[Strutz]

DrCaleb DrCaleb:

$1:

Content Encoding Error

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

Please contact the website owners to inform them of this problem.

I've seen that error message on and off for months now.

[DrCaleb]

Looks like we got another DOS attack yesterday. Every front page story for the first 5 pages has 500+ views.

[DrCaleb]

Looks like the script kiddie's tantrum is over. 3 days, and nothing of value is lost.

But I bet Trev's advertising revenue is through the roof! All those page impressions really help.

[Strutz]

Hey... we're back online. Only a couple of down days. Wonder what happened this time.

[herbie]

Couldn't login from the front page, had to reply to a post to login and stay logged in...

[DrCaleb]

Strutz Strutz:

Wonder what happened this time.

I've been seeing a trend with these incidents. Stories on the front page have over 60,000 views, and going up to 10 pages back. That isn't an accident.

The way CKA is customized, the front page and the forums are loosely tied. I think when you load the front page, you get a list of all the stories on it since the beginning of time.

All some low skilled attacker has to do is load the front page, then perform an operation to open all the story links they receive. Before the server has a chance to open the page, they ask again. And again. Suddenly the server is opening thousands of links, and the requester isn't caring about the reply. This overwhelms the server, and it can't keep up.

This is known as a 'denial of service' attack. Not very complex, and doesn't take much talent. It's easily countered, if you have access to the page logs to see which address is requesting these pages. Which we don't.

Another trend I see is that the attacks last a set amount of time. Almost exactly 3 days this time.

[DrCaleb]

herbie herbie:

Couldn't login from the front page, had to reply to a post to login and stay logged in...

I do not log on while the server is under attack, because it is not secured by encryption.

I use a randomly generated password anyhow, so there is little chance of it compromising any other, it's just the principal.

[Strutz]

DrCaleb DrCaleb:

Strutz Strutz:

Wonder what happened this time.

I've been seeing a trend with these incidents. Stories on the front page have over 60,000 views, and going up to 10 pages back. That isn't an accident.

The way CKA is customized, the front page and the forums are loosely tied. I think when you load the front page, you get a list of all the stories on it since the beginning of time.

All some low skilled attacker has to do is load the front page, then perform an operation to open all the story links they receive. Before the server has a chance to open the page, they ask again. And again. Suddenly the server is opening thousands of links, and the requester isn't caring about the reply. This overwhelms the server, and it can't keep up.

This is known as a 'denial of service' attack. Not very complex, and doesn't take much talent. It's easily countered, if you have access to the page logs to see which address is requesting these pages. Which we don't.

Another trend I see is that the attacks last a set amount of time. Almost exactly 3 days this time.

So... what you seem to be saying is that whoever is doing it is doing it intentionally. Am I correct?

[DrCaleb]

Strutz Strutz:

So... what you seem to be saying is that whoever is doing it is doing it intentionally. Am I correct?

I'd need to see the logs to verify, but I've seen things like this many times in my job. Denial of Service attacks are almost never accidental. You can't accidentally load every story on the site 65,000 times a day.

[DrCaleb]

https://www.eff.org/https-everywhere/se ... ur-browser


HTTPS:// only mode will soon follow. Since CKA and related sites don't use SSL encryption, they may become unavailable to HTTPS:// only browsers.

Some browsers, like Firefox, will still allow a downgrade to mixed mode, but not forever.

[Tricks]

What's the other forum again?

[bootlegga]

https://greatcanadian.forumotion.com/

[Scape]

Our plan B if Trev forgets to reboot the server.

[Strutz]

Is anyone else having issues today with the site? I'm finding threads are slow to load but I'm not finding this on other sites so I know it's not my connection or laptop issues.

[DrCaleb]

Oh goody! Another DDOs attack.

Ring the cash register some more!