Switch to Cloudflare

Information and news about the website will be posted here.
Post Reply
Andy
User avatar
Administrator
Posts: 12815
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Switch to Cloudflare

Post by Andy »

Hi all

You may have noticed the site going down frequently recently. It looks like we've been under random DNS DDoS attacks for a few weeks now. Hetzner's DDoS protection was doing an OK-ish job at protecting the server but it wasn't quite enough. The initial influx of the attack made it to the server, overwhelming it and knocking it offline. Their reports tell us that it's frequently 30Gbps or more hitting us each time for just a few minutes before their protection kicks in.

We have no idea why we've been targeted but I suspect it's just random, and I had no way to stop it. I tried quite a lot of things to no avail.

In the end I decided to switch us over to Cloudflare for DNS and HTTP routing to see if this helps. If it does, we'll continue to use the service.

If you spot any oddities, please let me know so I can investigate and fix.

Thanks

Andy (Admin)

TheCollector1988
User avatar
Donator
Posts: 3604
Joined: Wed Feb 23, 2011 12:11 am
Location: Italy
Contact:

Re: Switch to Cloudflare

Post by TheCollector1988 »

Maybe not on topic but, the ftp servers page gives me the wrong ip address for the download area, I mean, it uses a IP address that's not mine.

Andy
User avatar
Administrator
Posts: 12815
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Re: Switch to Cloudflare

Post by Andy »

Thanks. That's an issue with the caching/proxy setup. It should be resolved now.

SuperThecomputergeek
User avatar
Donator
Posts: 57
Joined: Thu Aug 28, 2014 2:37 pm
Location: UK
Contact:

Re: Switch to Cloudflare

Post by SuperThecomputergeek »

Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
SuperThecomputergeek
(I go by 'infrared' now)

AlphaBeta
User avatar
Donator
Posts: 2437
Joined: Sun Aug 12, 2012 4:33 pm
Location: Czechia

Re: Switch to Cloudflare

Post by AlphaBeta »

SuperThecomputergeek wrote:Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
And who would DDoS us? Microsoft? I don't think that's the case. Especially because this cause is almost two months old by now...
AlphaBeta, stop brainwashing me immediately!

Image

SuperThecomputergeek
User avatar
Donator
Posts: 57
Joined: Thu Aug 28, 2014 2:37 pm
Location: UK
Contact:

Re: Switch to Cloudflare

Post by SuperThecomputergeek »

AlphaBeta wrote:
SuperThecomputergeek wrote:Andy, do you think we're getting DDoS'd because of that fake 32TB Windows 10 Leak? Because I think we are.
And who would DDoS us? Microsoft? I don't think that's the case. Especially because this cause is almost two months old by now...
What I'm trying to say is that some random stranger could have found that recently, neglected to look at the date the articles were posted and decided to DDoS us.
SuperThecomputergeek
(I go by 'infrared' now)

mrpijey
User avatar
Administrator
Posts: 9188
Joined: Tue Feb 12, 2008 5:28 pm
Contact:

Re: Switch to Cloudflare

Post by mrpijey »

Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Image
Official guidelines: Contribution Guidelines
Channels: Discord :: Twitter :: YouTube

computebrute
User avatar
Donator
Posts: 680
Joined: Tue Dec 03, 2013 12:00 am
Location: us

Re: Switch to Cloudflare

Post by computebrute »

AlphaBeta wrote: And who would DDoS us? Microsoft?
Friggen skids... knew they were up to no good.
Anyway, cloudfare should work fairly well. My company uses it and we've prevented a few takedowns using their service.
Image
Image

Ludacris
Donator
Posts: 602
Joined: Sat Jan 27, 2007 10:56 pm

Re: Switch to Cloudflare

Post by Ludacris »

Not sure if thats related to the switch to Cloudflare but the forum is way more responsive (faster) than before to me.

Andy
User avatar
Administrator
Posts: 12815
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Re: Switch to Cloudflare

Post by Andy »

Probably a placebo effect. The site is no quicker or slower. Cloudflare are only handling DNS now (caching was causing issues).

TuneableSumo876

Re: Switch to Cloudflare

Post by TuneableSumo876 »

Seems a tad faster as well (at least from the US east coast). Even after clearing the browser cache and cookie data.

EDIT: My ISP is Optimum. Maybe this has something to do with it.
Last edited by TuneableSumo876 on Fri Aug 25, 2017 3:54 pm, edited 1 time in total.

dw5304
Donator
Posts: 168
Joined: Thu Jun 02, 2011 5:58 pm
Location: microsoft land

Re: Switch to Cloudflare

Post by dw5304 »

likely boils down to the dns resolver and how fast the domain lookup to ip takes....

DarkenMoon
User avatar
Donator
Posts: 71
Joined: Sat Sep 27, 2014 6:32 am
Location: Reno, Nevada

Re: Switch to Cloudflare

Post by DarkenMoon »

It feels like it takes longer to resolve over on the US west coast. I have low ping to both my DNS server, and the closest "CloudFlare server farm". I also occasionally will get a Chrome "this page can't be loaded" error, that never happened before.

Andy
User avatar
Administrator
Posts: 12815
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Re: Switch to Cloudflare

Post by Andy »

The can't load error will happen during a ddos. The DNS resolution should be quick, so I'd blame that on your ISP.

DarkenMoon
User avatar
Donator
Posts: 71
Joined: Sat Sep 27, 2014 6:32 am
Location: Reno, Nevada

Re: Switch to Cloudflare

Post by DarkenMoon »

I'm using Google's DNS servers, and not AT&T's dreadful DNS servers. I also use a pfSense box as a router, so the IP for BA is cached locally.

whistler2250
User avatar
Posts: 214
Joined: Wed Aug 09, 2017 1:08 am

Re: Switch to Cloudflare

Post by whistler2250 »

mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.
Pseudo-localized builds are awesome!

AlphaBeta
User avatar
Donator
Posts: 2437
Joined: Sun Aug 12, 2012 4:33 pm
Location: Czechia

Re: Switch to Cloudflare

Post by AlphaBeta »

whistler2250 wrote:
mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.
Using the "UBER DDOS ATTACC 500 GBIT/S 100% LEGIT NO SCAM NO VIRUS" tool I am pretty sure.
AlphaBeta, stop brainwashing me immediately!

Image

whistler2250
User avatar
Posts: 214
Joined: Wed Aug 09, 2017 1:08 am

Re: Switch to Cloudflare

Post by whistler2250 »

AlphaBeta wrote:
whistler2250 wrote:
mrpijey wrote:Or someone slipped on a banana peel, fell backwards and accidently hit both the betaarchive.com and "DDoS Express" buttons at the same time... I think this theory is much more plausable. Yes, that must be it.
Or, even more likely, some 12-year old kid got mad that his FTP application was rejected, and then decided to DDoS us. That's far more likely.
Using the "UBER DDOS ATTACC 500 GBIT/S 100% LEGIT NO SCAM NO VIRUS" tool I am pretty sure.
Hence why it wasn't as effective as it could have been.
Pseudo-localized builds are awesome!

TuneableSumo876

Re: Switch to Cloudflare

Post by TuneableSumo876 »

To be serious, why don't you just check the IP access logs and ban the IPs it came from for a while?
Last edited by TuneableSumo876 on Thu Aug 31, 2017 1:42 pm, edited 1 time in total.

DarkenMoon
User avatar
Donator
Posts: 71
Joined: Sat Sep 27, 2014 6:32 am
Location: Reno, Nevada

Re: Switch to Cloudflare

Post by DarkenMoon »

TuneableSumo876 wrote:To be serious, why don't you just check the IP access logs and ban the IP it came from for a while?
It's typically significantly more than just 1 IP address that would be attacking the site at once. Hence the name, DDoS (distributed denial-of-service attack).

TuneableSumo876

Re: Switch to Cloudflare

Post by TuneableSumo876 »

DarkenMoon wrote:
TuneableSumo876 wrote:To be serious, why don't you just check the IP access logs and ban the IP it came from for a while?
It's typically significantly more than just 1 IP address that would be attacking the site at once. Hence the name, DDoS (distributed denial-of-service attack).
Ah, noticed my typo there. I was going to say IPs.

Andy
User avatar
Administrator
Posts: 12815
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Re: Switch to Cloudflare

Post by Andy »

The problem is that we have no external firewall so we're restricted to the software firewall. The attacks need to be stopped before the server, not at the server, otherwise it defeats the point. Unfortunately an external firewall is prohibitively expensive unless people give larger regular donations to keep the site up.

Post Reply