• Anything ‘published’ on the web is viewed as intellectual property and, regardless of whether it displays a copyright symbol or not, is therefore copyrighted by the originator. The only exception to this is if there is a “free and unrestricted reuse” statement associated with the work.

    In order to protect our members and TFL from possible litigation, all members must abide by the following new rules:

    1. Copying and pasting entire articles from another site to TFL is strictly prohibited. The same applies to articles from print or other media, and to posting photographs taken of copyrighted pages or other media.

    2. Copyright law provides for “fair use” of portions of a copyrighted work. You can copy no more than a SINGLE paragraph from the article to your post (3 or 4 sentences at most).

    3. You must provide a link to the article along with the name of website. For example: ww.xxx.yyy/zzz (The Lower Thumbsuck Daily News).

    4. You must provide, in your own words, a brief summary of the article AND your reasons for believing it will be of interest to TFL members. Failure to do so may result in the thread being closed or your post being deleted as a “cut and paste drive by.”

    5. Photographs and other images are also copyrighted. "Hotlinking" of images (so that it appears in your message) from other sites is also prohibited unless you own rights to the image. If you wish to share an image, provide a clickable link to it.

    Posts that do not follow these new guidelines will be altered or deleted by staff. Members who continue to violate this policy may lose their posting privileges at TFL.

    Thank you for your cooperation and your participation in TFL, the leading online forum for firearms enthusiasts.

THR is down right now

Status
Not open for further replies.
D

Derek Zeanah

New member
damn - I'm posting most of the tech support threads here. ;)

THR is currently down. We were suffering from a DOS attack that was (mostly) due to a compromised server in Chicago. We were seeing inbound traffic of ~50 Mbits/second at the firewall (normal is about 0.768 Mbits) which was enough to swamp the machine. Rebooting the firewall got us back in, and I reconfigured the firewall a bit so it wouldn't run out of memory (my guess as to what caused the actual outage).

We were still seeing the traffic, and rather than pay for it I had my network provider intervene. THR has been 'null-routed' until the attacks stop, which pretty much means "you can't get there from here." The company that owns the compromised host has a disconnected abuse telephone line, and their web server is reporting errors, so they'll be tough to reach.

Once the attack dies, THR will come back to life.

(As an aside, I'm paying for a 10 Mbit link, but I apparently have significantly better than that.)
 
Targetted?

Derek,

Any idea if this sort of thing is just "random" as a consequence of somebody leaving the gate open, or is this a more targetted kind of attack?

And if "targetted" is the verdict, what then?
 
Last edited:
Any idea of this sort of thing is just "random" as a consequence of somebody leaving the gate open, or is this a more targetted kind of attack?
Click to expand...
Well, apparently THR's IP address was the recipient of all the attention.

I'm not clear on whether it's just the one compromised server in Chicago that's banging on the doors, or whether other machines are involved as well. I just know there's still a flood of packets trying to swim their way to THR's IP address. :)
 
Could user computers be attacked when attempting to go to the THR site?

(I'm not a techie, so if this sounds like a dumb question please be patient)
 
I'm glad to know that its down and my internet explorer is'nt on the fritz. I was about to download a copy of netscape to see if I could get on. Hurry back THR:)
 
Derek, if the attack is coming from one machine, can't you just ask your ISP to block inbound packets from that IP address? It's tough to stop a DDOS, but a DOS coming from a handful of hosts should be pretty each to squelch.
 
Why can't your ISP block the traffic from the compromised server only? How many could there be? At most a handful could have be compromised, probably all from the same company with the same subnet with the same servers with the same vulnerabilities.
 
Could user computers be attacked when attempting to go to the THR site?

(I'm not a techie, so if this sounds like a dumb question please be patient)
Click to expand...
Nope.

Derek, if the attack is coming from one machine, can't you just ask your ISP to block inbound packets from that IP address? It's tough to stop a DDOS, but a DOS coming from a handful of hosts should be pretty each to squelch.
Click to expand...
If it's a handful, you're right.

Sorry I don't have more details. Once we confirmed the problem my ISP took care of the rest. I don't have the kind of diagnostic tools on the server to be able to determine which hosts (or how many) are involved.

Well, I didn't, anyway. Should be able to get solid info pretty quickly in the future, though.
 
Bad things happen when APS is down. For example, fistful gets really bored, and finally registers on TFL. And there goes the neighborhood.

By the way, can you all clue a brother about the identity of "mad lemur"? Unless it's the guy I'm thinking of.
 
OH NO!!! Who let fistful in here? We're doomed! ;)

Thanks for the update Derek, I was wondering what was up when I could not get in during my lunch break. Creatures who launch DOS/DDOS attacks deserve to be pecked to death by cats. :mad:
 
Thanks, Oleg.

Sindawe, thanks for making me feel at home. Should I go ahead and change my screen name to Scapegoat already? :)
 
I never post here, mostly troll...

But all day I could not get on THR and I remembered TFL mentioned a lot over there so I headed over to see if there was any info.

Thanks for the report guys, gotta love the internet.

I will be posting here more often now.

-Helpless
 
I don't feel so bad about being on here , I was registered here years before i registered at THR and now i have way more post over there .
 
Status
Not open for further replies.
Back
Top