Forums General Discussions Site outage

Viewing 21 posts - 1 through 21 (of 21 total)
  • Author
    Posts
  • #2485
    Saver0
    Moderator

      Hi guys,

      This morning there was a spike in server load and the host had to take the site offline. Not sure exactly what caused this high load because I don’t see a traffic spike. Perhaps an attack.. I will keep an eye and see what’s up. Just want to let you guys know that everything is back to normal and the load looks fine.

      Thank you!

      —–
      I will delete this thread in a few hours. Just want to make sure everyone is aware :-)

      Focus, Patience, Determination & Order in chaos

      #2486
      MTH2014
      Participant

        Thank You My Brother Saver0,   maybe DDOS Attack..  and if this happened again in the future, that confirm one thing , they worry with Spartan Penguin.. Yay…!!!

        Best Regards

        MTH

         

        Intuition, Experiences and Common sense..
        http://www.binaryoptionsedge.com/

        #2488
        Saver0
        Moderator

          Yup, if it happens again, I will put in place a DDOS firewall and that should take care of it.

          Focus, Patience, Determination & Order in chaos

          #2489
          Saver0
          Moderator

            Actually I think I found the culprit.

            
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Frahatlukum%2Factivity%2Fgroups%2F HTTP/1.1" 200 5363 "http://penguintraders.com/members/rahatlukum/activity/groups/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:26.0) Gecko/20100101 Firefox/26.0"
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /activity/p/251/ HTTP/1.1" 302 - "http://penguintraders.com/members/rahatlukum/?acpage=2" "Mozilla/5.0 (Windows NT 6.0; rv:26.0) Gecko/20100101 Firefox/26.0"
            82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fmaranathar%2F HTTP/1.1" 200 5347 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71"
            82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fpigh77%2Factivity%2Ffriends%2F HTTP/1.1" 200 5360 "http://penguintraders.com/members/pigh77/activity/friends/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:39 -0500] "GET /members/maranathar/activity/ HTTP/1.1" 301 - "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /members/rahatlukum/forums/ HTTP/1.1" 200 7873 "http://penguintraders.com/members/rahatlukum/forums/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/pedma/activity/2158/ HTTP/1.1" 200 6990 "http://penguintraders.com/activity/p/2158/" "Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0"
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/fxmig/activity/1622/ HTTP/1.1" 200 6992 "http://penguintraders.com/activity/p/1622/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
            82.80.249.170 - - [26/Dec/2014:07:05:40 -0500] "GET /members/maranathar/groups/ HTTP/1.1" 200 7513 "http://penguintraders.com/members/maranathar/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
            82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /members/pigh77/activity/3723/ HTTP/1.1" 200 6876 "http://penguintraders.com/activity/p/3723/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0"
            82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /members/rparm/activity/1787/ HTTP/1.1" 200 6990 "http://penguintraders.com/activity/p/1787/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:40 -0500] "GET /members/maranathar/activity/mentions/ HTTP/1.1" 200 7572 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/rahatlukum/activity/friends/?acpage=2 HTTP/1.1" 200 10509 "http://penguintraders.com/members/rahatlukum/activity/friends/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:41 -0500] "GET /members/maranathar/activity/favorites/ HTTP/1.1" 200 7574 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /members/pigh77/activity/friends/?acpage=2 HTTP/1.1" 200 11092 "http://penguintraders.com/members/pigh77/activity/friends/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0"
            82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /members/makmak/activity/groups/ HTTP/1.1" 500 251 "http://penguintraders.com/members/makmak/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /activity/p/507/ HTTP/1.1" 500 251 "http://penguintraders.com/members/makmak/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fmatkooo2575%2F HTTP/1.1" 500 251 "http://penguintraders.com/members/matkooo2575/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
            82.80.249.170 - - [26/Dec/2014:07:05:51 -0500] "GET /members/matkooo2575/activity/ HTTP/1.1" 500 251 "http://penguintraders.com/members/matkooo2575/" "Mozilla/6.0 (compatible)"
            82.80.249.170 - - [26/Dec/2014:07:05:39 -0500] "GET /members/maranathar/profile/ HTTP/1.1" 200 7290 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0"
            82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/rahatlukum/activity/groups/?acpage=2 HTTP/1.1" 200 10593 "http://penguintraders.com/members/rahatlukum/activity/groups/" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
            82.80.249.170 - - [26/Dec/2014:07:05:51 -0500] "GET 
            

            There are many more where this came from. This was around the time that the traffic peaked. This user was making a lot of connections per second. I went ahead and blocked this IP. The weird thing is that it’s an IP from Israel, HaMerkaz, Petah Tikva.

            Focus, Patience, Determination & Order in chaos

            #2491
            gg53
            Participant

              That’s strange…. I’m from Israel. Is there anyone else here from Israel?

              My IP is 46 210 111 131 Can you see it?

              G.

               

              • This reply was modified 9 years, 6 months ago by gg53.
              #2497
              Saver0
              Moderator

                Yup, I can see your IP gg. It’s probably some server, not even an individual. Could be something random even. Everything looks to be fine now.

                Focus, Patience, Determination & Order in chaos

                #2499
                Saver0
                Moderator

                  I put in some place countermeasures. Hopefully attacks like this will be prevented in the future :-)

                  Focus, Patience, Determination & Order in chaos

                  #2505
                  Anonymous

                    saver0 take a look at cloudflare.com
                    they can handle spikes and take off a huge load from your server

                    and you can implement a static site that gets served when your server is down

                    and it starts for free

                    #2506
                    cariddi74
                    Participant

                      I put in some place countermeasures. Hopefully attacks like this will be prevented in the future :-)

                       

                      :good: Maybe was GG53 trying to sabotage himself  ahahah..  Just kidding, of course :yahoo:

                      #2507
                      Anonymous

                        saver0 propably hasn’t a full power super hyper v-server that can handle many concurrent requests.
                        Take a look at the page load times. The server is busy with serving the normal requests, so i hardly would call this a ddos attack

                        But when saver0 adds cloudflare in front of his server, the pageload times will go down and this page can serve a few more concurrent users.

                        #2509
                        Saver0
                        Moderator

                          Take a look at the page load times. The server is busy with serving the normal requests, so i hardly would call this a ddos attack

                          Over 500 unique page requests within 3 minutes from the same IP address. That’s what my logs recorded before the server crashed. It’s not a pure DDOS attack in the sense that it wasn’t from many IP addresses but its a that type of an attack. Anyways, this type of attacks should get blocked in the future.
                          I will look into getting Cloudflare this weekend. Thank you for the suggestion :-)

                          Focus, Patience, Determination & Order in chaos

                          #2517
                          Rahat Lukum
                          Participant

                            One man show, G you better look him up :good:

                            #2518
                            Anonymous

                              500 requests mmmh…so three per second.
                              it seems you have a big bottleneck. i assume you don’t have a lot of RAM availabe?
                              have your looked into nginx instead of apache? can you make the cache for the database bigger?

                              yes cloudflare seems to be really good. if i would need a website i would use it :p

                              #2521
                              Saver0
                              Moderator

                                500 requests mmmh…so three per second.

                                I’m not sure exactly how many per second, know what I mean? It could have been a lot. I only had a small 5 minute snapshot available from CPanel from around 7:00AM this morning. I don’t know why it didn’t have any logs from prior. I can see 7 connections made from the same IP within one second. Also keep in mind that the actual connection made time could be off, this is when it got recorded. So it could have been 100s of connections in a second just showing up seconds apart in the log. I’m sure when it got this burst of connections, it froze and took its time to process them and end up in the log. If I had network/router connection log, then I would have better luck estimating just how many requests the site received.

                                This site and the VPS I’m on is not designed to handle a lot of traffic. As you can see, I don’t have any ads or generate any revenue from this site so I cannot afford really expensive server/service to handle DDOS type traffic. I plan to keep this site ad free for as long as I can. I want this to be a small development community with a lot of talent, not a massive forum site like forexfactory or babypips.. know what I mean?
                                It should however be able to handle 30-50k visitors per day without much of an issue :-)
                                I will try out cloudflare during the weekend and see how it improves the speed and the load. Thank you for suggesting it!  :yes:

                                Focus, Patience, Determination & Order in chaos

                                #2586
                                stt
                                Participant

                                  Actually I think I found the culprit.

                                  
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Frahatlukum%2Factivity%2Fgroups%2F HTTP/1.1" 200 5363 "http://penguintraders.com/members/rahatlukum/activity/groups/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:26.0) Gecko/20100101 Firefox/26.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /activity/p/251/ HTTP/1.1" 302 - "http://penguintraders.com/members/rahatlukum/?acpage=2" "Mozilla/5.0 (Windows NT 6.0; rv:26.0) Gecko/20100101 Firefox/26.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fmaranathar%2F HTTP/1.1" 200 5347 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71"
                                  82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fpigh77%2Factivity%2Ffriends%2F HTTP/1.1" 200 5360 "http://penguintraders.com/members/pigh77/activity/friends/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:39 -0500] "GET /members/maranathar/activity/ HTTP/1.1" 301 - "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /members/rahatlukum/forums/ HTTP/1.1" 200 7873 "http://penguintraders.com/members/rahatlukum/forums/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/pedma/activity/2158/ HTTP/1.1" 200 6990 "http://penguintraders.com/activity/p/2158/" "Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/fxmig/activity/1622/ HTTP/1.1" 200 6992 "http://penguintraders.com/activity/p/1622/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
                                  82.80.249.170 - - [26/Dec/2014:07:05:40 -0500] "GET /members/maranathar/groups/ HTTP/1.1" 200 7513 "http://penguintraders.com/members/maranathar/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
                                  82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /members/pigh77/activity/3723/ HTTP/1.1" 200 6876 "http://penguintraders.com/activity/p/3723/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:37 -0500] "GET /members/rparm/activity/1787/ HTTP/1.1" 200 6990 "http://penguintraders.com/activity/p/1787/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:40 -0500] "GET /members/maranathar/activity/mentions/ HTTP/1.1" 200 7572 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/rahatlukum/activity/friends/?acpage=2 HTTP/1.1" 200 10509 "http://penguintraders.com/members/rahatlukum/activity/friends/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:41 -0500] "GET /members/maranathar/activity/favorites/ HTTP/1.1" 200 7574 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:36 -0500] "GET /members/pigh77/activity/friends/?acpage=2 HTTP/1.1" 200 11092 "http://penguintraders.com/members/pigh77/activity/friends/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /members/makmak/activity/groups/ HTTP/1.1" 500 251 "http://penguintraders.com/members/makmak/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /activity/p/507/ HTTP/1.1" 500 251 "http://penguintraders.com/members/makmak/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:50 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2Fpenguintraders.com%2Fmembers%2Fmatkooo2575%2F HTTP/1.1" 500 251 "http://penguintraders.com/members/matkooo2575/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
                                  82.80.249.170 - - [26/Dec/2014:07:05:51 -0500] "GET /members/matkooo2575/activity/ HTTP/1.1" 500 251 "http://penguintraders.com/members/matkooo2575/" "Mozilla/6.0 (compatible)"
                                  82.80.249.170 - - [26/Dec/2014:07:05:39 -0500] "GET /members/maranathar/profile/ HTTP/1.1" 200 7290 "http://penguintraders.com/members/maranathar/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0"
                                  82.80.249.170 - - [26/Dec/2014:07:05:35 -0500] "GET /members/rahatlukum/activity/groups/?acpage=2 HTTP/1.1" 200 10593 "http://penguintraders.com/members/rahatlukum/activity/groups/" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
                                  82.80.249.170 - - [26/Dec/2014:07:05:51 -0500] "GET 
                                  

                                  There are many more where this came from. This was around the time that the traffic peaked. This user was making a lot of connections per second. I went ahead and blocked this IP. The weird thing is that it’s an IP from Israel, HaMerkaz, Petah Tikva.

                                   

                                  looks to me this user ran something like wget to mirror the site. perhaps was trying to download all content.

                                  Thanks for highlighting this in an open manner. people should know what is expected behaviour.

                                  Keep up the good work!!

                                  #2596
                                  Zelo
                                  Participant

                                    I plan to keep this site ad free for as long as I can.

                                    I don’t mind if you put any ads, Saver0. (Because i use Adblock Plus :grin: )

                                     

                                    I want this to be a small development community with a lot of talent, not a massive forum site like forexfactory or babypips..

                                    :good: :yahoo:

                                     

                                    But because of things happened lately, all members seem like go to the private group,

                                    and that makes this site silent :-(

                                    #2614
                                    cariddi74
                                    Participant

                                      I plan to keep this site ad free for as long as I can.

                                      I don’t mind if you put any ads, Saver0. (Because i use Adblock Plus :grin: )

                                      I want this to be a small development community with a lot of talent, not a massive forum site like forexfactory or babypips..

                                      :good: :yahoo: But because of things happened lately, all members seem like go to the private group, and that makes this site silent :-(

                                      Believe it’s better maybe…cause big community ,in my experience are often if not always:

                                      1. owned by dictators in collusion with brokers

                                      2.  full of idiotic people that just wanna be babysitted, that just wanna vent about anything, that just wanna be rich overnight without neither connecting the brain.

                                      By the way…we at penguin ARE a little semi-private forum  ;-)

                                       

                                       

                                      #2629
                                      Saver0
                                      Moderator

                                        and that makes this site silent

                                        Yea I feel the same.. but it is the end of the year.. I’m feeling pretty relaxed and just waiting for the year to end.. hehe

                                        I will also get more active in the new year! I’m sure many will do the same.

                                        Focus, Patience, Determination & Order in chaos

                                        #2630
                                        simplex
                                        Moderator

                                          But because of things happened lately, all members seem like go to the private group, and that makes this site silent

                                          Three days before New Years Eve – maybe it’s just time to take a break, spend time with the family, …

                                          We will get busy again!

                                          A good trader is a realist who wants to grab a chunk from the body of a trend, leaving top- and bottom-fishing to people on an ego trip. (Dr. Alexander Elder)

                                          #2631
                                          simplex
                                          Moderator

                                            I want this to be a small development community with a lot of talent, not a massive forum site like forexfactory or babypips.. know what I mean?

                                            I agree, absolutely! Dedication, open communication, and the ability to give and receive honest feedback should be essential, IMO. No flaming or bashing, though.

                                             

                                            A good trader is a realist who wants to grab a chunk from the body of a trend, leaving top- and bottom-fishing to people on an ego trip. (Dr. Alexander Elder)

                                            #2746
                                            Anonymous

                                              Savor0, when the day comes and you don’t want to spend the money anymore for running this server. I’m sure here are a lot of people who would donate a few bucks to keep this site running. I would of course http://penguintraders.com/wp-content/plugins/wp-monalisa/icons/wpml_good.gif

                                            Viewing 21 posts - 1 through 21 (of 21 total)
                                            • You must be logged in to reply to this topic.
                                            Scroll to Top