up and left.

I’m experimenting with a cloud service to distribute the load. This is supposedly a really good defense against these sorts of things. I don’t know. I guess we’ll see if / when this happens again.

 


From The Archives:
 

33 thoughts on “DDOS’ed

    1. Arkady English says:

      I read you loud and clear.

  1. Milo Christiansen says:

    Cloud service? What, like Cloud Flare or another CDN?

    Also, the little “I’m not a spammer” checkbox seems to be gone.

    1. Shamus says:

      That’s the one.

      1. Milo Christiansen says:

        I have heard good things about Cloud Flare, as long as it isn’t too expensive for a small site like this it should at least help. I hear their DDOS protection is unmatched.

      2. Will says:

        If you do use Cloudflare, it’s polite to unblock Tor users from constantly having to go through an onerous validation process. Tor’s not a very credible avenue for DDoS attacks, since the total network bandwidth is fairly limited.

  2. Daemian Lucifer says:

    Ah,so thats why the site was down.Also why the forums are still down.

    By the way,is the background supposed to be split in half like this,with the left side having pixel art and the right side having pure blackness?

    1. Shamus says:

      We’re back on the old theme. What you’re seeing now is how it’s been for months, minus the search and twitter boxes at the top. (Just noticed they went missing.) Colors and background images are unchanged.

      It’s a shame. I have 31 different images for the background, one for every day of the month. Nobody ever notices.

      1. Milo Christiansen says:

        I noticed. Not that they are different per day, but that they change.

        The background images are one of the fun little things that make this site cool. Well… The writing may also have something to do with it.

      2. Narkis says:

        So it’s really supposed to have the image only on the left side? I don’t remember it being like that.

        Screenshot for reference:
        https://imgur.com/a/d12ajdd

        1. Fizban says:

          I also was seeing the background over the full width.

      3. Daemian Lucifer says:

        I noticed them,I just didnt comment.

      4. I notice them. Very nostalgic/retro.

        Any chance you could make’em span the width of the browser window (and keep the aspect ratio obviously)? I kinda agree that the wast blackness on the rightside is kinda, bland.. Right now I see 5 retro bees in a line at the top, they stop about halfway across the width.

        If you add the following to the body where you specify the (currently) galaga bg:
        ***CSS code start***
        background-size: 100%;
        ***CSS code end***
        That should keep the aspect but fill the browser width.

        Edit: Also, anyone whom have a window less wide than 800 pixels looses the background due to some responsive CSS code (haven’t checked if it’s tied to vertical vs horizontal aspect ratio.

        I wonder the size set to 100, and the article bg and comment bgs set to partly transparent, maybe by using rgba() for the colors rather than rgb() or hex you could let the bg image shine through some?

        1. I wonder if with the bg image size set to 100%, and the article bg and comment bgs set to partly transparent, maybe by using rgba() for the colors rather than rgb() or hex you could let the bg image shine through some? No idea of the opacity level though. A value of 0.5 in rgba() equals 50% opacity, and 0.95 would be 95% opacity (or 5% transparency if you prefer to call it that).

        2. tsc says:

          Seconding this suggestion.

      5. BlueHorus says:

        I did notice they changed; as in every time I bothered to look they were different. But nothing more than that.

        …not sure if that helps.

      6. Philadelphus says:

        I know it sounds lame to say I noticed after you pointed it out, but…I did notice. I remember when you first implemented and mentioned it, even.

      7. Raglan says:

        I read pretty much always on mobile. It always scales the post so its the right width. Doesn’t really show a background image. I do remember the dice one from a while back when i used to read on browser

        Which makes me realise how weird it is i still read this blog seeing as how i basically never use a pc these days those prices have gone though the roof, used to be able to get something a little behind the curve but able to run most games at around £400, when my computer broke earlier in the year and i looked to buy something new its now in the £600-£700 range. Well outside my budget. Consoles it is i guess…

      8. Amstrad says:

        Yet another person chiming in to say I notice and enjoy the rotating sidebar of background images. In fact I think your site is the only one I’ve ever visited that does this sort of thing and I really like it.

  3. I guess you should feel honored that the site is valuable to DDoS. Not sure what they’d gain though from hacking it.

    Also, Cloudflare’s free offering should do fine. You’d need to make WordPress spit out static pages should be a plugin for that, possibly with Cloudflare support/features even (like support for headers passed to Cloudflare).

    Comments might be a issue though (but surely there is a plugin for that too), worst case scenario is comments may be down but the article is readable/available for visitors (in the event another DDoS occurs while using Cloudflare).

    Technically you could make the comments static too for visitors, but the free Cloudflare tier has a 2 hour TTL refresh. This may not be an issue though as article comments are “slow”, the forum would be more suited for faster/longer discussions.

    Also, have you considered a Discord server (free) for fast discussions/chat? You could have 3 rooms (channels) one for general public/visitors, one for patreons/donators, and one for collaborators.

    1. Sleeping Dragon says:

      I’m going to assume it’s a semi-random attack. I doubt they want anything from the site specifically (well, if there was some kind of email list or something that’s further exploitable that would probably be a bonus) but the site is in that sweet spot where they can hope that it isn’t big enough to have serious protection but it has enough readership that if they broke through (and hey, there’s always a chance someone left some kind of admin/admin entryway) they could at least replace or taint the front page with something malicious and infect a bunch of visitors. Some percentage of those do not do regular cleanups of their machines and sites are usually wary of telling people “hey, we’ve been hacked and you might have been infected” (and even then a lot of people will ignore the memo), thus the botnet spreads.

      1. silver Harloe says:

        Yes. No doubt they just spider, or google, for wordpress sites.

    2. ElementalAlchemist says:

      Not sure what they’d gain though from hacking it.

      Another bot to add to the net.

      Content Management Systems like WordPress tend to be soft targets, as they are riddled with security issues and users are typically slow to patch (and generally not very tech savvy, part of why they use a pre-packaged CMS).

    3. Zak McKracken says:

      Discord: I don’t quite understand what the appeal of Discord is on the operator side. But as a user, I very very much dislike it.

      You have to either read the comments in chronological order, without having a clear idea who’s responding to whom, or you need to click once for each reply you want to see in context, but then you still see them all again when you scroll down to look at the other comments … it’s the worst of both worlds. I like the current comment system here much better than Discord.
      That’s not to say it couldn’t be improved. A button to expand/collapse (sub-)threads would be welcome, for example.

      1. Scerro says:

        Discord isn’t for long form discussion. It’s for real-time communication and conversations. Think of it like an updated IRC with voice chat. If you miss the conversation, then you just miss it. Forums are for longer term discussion.

        From this user’s perspective, Discord is amazing. You don’t have to blindly click every link, joining a new server is a painless 30 second process, you don’t have to download anything, and generally it just works. Voice quality is decent across the board.

        From a Discord operator’s perspective, you don’t have to worry about DDOS, generally it gives you lots of control, it’s free, you don’t pay licensing. However, the network is out of your control and you don’t have control over its uptime. Discord is actively being developed and not a awful piece of junk that Ventrilo is, and it cleans up all the hassle that TS3 carries with it.

  4. Grimwear says:

    That’s what happens when you give GTA 4 a score of 52/100! The people demand justice!

    /s

    1. Daemian Lucifer says:

      Nice callback

    2. Redrock says:

      Sigh, I was going to post that very same joke, but the blog just wouldn’t let me post a comment for a while.

  5. CJK says:

    So, this isn’t the “new theme” post anymore, but I saved the comment I wrote for it and I’m going to post it anyway.

    The screen-width thing isn’t as big a problem as you’d think. Mobile browsers lie about how wide they are – they report the pixel dimensions they would have at a DPI similar to a PC monitor, and a ratio of how many real pixels will be used to draw each “pixel” you specify in CSS (the device-pixel-ratio)

    The upshot is that mobile browsers tend to report that they’re about 320-360px wide in portrait and about 480-640px wide in landscape, regardless of their actual screen resolution.

    You can use the device-pixel-ratio to detect this and adjust your styling (permitting true one pixel borders, that kind of thing) or serve appropriate resolution images.

    1. default_ex says:

      A problem with that. The device pixel ratio on Android is set from a config file (build.conf I think). It doesn’t represent the actual screen, just the virtual size of the canvas used for the full screen frame buffer. You can also virtualize an app into a larger frame buffer to increase the canvas size (and in turn pixel ratio) on a per-app basis.

      Honestly I think the only way you’ll get the actual screen size for anything like say Mobile Firefox that brings it’s own renderer. Is probably going to be to create an OpenGL context and read the hardware caps.

    2. Decius says:

      The issue is that some things (like text) need minutes of arc from the eye of the user to be usable, and other things (like images) need pixels.
      Badly scaled text makes the site unusable, while badly scaled images merely look bad, so scaling text is higher priority.

  6. Wiseman says:

    I haven’t noticed any changes in the website besides the background.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply

Your email address will not be published.