Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
And the 502s are back.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
I've had to tell people elsewhere to refrain doing a "who benefits?" analysis of the repeated prolonged DDoS attacks.
But telling other people that made me wonder myself. (It isn't as if I can spend the time editing the wikis...) Whatever the truth may be, the appearance is that the non-Wikia copy of ATT is under attack no matter where it's hosted while the Wikia copy is doing just fine... and Wikia does have a reputation (rightly or wrongly) of not playing well with folks who want to have their wikis hosted elsewhere.
I hope this is just muddying the waters and not a "blue hair" moment.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
robkelk Wrote:I've had to tell people elsewhere to refrain doing a "who benefits?" analysis of the repeated prolonged DDoS attacks.
But telling other people that made me wonder myself. (It isn't as if I can spend the time editing the wikis...) Whatever the truth may be, the appearance is that the non-Wikia copy of ATT is under attack no matter where it's hosted while the Wikia copy is doing just fine... and Wikia does have a reputation (rightly or wrongly) of not playing well with folks who want to have their wikis hosted elsewhere.
I hope this is just muddying the waters and not a "blue hair" moment. Rob, I can't say everything here, but I can rule that out as a motive. In fact, I've been working with a few other parties localizing the source of the attacks, and I can say it's not them, TV Tropes, someone pissed about the fork of Metapedia that was hosted on Orain (they were denied a wiki on Miraheze anyway), or anyone from any of the hacker communities (checked them, even most of the deep web ones).
Also, even sterner countermeasures to blunt this nonsense are going up soon.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
Let's throw up a Kickstarter to get some Black ICE.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
Alright, just got an update from John.
Ramnode is giving him grief over the constant DDoSes and plant to drop supporting him if they continue, but the good news is that, this time, we'll have a backup of our work to date in situ.
If that happens, though, we need new hosting, preferably somewhere with good security against this sort of crap, and I'm open to ideas.
Also, while I still can't point any fingers yet, I can say the attacks on Orain and Miraheze were perpetrated by the same party, it's definitely a motive based on revenge/spite against parties at both, and moving to hosting no longer affiliated with either may be our safest route.
Posts: 461
Threads: 9
Joined: Oct 2013
Reputation:
0
GethN7 Wrote:Also, while I still can't point any fingers yet, I can say the attacks on Orain and Miraheze were perpetrated by the same party, it's definitely a motive based on revenge/spite against parties at both, and moving to hosting no longer affiliated with either may be our safest route.
And if the person(s) responsible come after wherever ATT is next being hosted, then what might that suggest? I just thought I'd throw that out there.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
Tennie Wrote:GethN7 Wrote:Also, while I still can't point any fingers yet, I can say the attacks on Orain and Miraheze were perpetrated by the same party, it's definitely a motive based on revenge/spite against parties at both, and moving to hosting no longer affiliated with either may be our safest route.
And if the person(s) responsible come after wherever ATT is next being hosted, then what might that suggest? I just thought I'd throw that out there. That has been considered, and after comparing notes with various parties, we're pretty sure the real target is anyone who was ever connected with Orain/Miraheze, as in staff/administration.
Movig away from parties affliated with either is basically our only chance of keeping ourselves up without getting fired upon, as based on the information at hand, we're caught in the crossfire of some douche with a serious grudge against both entities.
Also, I CAN reveal we (ATT) were targeted for sure at both places, though we were just a target of oppurtunity to cripple both entities (we are the largest wiki either has ever hosted), but our mere existence is not the sole reason for us being targeted.
In short, as long as we carry associations with Miraheze or Orain, we have a bulleye on us.
Update: Plans to move are still on the table in the event we need to, but John just sent me some updates concerning Ramnode.
They are willing to dig in and help him on the DDoS issue so long as it doesn't result in damage to their infrastructure (this is just garden variety http request flooding nonsense, so that's not an issue), not to mention the attack vector has finally been localized. John is planning an alternate way to enf run around this idiot and render their plans for naught, but he's well aware that if we still keep going through this crap, we still plan to pick up stakes, and he plans to assist us in getting our data ported in that eventuality.
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
I see there's been some progress - I can read pages on the freebie wiki now. Can't edit or export yet, though.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
robkelk Wrote:I see there's been some progress - I can read pages on the freebie wiki now. Can't edit or export yet, though.
Yeah, SPF is first working on making sure we stay up at all, this is basically Miraheze telling the DDoSer we aren't going to knuckle under, and while they try in vain to take us down (they can't, we're basically in read only mode, so all incoming http requests to edit will crap out), he and John are working on making the attack vectors impotent.
The most important thing is that John and SPF really don't want to let this douche win, so what you see so far is them making sure we can at least read everything until they can fend this idiot off better.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
GOOD NEWS EVERYONE!
(end Professor Farnsworth impersonation)
The DDoS has been blunted! I'm not at liberty to say how that was accomplished, but I can say Miraheze is back to normal operations.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
That's great!
Edit: Recent Changes won't load, although everything else seems to be okay.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
So... is our idiot back? About 12:40 PM EDT the entire site slowed down to a crawl.
Oh, and the Recent Changes page has been completely unusable now for most of a day.
EDIT: I stand corrected. The default Recent Changes page works just fine. But when I tell it to http://allthetropes.miraheze.org/w/ind ... hidebots=0]show bots, I get a blank page.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
Bob Schroeck Wrote:So... is our idiot back? About 12:40 PM EDT the entire site slowed down to a crawl.
Oh, and the Recent Changes page has been completely unusable now for most of a day.
EDIT: I stand corrected. The default Recent Changes page works just fine. But when I tell it to http://allthetropes.miraheze.org/w/ind ... hidebots=0, I get a blank page.
Can't go into how exactly, but SPF has done a lot of stuff in the background to stymie anymore botnet assaults from getting anywhere, since even though we defeated this idiot for now, we aren't sure he's totally gone and are taking no chances. Unfortunately, certain cached pages that make heavy API calls may perform poorly as a result, but the upside is that we stay up more or less regardless.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
Okay, about half an hour ago something happened. Saving or previewing pages started throwing 500 errors.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
Bob Schroeck Wrote:Okay, about half an hour ago something happened. Saving or previewing pages started throwing 500 errors. Server resource allocation issues.
Being addressed as I type this.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
Yeah, fixed now. Must have been just finishing up when I tested it about ten minutes ago.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
Aaaaaaaand it's merry old 502 time again.
EDIT: And no sooner do I report that here and in IRC than it's working fine again.
EDIT2: But Recent Changes is broken and returns only a blank page.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
Bob Schroeck Wrote:EDIT2: But Recent Changes is broken and returns only a blank page. Recent Changes was broken on the freebie wiki yesterday, too. But they're both working now.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
Geth let me know through mail that the occasional breakage of Recent Changes is a necessary part of thwarting our ... enthusiast.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
I see Orain was removed from Mediawiki's Hosting services list today. Are they really "gone for good" - no hope at all of me getting that other one-third of the freebie wiki?
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
robkelk Wrote:I see Orain was removed from Mediawiki's Hosting services list today. Are they really "gone for good" - no hope at all of me getting that other one-third of the freebie wiki? Baed on certain information, parts of which I cannot reveal in full here at this point, it's safe to say Orain as it existed past June 2015 is completely obliterated, save whatever was archived/cached on the Google and Wayback Machine.
As for the farm, it may possibly come back in some form, but it's doubtful it will ever come back as "Orain".
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
Ah, well. (Most expensive coffee cup I never got...)
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
Posts: 27,605
Threads: 2,270
Joined: Sep 2002
Reputation:
21
About 20 minutes ago the wiki slowed to a crawl, and then to a standstill. Is our beloved friend back?
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.
Posts: 1,744
Threads: 7
Joined: Oct 2013
Reputation:
3
Bob Schroeck Wrote:About 20 minutes ago the wiki slowed to a crawl, and then to a standstill. Is our beloved friend back? Don't believe so. Most of his nonsense gets stopped before it even has any meaningful server impact. We could just have a high load on the server at present.
If it doesn't clear up, I'll inquire further.
Posts: 25,553
Threads: 2,060
Joined: Feb 2005
Reputation:
12
Just checked the response times - I clicked on my bookmark for ATT and was able to load a half-dozen pages on the freebie wiki sequentially before ATT responded. This indicates that whatever the issue is, it isn't affecting all of Miraheze.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
|