Switch to Cloudflare
Switch to Cloudflare
Hi all
You may have noticed the site going down frequently recently. It looks like we've been under random DNS DDoS attacks for a few weeks now. Hetzner's DDoS protection was doing an OK-ish job at protecting the server but it wasn't quite enough. The initial influx of the attack made it to the server, overwhelming it and knocking it offline. Their reports tell us that it's frequently 30Gbps or more hitting us each time for just a few minutes before their protection kicks in.
We have no idea why we've been targeted but I suspect it's just random, and I had no way to stop it. I tried quite a lot of things to no avail.
In the end I decided to switch us over to Cloudflare for DNS and HTTP routing to see if this helps. If it does, we'll continue to use the service.
If you spot any oddities, please let me know so I can investigate and fix.
Thanks
Andy (Admin)
You may have noticed the site going down frequently recently. It looks like we've been under random DNS DDoS attacks for a few weeks now. Hetzner's DDoS protection was doing an OK-ish job at protecting the server but it wasn't quite enough. The initial influx of the attack made it to the server, overwhelming it and knocking it offline. Their reports tell us that it's frequently 30Gbps or more hitting us each time for just a few minutes before their protection kicks in.
We have no idea why we've been targeted but I suspect it's just random, and I had no way to stop it. I tried quite a lot of things to no avail.
In the end I decided to switch us over to Cloudflare for DNS and HTTP routing to see if this helps. If it does, we'll continue to use the service.
If you spot any oddities, please let me know so I can investigate and fix.
Thanks
Andy (Admin)
- TheCollector1988
- Donator
- Posts: 3604
- Joined: Wed Feb 23, 2011 12:11 am
- Location: Italy
- Contact:
Re: Switch to Cloudflare
Maybe not on topic but, the ftp servers page gives me the wrong ip address for the download area, I mean, it uses a IP address that's not mine.
Re: Switch to Cloudflare
Thanks. That's an issue with the caching/proxy setup. It should be resolved now.
- SuperThecomputergeek
- Donator
- Posts: 57
- Joined: Thu Aug 28, 2014 2:37 pm
- Location: UK
- Contact:
Re: Switch to Cloudflare
Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
SuperThecomputergeek
(I go by 'infrared' now)
(I go by 'infrared' now)
Re: Switch to Cloudflare
And who would DDoS us? Microsoft? I don't think that's the case. Especially because this cause is almost two months old by now...SuperThecomputergeek wrote:Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
- SuperThecomputergeek
- Donator
- Posts: 57
- Joined: Thu Aug 28, 2014 2:37 pm
- Location: UK
- Contact:
Re: Switch to Cloudflare
What I'm trying to say is that some random stranger could have found that recently, neglected to look at the date the articles were posted and decided to DDoS us.AlphaBeta wrote:And who would DDoS us? Microsoft? I don't think that's the case. Especially because this cause is almost two months old by now...SuperThecomputergeek wrote:Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
SuperThecomputergeek
(I go by 'infrared' now)
(I go by 'infrared' now)
Re: Switch to Cloudflare
Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
- computebrute
- Donator
- Posts: 680
- Joined: Tue Dec 03, 2013 12:00 am
- Location: us
Re: Switch to Cloudflare
Friggen skids... knew they were up to no good.AlphaBeta wrote: And who would DDoS us? Microsoft?
Anyway, cloudfare should work fairly well. My company uses it and we've prevented a few takedowns using their service.
Re: Switch to Cloudflare
Not sure if thats related to the switch to Cloudflare but the forum is way more responsive (faster) than before to me.
Re: Switch to Cloudflare
Probably a placebo effect. The site is no quicker or slower. Cloudflare are only handling DNS now (caching was causing issues).
-
TuneableSumo876
Re: Switch to Cloudflare
Seems a tad faster as well (at least from the US east coast). Even after clearing the browser cache and cookie data.
EDIT: My ISP is Optimum. Maybe this has something to do with it.
EDIT: My ISP is Optimum. Maybe this has something to do with it.
Last edited by TuneableSumo876 on Fri Aug 25, 2017 3:54 pm, edited 1 time in total.
Re: Switch to Cloudflare
likely boils down to the dns resolver and how fast the domain lookup to ip takes....
- DarkenMoon
- Donator
- Posts: 71
- Joined: Sat Sep 27, 2014 6:32 am
- Location: Reno, Nevada
Re: Switch to Cloudflare
It feels like it takes longer to resolve over on the US west coast. I have low ping to both my DNS server, and the closest "CloudFlare server farm". I also occasionally will get a Chrome "this page can't be loaded" error, that never happened before.
Re: Switch to Cloudflare
The can't load error will happen during a ddos. The DNS resolution should be quick, so I'd blame that on your ISP.
- DarkenMoon
- Donator
- Posts: 71
- Joined: Sat Sep 27, 2014 6:32 am
- Location: Reno, Nevada
Re: Switch to Cloudflare
I'm using Google's DNS servers, and not AT&T's dreadful DNS servers. I also use a pfSense box as a router, so the IP for BA is cached locally.
- whistler2250
- Posts: 214
- Joined: Wed Aug 09, 2017 1:08 am
Re: Switch to Cloudflare
Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Pseudo-localized builds are awesome!
Re: Switch to Cloudflare
Using the "UBER DDOS ATTACC 500 GBIT/S 100% LEGIT NO SCAM NO VIRUS" tool I am pretty sure.whistler2250 wrote:Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
- whistler2250
- Posts: 214
- Joined: Wed Aug 09, 2017 1:08 am
Re: Switch to Cloudflare
Hence why it wasn't as effective as it could have been.AlphaBeta wrote:Using the "UBER DDOS ATTACC 500 GBIT/S 100% LEGIT NO SCAM NO VIRUS" tool I am pretty sure.whistler2250 wrote:Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Pseudo-localized builds are awesome!
-
TuneableSumo876
Re: Switch to Cloudflare
To be serious, why don't you just check the IP access logs and ban the IPs it came from for a while?
Last edited by TuneableSumo876 on Thu Aug 31, 2017 1:42 pm, edited 1 time in total.
- DarkenMoon
- Donator
- Posts: 71
- Joined: Sat Sep 27, 2014 6:32 am
- Location: Reno, Nevada
Re: Switch to Cloudflare
It's typically significantly more than just 1 IP address that would be attacking the site at once. Hence the name, DDoS (distributed denial-of-service attack).TuneableSumo876 wrote:To be serious, why don't you just check the IP access logs and ban the IP it came from for a while?
-
TuneableSumo876
Re: Switch to Cloudflare
Ah, noticed my typo there. I was going to say IPs.DarkenMoon wrote:It's typically significantly more than just 1 IP address that would be attacking the site at once. Hence the name, DDoS (distributed denial-of-service attack).TuneableSumo876 wrote:To be serious, why don't you just check the IP access logs and ban the IP it came from for a while?
Re: Switch to Cloudflare
The problem is that we have no external firewall so we're restricted to the software firewall. The attacks need to be stopped before the server, not at the server, otherwise it defeats the point. Unfortunately an external firewall is prohibitively expensive unless people give larger regular donations to keep the site up.