What is wrong with vBulletin.com? It has been up and down like a yo yo for the past few days. I guess it is because of all this heavy traffic because everyone is after the new gamma release etc etc . Though that is not an excuse in my opinion.

If i was having high traffic issues on one of my servers that were causing the server to either load slow or not at all then I'd either upgrade the server or replace it within 48 hours of it happening. I do not think you should deal with this as if it is a "one off occasion". You should prepare for things like this and make sure it doesn't happen again... It is extremely annoying, i came here to re-new my vBulletin license and i could not access the site for hours. Then when i could it went down again when i clicked the order button...

If you ask me i think you should scrap the VenturesOnline server and purchase a few Dual Xeon's from www.ev1servers.net (http://www.ev1servers.net/). It would also be a good idea to have the site/members area on one server and the forums on another... At least that way DOS attacks are not so likely to hit as hard.

Thanks for reading this.

It seems the downtime has started happening since the move. I wouldnt accept the downtime from the new host if its going to constantly happen.

I hope the downtime has nothing to do with vBulletin 3's code.

We have been under a very severe DDoS attack all night. Your solution is not quite that simple. Believe me, we've been dealing with this for quite some time now.

Oh, if its a dos attack that changes it :(

Good luck.

I suppose so.. It is a bit of a coincidence that as soon as Gamma was released vBulletin.com had loading issues, one of the Team members said it was because of high traffic and now it is because of a DOS attack? Yet it hasn't seemed to have stopped since Gamma was released.

Sorry if i sound like a moron. I have been trying to renew my license for ages and it took me a few hours to finally renew it.

I still think Jelsoft should move to EV1servers.com. :D

What's so hard to believe? Traffic WAS up significantly (sometimes 10-12x over normal) after Gamma was released. Also the person doing these attacks purposely waited until it was released. (I even predicted this would happen.) He did nothing for two weeks prior, but the day after the release he attacked again. We beat that one off pretty quickly. Then tonight this coward assaulted us with a massive attack.

Sorry you don't believe this, but that's the facts.

I'm not saying i don't believe it.
I assume it is the same person who had been doing it all along? Can't you trace him?

Kind of hard to trace a couple thousand zombie machines on all six inhabited continents spanning over 100 different countries.

EV1Servers wouldnt want vbulletin.com. Their AUP allows them to unplug and cancel any server that attracts DOS attacks.

When you are running high volume high noise websites, you need to pay a bit more than EV1 charges.

In all honesty I doubt any host would have been as responsive and helpful as VO is helping us with this problem.

Isn't there software or hardware that easily deflects these attacks? Maybe to costly? Sorry, I don't know much about it.

As far as my limited knowledge goes, you can't just easily deflict a dDoS attack.

Isn't there software or hardware that easily deflects these attacks? Maybe to costly? Sorry, I don't know much about it.
No, Dos attacks are all about flooding the pipe and crippling traffic.

I'm officially banned from AOL till 2007 for hacking, and that was in 1997. I'm amazed they let me have a computer, but I haven't had to talk to my parole officer since 98.

Anyhow, I could frag this little numb nut. He made my life and trying to renew my vb license very difficult last night.

The nerve of some people with nothing better to do. He could at least focus he efforts on something more productive like disturbing AOL users.

Not that I support that kind of behavior or would ever do such things anymore, I um learned my lesson. Jail = Unhappy time.

We've spoken to both the FBI in the US and the High tech crime unit in the UK without any result.

The only solution is to block the IP's as they come through. Though browsing has returned to normal for me at the moment.

just thought i'd let you all see what the sort of spikes we're talking about.

Blue traffic is from the internet to our server
Green traffic is from our server to the internet.
text labels are back to front since this is taken from the router

Are you still under attack?

Murf

Not at this particular second.

just thought i'd let you all see what the sort of spikes we're talking about.

Blue traffic is from the internet to our server
Green traffic is from our server to the internet.
text labels are back to front since this is taken from the router
All that shows is a 30 min average of 8 meg a sec :confused:

How can VO be flooded at 8 meg?

Apologies of I missed something.

1. That's to just our box.
2. Those are actually 2 hour averages. So 1-hour attack + 1-hour normal isn't going to show a full 10mbps spike.
3. During the attacks, I've seen 40-50mbps "sustained spikes" [above normal] on the VO graphs (5 minute averages).
4. Even just 8mbps of connection packets will quickly fill up Apache's open connections.

Hmmmm so what do these hackers want from you guys. You don't have to go into detail just the cliff notes version

4. Even just 8mbps of connection packets will quickly fill up Apache's open connections.
I see - I had misunderstood I thought that the attack was simply maxing out the pipes rather than doing Apache in.

Good luck.

I see - I had misunderstood I thought that the attack was simply maxing out the pipes rather than doing Apache in.

Good luck.
Both actually, where the pipe is our connection (10mbps) to the network, not VO's connection to a backbone. Generally speaking, during those times, other VO sites were fine, so it wasn't degrading their performance.

Can't you get a fatter pipe than 10mbps?

It's still annoyingly slow here.

Its not the pipe thats maxed out most of the time its just apache having far too many requests.

I'm not having any load problems here atm.

Is .org being attacked today too?

I get full of htaccess dialog boxes instead of the site...

Is .org being attacked today too?

I get full of htaccess dialog boxes instead of the site...
They were upgrading to Gamma :)

Its not the pipe thats maxed out most of the time its just apache having far too many requests.

I'm not having any load problems here atm.
You guys might want to check (if you haven't) mod_dosevasive and/or mod_throttle.