Jump to content
Remy Lebeau

Forum running slow

By Remy Lebeau, in Community Management

Recommended Posts

shineworld    89

shineworld
Posted (edited)

Could be the server is below DDoS...
Many forums are in same state, also our:
image.thumb.png.d9d96debcb66022e5bedd38472c4e10b.png

 

In my case, massive guest access to the pages, till 150000 for day, continuously increases the session table and session keys in the server database,

which slows down more and more every day, paralyzing the forum.

 

At the moment, the only solution I have is to periodically clean up the two tables, but this also disconnects all connected users...

 

I hope this is not the problem in this forum.

Edited by shineworld

Share this post

Link to post

Tommi Prami    159

Tommi Prami
Posted (edited)

Slowness seems to be ralated to time of day. Maybe.

Some time ago it was very slow, now just slow...

Adn very slow again, atleast  posting new message and editing existing is very slow,

Edited by Tommi Prami
More info

Share this post

Link to post

Lars Fosdal    1961

Lars Fosdal
Posted

According to @TBx, the attack appears to be vectored towards DOSing the Apache server, more than it is about the forum software.

  • Like 1

Share this post

Link to post

Angus Robertson    696

Angus Robertson
Posted

48,000 guests active over the past 24 hours is similar to a long term attack on one of my web sites. 

 

A Chinese hacker changed tactics over the months, from two IP addresses in Hong Kong, to VPNs around the world and currently a worldwide botnet that reached over one million IP addresses a week at the peak in July, now down to 30,000 a week, most from South America and the Far East, but over 100 different counties.  More detail at 

 

This was to an ICS web server, and I contained the problem by adding geographic blocking using IP addresses and ASN checking, so requests are terminated before being connected.  

 

Angus

 

Share this post

Link to post

FPiette    394

FPiette
Posted

It is still very slow for me. I'm in Belgium if it matters.

Share this post

Link to post

DelphiUdIT    271

DelphiUdIT
Posted

It's been slow for me since yesterday morning, with timeout as well.

Share this post

Link to post

DelphiUdIT    271

DelphiUdIT
Posted
21 minutes ago, chmichael said:

Somebody block those AI IPs

We'll have to get used to it... it's the "price" we pay for those who want increasingly efficient and high-performance AI.
... the problem is that we all pay this "price"...

Share this post

Link to post

salvadordf    40

salvadordf
Posted

Check the user agents too. Sometimes those bots are so badly written that they identify as outdated browsers.

Share this post

Link to post

Angus Robertson    696

Angus Robertson
Posted

My experience of monitoring attacks is checking ASNs can be very productive, since attacks often come from multiple countries but the same or similar ASNs, ie the same cloud hosting businesses. 

 

ICS now has geo databases that get both country and ASN for IP addresses, which are reported in the server logs.  Not all my servers have public domains, but still get scanned by IP address for exploits in popular web management systems like WordPress.  The scanning IPs are often consecutive IPs from large hosting companies in multiple countries, like 1,000 Google IPs.  So my servers now reject traffic from a small list of mostly Chinese related ASNs, although not Google, yet. 

 

Angus

 

Share this post

Link to post

FPiette    394

FPiette
Posted
3 hours ago, DelphiUdIT said:

Today seems that no lantency is present. Good news.

Same here: normal response time.

Share this post

Link to post

corneliusdavid    277

corneliusdavid
Posted

It had gotten to the point where I wasn't reading this forum much because there was a 3-5 second delay between each link click. Now, it's back to being fast, so it's usable once again! :classic_smile:

  • Like 2

Share this post

Link to post

Anders Melander    2137

Anders Melander
Posted
11 hours ago, Lars Fosdal said:

It is not as simple as blocking a handful of IP adresses. 

Has Cloudflare been considered or even tried? Maybe @TBx knows?

Share this post

Link to post

Vincent Parrett    914

Vincent Parrett
Posted

Cloudflare would be good idea, however the forum owner would need to pay for the Pro plan as the free plan doesn't allow enough WAF rules needed to get forums working correctly. It's also not simple to configure for dynamic sites like forums, lots of trial and error unless someone has already documented it.

Share this post

Link to post

Anders Melander    2137

Anders Melander
Posted
10 hours ago, Vincent Parrett said:

the free plan doesn't allow enough WAF rules needed to get forums working correctly.

I see. I assumed that the free plan would be usable but I guess not.

Share this post

Link to post

DelphiUdIT    271

DelphiUdIT
Posted
2 hours ago, Lars Fosdal said:

The question then is who will fund $240/year for the sites. 

The community has given me so much and continues to give (and not just to me, I think), and to support it I can easily pay a fee if necessary.

Share this post

Link to post

Gord P    20

Gord P
Posted
7 hours ago, DelphiUdIT said:

The community has given me so much and continues to give (and not just to me, I think), and to support it I can easily pay a fee if necessary.

I am sure there would be more than a few people willing to chip in (spread the load around).  Maybe it is more hassle than it is worth to have a donate button or something though.

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Community Management
×