Recent

Author Topic: ***Attention Website mods ***  (Read 1084 times)

Ten_Mile_Hike

  • Jr. Member
  • **
  • Posts: 74
***Attention Website mods ***
« on: October 01, 2024, 09:43:57 pm »
I am unable to open several groups and messages on the forum today despite
using different browsers and disabling all adblockers and my VPN.

I was able to post here after previous unsuccessful attempts
When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you
must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives.

Robert A. Heinlein

vfclists

  • Hero Member
  • *****
  • Posts: 1085
    • HowTos Considered Harmful?
Re: ***Attention Website mods ***
« Reply #1 on: October 01, 2024, 10:27:43 pm »
I am unable to open several groups and messages on the forum today despite
using different browsers and disabling all adblockers and my VPN.

I was able to post here after previous unsuccessful attempts

https://forum.lazarus.freepascal.org/index.php/topic,68723.msg531712/topicseen.html
Lazarus 3.0/FPC 3.2.2

Joanna

  • Hero Member
  • *****
  • Posts: 1070
Re: ***Attention Website mods ***
« Reply #2 on: October 02, 2024, 02:24:30 am »
That is interesting, I didn’t know certain parts of forum could block ip addresses rather than whole forum. Do the bots attacking forums prefer some parts of it over others?
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2611
Re: ***Attention Website mods ***
« Reply #3 on: October 02, 2024, 08:51:48 am »
It didn't block different parts. It was pure luck you came through. I was ratelimiting IPv4 connections on the firewall, so at least other parts of the rever continued to work (IPv6 connections still worked)

Marc
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker

carl_caulkett

  • Sr. Member
  • ****
  • Posts: 414
Re: ***Attention Website mods ***
« Reply #4 on: October 02, 2024, 09:13:07 am »
It didn't block different parts. It was pure luck you came through. I was ratelimiting IPv4 connections on the firewall, so at least other parts of the rever continued to work (IPv6 connections still worked)

Can we assume that the DDOS has stopped occurring? I seem to be able to access all parts of the forum today, which is a relief!

I would humbly suggest that a more user friendly way of dealing with this sort of thing, for instance a small holding page outlining the problem, rather than just blocking certain IP addresses. It may not have been random from where you were standing, but it sure felt random from this end, and not a little stress-inducing 😮

UPDATE: And if, as Thaddy suggests on another thread, your day job prevents you from addressing problems straightaway, then maybe, for your sake as well as the rest of us, you need to have a colleague with similar powers but based in a complementary time-zone 🤔
« Last Edit: October 02, 2024, 09:19:11 am by carl_caulkett »
"It builds... ship it!"

Joanna

  • Hero Member
  • *****
  • Posts: 1070
Re: ***Attention Website mods ***
« Reply #5 on: October 02, 2024, 10:44:13 am »
It sounds like an emergency measure. Marc told me in chat that he had to block many different ip ranges which was probably very tedious and exhausting.

I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

Even if all legit forum users were whitelisted, ip addresses aren’t permanent.

I don’t know how feasible it would be to stop all accounts who aren’t logged in from entering the forum? It might just become impossible for anyone to log in..
« Last Edit: October 02, 2024, 10:52:06 am by Joanna »
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

MarkMLl

  • Hero Member
  • *****
  • Posts: 7633
Re: ***Attention Website mods ***
« Reply #6 on: October 02, 2024, 12:30:35 pm »
It sounds like an emergency measure. Marc told me in chat that he had to block many different ip ranges which was probably very tedious and exhausting.

That's the whole point of a DDoS: a single instigator convinces a very large number of computers spread around the Internet to do the dirty work.

That doesn't always imply that the attackers have been "hacked", although there are many examples where e.g. domestic routers or IP-connected cameras have been compromised and then lent- or hired- out to do the dirty work. In some cases however it's due to an ill-conceived feature in a comms protocol, e.g. https://en.wikipedia.org/wiki/Smurf_attack

Quote
I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

Joanna, KNOCK IT OFF. We've had enough of that.

Quote
Even if all legit forum users were whitelisted, ip addresses aren’t permanent.

Depends on whether the apparent attacker is using NAT. People in businesses or smaller ISPs will generally be associated with a small range of IP addresses, while those using a browser on a mobile 'phone are likely to see their apparent address change (my experience exploring this is that bigger 'phone companies have multiple layers of NAT). Works both ways: people are commenting that they were able to connect from a 'phone but not from their desktop.

Quote
I don’t know how feasible it would be to stop all accounts who aren’t logged in from entering the forum?

That's not such a bad idea, but my suspicion is that there are two cases here. The first case is preventing the login screen (and for that matter any more of the HTTP server software that hosts the forum) from responding to a login attempt. However that wouldn't protect against the second case which would need a lower-level blacklist to prevent /all/ traffic getting through the lower levels of the network stack (which might need an unprivileged webserver process to run privileged firewall commands, which is an obvious can of worms).

I have a vivid memory of setting up a relatively high-bandwidth server with SSH exposed on its standard port (22). Even without that being advertised on e.g. a webpage, within minutes there was a fullblooded attack going on of machines trying to brute-force the password, and even killing the SSH server left them taking kernel resources as a flood of "port unavailable" ICMP messages was routed outwards.

It got interesting though when I started running analysis software on a fraction of the attackers ** . However I remember a more innocent age 30 years or so ago when such things were considered grossly unprofessional...

MarkMLl

** https://lcamtuf.coredump.cx/p0f3/ https://lcamtuf.coredump.cx/oldtcp/tcpseq.html https://lcamtuf.coredump.cx/newtcp/ noting that unlike e.g. Nmap those are passive.
« Last Edit: October 02, 2024, 02:30:35 pm by MarkMLl »
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

dbannon

  • Hero Member
  • *****
  • Posts: 3069
    • tomboy-ng, a rewrite of the classic Tomboy
Re: ***Attention Website mods ***
« Reply #7 on: October 02, 2024, 02:43:47 pm »
I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

My guess is that the people who initiated the attack knows nothing about Pascal. They are developing a cool tool to hurt people and ours was a suitable site to test it on. Thats all.

Or, just, something went wrong ?

Never attribute to malice something than can safely be blamed on incompetence.

Davo
Lazarus 3, Linux (and reluctantly Win10/11, OSX Monterey)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Joanna

  • Hero Member
  • *****
  • Posts: 1070
Re: ***Attention Website mods ***
« Reply #8 on: October 02, 2024, 03:18:09 pm »
It seems like this site has a recurring problem of getting ddosed by bots as well as other strange things.
I talked to some people in chat and they said that ai bots like to scrape archives of information. So the only way to stop the bots would to require login to access website which would be a very sad state of affairs.

It’s a “tragedy of the commons” https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Greedy Bots will use up all the resources so that nobody else can have access. So how to exclude bots and still allow non bots?  The owners of this site probably want it being referenced in search results for search engines so are unlikely to exclude the bots. I don’t know if there is a way to only ban misbehaving bots and allow the slow bots...

If it comes down to pascal users or bots, the correct choice is obvious.
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

JanRoza

  • Hero Member
  • *****
  • Posts: 693
    • http://www.silentwings.nl
Re: ***Attention Website mods ***
« Reply #9 on: October 02, 2024, 05:16:21 pm »
Johanna, several people in this forum have asked you several times to stop posting about bots and trolls but apparently you seem blind and deaf for those requests.
Now you start again, now please stop this, enough is enough.
There are moderators and administrators in this forum who are more than capable enough to tackle intruders if they appear so please behave as any normal forum user, ask questions about Pascal or Lazarus when you have them but stop this hobby horse about trolls and bots and leave it to the specialists.  >:D >:D >:D
OS: Windows 11 / Linux Mint 22
       Lazarus 3.6 FPC 3.2.2
       CodeTyphon 8.50 FPC 3.3.1

Joanna

  • Hero Member
  • *****
  • Posts: 1070
Re: ***Attention Website mods ***
« Reply #10 on: October 03, 2024, 12:34:46 am »
Johanna, several people in this forum have asked you several times to stop posting about bots and trolls but apparently you seem blind and deaf for those requests.
Now you start again, now please stop this, enough is enough.
There are moderators and administrators in this forum who are more than capable enough to tackle intruders if they appear so please behave as any normal forum user, ask questions about Pascal or Lazarus when you have them but stop this hobby horse about trolls and bots and leave it to the specialists.  >:D >:D >:D
I think that you have mistaken the fact that forum moderators have full time jobs and are not able to read every single post and get to know every forum member  with the idea that they condone and control everything that happens in the forums. I seriously doubt that they approve of flame wars,trolling,harassment or stalking yet it happens.

I participate in plenty of pascal related discussions, my posting history will prove it. I don’t recall you ever participating  in any pascal discussion with me...

To be honest I find it kind of creepy the way you stalk me on threads so that you can berate me for bringing up what to me are obvious problems that are interfering with the ability of pascal programmers to use the forum.  :o


✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

JanRoza

  • Hero Member
  • *****
  • Posts: 693
    • http://www.silentwings.nl
Re: ***Attention Website mods ***
« Reply #11 on: October 03, 2024, 01:02:59 am »
Johanna, you apparently still do not get it.
It is you who causes many forum items to end in off-topic discussions about trolling.
If you just talk about Lazarus or Pascal matters, no problem but please stop behaving as the guard of this forum.
And that's the last I say about it in this discussion otherwise even this item will become chaos and off-topic.
OS: Windows 11 / Linux Mint 22
       Lazarus 3.6 FPC 3.2.2
       CodeTyphon 8.50 FPC 3.3.1

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 10296
  • Debugger - SynEdit - and more
    • wiki
Re: ***Attention Website mods ***
« Reply #12 on: October 03, 2024, 01:13:52 am »
yet it happens.

And your countless tirades about it have changed that how? Other than many people apparently feeling (opinions) it changed it to the worse?

Joanna

  • Hero Member
  • *****
  • Posts: 1070
Re: ***Attention Website mods ***
« Reply #13 on: October 03, 2024, 01:30:29 am »
yet it happens.

And your countless tirades about it have changed that how? Other than many people apparently feeling (opinions) it changed it to the worse?
Well you can’t please everyone  :(

I remember when forums used to have a better ignore feature that would actually make the posts of people that you don’t want to read completely disappear. I wish that this feature existed here both for my sake and those who cannot understand what I’m saying.

I do have deep regrets that my relationships with certain other pascal programmers has been Ruined by meddling troublemakers who don’t even program in pascal...

« Last Edit: October 03, 2024, 04:19:10 am by Joanna »
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

MarkMLl

  • Hero Member
  • *****
  • Posts: 7633
Re: ***Attention Website mods ***
« Reply #14 on: October 03, 2024, 08:52:38 am »
And your countless tirades about it have changed that how? Other than many people apparently feeling (opinions) it changed it to the worse?

Joanna (says she) is working on components, which is something I haven't done hence from my POV deserves respect.

But apart from that her sole purpose here appears to be to convince everybody that the World is full of "Pascal Haters" and that "True Believers" would be better off in her own little fiefdom (details conveniently provided in sig) where such people are filtered out.

I know that I can be short-tempered with people that refuse to listen to well-founded advice, and have incurred moderatorial wrath on at least one occasion. So in that context, I'm sure that I've snapped at Joanna on at least one occasion since she started being vocal in this forum with inadequate justification.

The first time I heard of Joanna was when somebody turned up in this forum (or it might have been a mailing list) uncomfortable with the way that they'd been treated on her IRC channel. I see no reason why this community should have to take responsibility for her attitude, which gives the impression that Pascal users are /not/ nice people... and $DEITY knows that by now the language has enough other factors stacked against it, starting off with Kernighan's 1981 critique which non-users probably believe is still valid.

Hence I regret that I have to say that in my opinion Joanna is doing the community considerable harm.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

 

TinyPortal © 2005-2018