Jump to content

The SFN Server needs help

iNow

By iNow
in Suggestions, Comments and Support

 Share

Recommended Posts

iNow

iNow

Posted
  • Author
Posted

The problem is back, and it's REALLY bad again. It took me nearly 10 minutes (yes, minutes... not seconds) just to navigate to this thread and make this post. I'm about to submit this post and suspect it will take another minute or two to complete the transaction.

Link to comment
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Cap'n Refsmmat
Cap'n Refsmmat

I presume you're talking about Slowloris. We're much less vulnerable to it because we use lighttpd, which doesn't mind having loads of concurrent connections.   As for the slowness, it may be the sa

Cap'n Refsmmat
Cap'n Refsmmat

dave and I are supposed to have server responsibilities but neither of us has much time lately.   dave made some changes to the MySQL configuration recently, thinking he could tune its memory use. I

John Cuthber
John Cuthber

Logically, all the anti darwinian ddos attacks would have died out with the first anti malware package. They couldn't accept that they needed to change in response to a new environment.

Posted Images

hypervalent_iodine

hypervalent_iodine

Posted
Posted

The problem is back, and it's REALLY bad again. It took me nearly 10 minutes (yes, minutes... not seconds) just to navigate to this thread and make this post. I'm about to submit this post and suspect it will take another minute or two to complete the transaction.

I brought this up in the staff thread we have going a few days ago. Word on the street is that load time is slowly creeping back up, but it's especially bad at this time of the morning (US time) while the servers are doing their daily back up.

 

Edit: At last check I think Cap'n was going to look into it when he had a spare moment. Apparently grad school is time consuming. Psht.

Link to comment
Share on other sites
EdEarl

EdEarl

Posted
Posted

The problem is back, and it's REALLY bad again. It took me nearly 10 minutes (yes, minutes... not seconds) just to navigate to this thread and make this post. I'm about to submit this post and suspect it will take another minute or two to complete the transaction.

I am finding response times variable for the past few days. Sometimes response is fast and sometimes very slow as iNow said.

Link to comment
Share on other sites
DevilSolution

DevilSolution

Posted
Posted

Just so your aware, ddos isnt the only way to bring a site down, if you edit your packet you can request a callback from the server but extend the time to like 500ms and delete the return to sender ip, if you spam enough of those kinds of packets the server will hold onto them for the full half a second and then throw them out. Basically clogging up your server with long requests rather than instant you dont need a botnet to grind a server down.

 

You can fine tune this in the config files on the server though, i only know the theoretical side of this type of attack.

 

Regards.

 

(i think the packets are udp, if this helps)

Link to comment
Share on other sites
Unity+

Unity+

Posted
Posted

Just so your aware, ddos isnt the only way to bring a site down, if you edit your packet you can request a callback from the server but extend the time to like 500ms and delete the return to sender ip, if you spam enough of those kinds of packets the server will hold onto them for the full half a second and then throw them out. Basically clogging up your server with long requests rather than instant you dont need a botnet to grind a server down.

 

You can fine tune this in the config files on the server though, i only know the theoretical side of this type of attack.

 

Regards.

 

(i think the packets are udp, if this helps)

I know that, but most of the time it is a DDOS attack. I deal with them all the time when running Minecraft servers.

Link to comment
Share on other sites
iNow

iNow

Posted
  • Author
Posted (edited)

While I'm sure he appreciates the attempts to help by speculating with ideas, Cap'n is more than capable of helping with this on his own. The risk is that he's not around. He's the single point of failure, the bottleneck in improving the situation, and there really isn't anyone else on the site staff who's able to back him up when he's otherwise occupied with his studies. Until he comes back to help, we're all just going to have to suffer through this for a while, IMO.

 

 

EDIT: I recognize that blike can back him up, too, but he's not around either so...

Edited by iNow
Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

Just so your aware, ddos isnt the only way to bring a site down, if you edit your packet you can request a callback from the server but extend the time to like 500ms and delete the return to sender ip, if you spam enough of those kinds of packets the server will hold onto them for the full half a second and then throw them out. Basically clogging up your server with long requests rather than instant you dont need a botnet to grind a server down.

 

You can fine tune this in the config files on the server though, i only know the theoretical side of this type of attack.

 

Regards.

 

(i think the packets are udp, if this helps)

I presume you're talking about Slowloris. We're much less vulnerable to it because we use lighttpd, which doesn't mind having loads of concurrent connections.

 

As for the slowness, it may be the same problem as last time -- another website running on the server has a database table which has grown excessively large, and it tries querying it regularly, slowing the server to a crawl as it sorts through a couple million rows to find the right one.

 

We'll try to fix this and hopefully implement a permanent solution.

2
Link to comment
Share on other sites
Unity+

Unity+

Posted
Posted (edited)

I presume you're talking about Slowloris. We're much less vulnerable to it because we use lighttpd, which doesn't mind having loads of concurrent connections.

 

As for the slowness, it may be the same problem as last time -- another website running on the server has a database table which has grown excessively large, and it tries querying it regularly, slowing the server to a crawl as it sorts through a couple million rows to find the right one.

 

We'll try to fix this and hopefully implement a permanent solution.

 

 

While I'm sure he appreciates the attempts to help by speculating with ideas

 

 

Is this server trouble due to just the server lagging

Well, I was at least partially right. smile.png

 

EDIT: This is presuming that he is also right about what is wrong with the server.

Edited by Unity+
Link to comment
Share on other sites
DevilSolution

DevilSolution

Posted
Posted

I know that, but most of the time it is a DDOS attack. I deal with them all the time when running Minecraft servers.

 

You can draw a map of the requests you receive. ICMP are common but page requests, when not dealt with sufficeintly, can single handedly bring down a server. I'm only offering another suggestion to check.

Link to comment
Share on other sites
Unity+

Unity+

Posted
Posted

 

You can draw a map of the requests you receive. ICMP are common but page requests, when not dealt with sufficeintly, can single handedly bring down a server. I'm only offering another suggestion to check.

I know, I am just saying that most of the time it is a DDOS attack, but there are other possibilities.

How does the server feel now?

It seems to running faster now. Thanks.

Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

I've never seen a DDoS on SFN, though I have seen a couple unintentional DoSes from poorly coded bots that hammered the server with multiple requests per second until I had it drop their packets.

 

It's pretty easy to tell if there's a DDoS -- I have graphs of all traffic that goes across the network interface.

Link to comment
Share on other sites
studiot

studiot

Posted
Posted

I can tell you that between 0811 to 0817 GMT (London time) every morning SF is offline in my neck of the woods.

 

If I have made my tea before 0811 then it starts and suddenly freezez at 0811 and comes back on after I've had breakfast at around 0840.

 

On Wednesday this week it was offline for about one and a half hours at that time.

Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

I can tell you that between 0811 to 0817 GMT (London time) every morning SF is offline in my neck of the woods.

 

If I have made my tea before 0811 then it starts and suddenly freezez at 0811 and comes back on after I've had breakfast at around 0840.

 

On Wednesday this week it was offline for about one and a half hours at that time.

That's probably when the system is saving database backups. We tried to pick the time with the fewest visitors, but a few people are bound to suffer through it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.