UK BOINC Team Forum

Hi all

There's been some significant "spammer" attempts to flood the forum database with membership and access requests (which significantly affected page loading, sometimes resulting in database access errors).

So, late on, on 20th July, I disabled the forum, so I could see what was happening.

I've also taken a look through some of the log files which were getting quite large and many "old" logs have now been deleted. Which should help a little bit.

All being well, I'll re-enable forum access on 22nd July.

regards
Tim

Hi all

Have now re-enabled access to the forum.

But will be monitoring for the next 24-48 hours, in case of further issues.

If you see any problems (such as database errors) please ping me an email.

And apologies for any inconvenience.

regards
Tim

PS: I do not think the forum issues are related to this report - but I might be wrong

"Major websites hit by global outage"

https://www.bbc.co.uk/news/technology-57929544

or this report:

"Akamai Edge DNS goes down, takes a chunk of the internet with it"

https://www.theregister.com/2021/07/22/ ... scheduled/

Thanks for your efforts Tim. There might not be a lot actually happening on this forum, but it is still a useful thing to have!
Penny

UBT - PennyQ wrote: ↑Fri Jul 23, 2021 10:05 am Thanks for your efforts Tim. There might not be a lot actually happening on this forum, but it is still a useful thing to have!
Penny

Hi Penny

Yup - it's been a bit quiet in here of late...but that's life.

All I can do is to ensure that this "resource" stays available and if people want to add something, then they can.

regards
Tim

You might find using the free version of Cloudflare would stop more bad actors than just blocking IPs.

Cloudflare not only looks at the actual traffic but also where it comes from. When in doubt Cloudflare will force a Captcha to stop automated access/Brute force attempts, (such as a login) as each Captcha has a unique Session which changes per try.

Additionally, as UBT site has Authentication normally you would/should use HTTPS to encrypt login traffic; this is something else which Cloudflare offers for free by default (if required).

eg NCODED has no HTTPS certificate (as we don't do any Auth), yet Cloudflare sets this up if needed: https://ncoded.com

Anyway Cloud flare is probably the Worlds most used service for stopping bad actors (including DOS attacks, etc) so its def worth taking a look.

https://www.cloudflare.com/en-gb/plans/

Hi Chris

Thanks for the useful input.

There is possibly one (minor) issue in that the database for the forum is held on a different IP address, with the ubt.org.uk website acting as the front end as it just hosts the phpBB forum software.

So, I'll need to see which methods are at my disposal to sort this out, if it continues to be a problem. (It hasn't for now, so it might have been a "one off" event).

But getting a secure "https" URL has been on my list of "to do's" (though the annual cost has been a bit of an issue)...along with upgrading the phpBB version software, as I'm about 2 or more ( ) minor revisions behind at present.

regards
Tim

Yeah I think perhaps you would have to do a clean install of phpBB and get everything back under a single IP. An option perhaps for the future then.

Just throw a letsencrypt certificate on, its free, simple to install and updates automatically. Its usually domain authenticated on your DNS so not IP dependent.