Recent

Author Topic: ***Attention Website mods ***  (Read 1632 times)

Ten_Mile_Hike

  • Jr. Member
  • **
  • Posts: 87
***Attention Website mods ***
« on: October 01, 2024, 09:43:57 pm »
I am unable to open several groups and messages on the forum today despite
using different browsers and disabling all adblockers and my VPN.

I was able to post here after previous unsuccessful attempts
When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you
must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives.

Robert A. Heinlein

vfclists

  • Hero Member
  • *****
  • Posts: 1146
    • HowTos Considered Harmful?
Re: ***Attention Website mods ***
« Reply #1 on: October 01, 2024, 10:27:43 pm »
I am unable to open several groups and messages on the forum today despite
using different browsers and disabling all adblockers and my VPN.

I was able to post here after previous unsuccessful attempts

https://forum.lazarus.freepascal.org/index.php/topic,68723.msg531712/topicseen.html
Lazarus 3.0/FPC 3.2.2

Joanna from IRC

  • Hero Member
  • *****
  • Posts: 1207
Re: ***Attention Website mods ***
« Reply #2 on: October 02, 2024, 02:24:30 am »
That is interesting, I didn’t know certain parts of forum could block ip addresses rather than whole forum. Do the bots attacking forums prefer some parts of it over others?
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2615
Re: ***Attention Website mods ***
« Reply #3 on: October 02, 2024, 08:51:48 am »
It didn't block different parts. It was pure luck you came through. I was ratelimiting IPv4 connections on the firewall, so at least other parts of the rever continued to work (IPv6 connections still worked)

Marc
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker

carl_caulkett

  • Hero Member
  • *****
  • Posts: 649
Re: ***Attention Website mods ***
« Reply #4 on: October 02, 2024, 09:13:07 am »
It didn't block different parts. It was pure luck you came through. I was ratelimiting IPv4 connections on the firewall, so at least other parts of the rever continued to work (IPv6 connections still worked)

Can we assume that the DDOS has stopped occurring? I seem to be able to access all parts of the forum today, which is a relief!

I would humbly suggest that a more user friendly way of dealing with this sort of thing, for instance a small holding page outlining the problem, rather than just blocking certain IP addresses. It may not have been random from where you were standing, but it sure felt random from this end, and not a little stress-inducing 😮

UPDATE: And if, as Thaddy suggests on another thread, your day job prevents you from addressing problems straightaway, then maybe, for your sake as well as the rest of us, you need to have a colleague with similar powers but based in a complementary time-zone 🤔
« Last Edit: October 02, 2024, 09:19:11 am by carl_caulkett »
"It builds... ship it!"

Joanna from IRC

  • Hero Member
  • *****
  • Posts: 1207
Re: ***Attention Website mods ***
« Reply #5 on: October 02, 2024, 10:44:13 am »
It sounds like an emergency measure. Marc told me in chat that he had to block many different ip ranges which was probably very tedious and exhausting.

I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

Even if all legit forum users were whitelisted, ip addresses aren’t permanent.

I don’t know how feasible it would be to stop all accounts who aren’t logged in from entering the forum? It might just become impossible for anyone to log in..
« Last Edit: October 02, 2024, 10:52:06 am by Joanna »
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

MarkMLl

  • Hero Member
  • *****
  • Posts: 8013
Re: ***Attention Website mods ***
« Reply #6 on: October 02, 2024, 12:30:35 pm »
It sounds like an emergency measure. Marc told me in chat that he had to block many different ip ranges which was probably very tedious and exhausting.

That's the whole point of a DDoS: a single instigator convinces a very large number of computers spread around the Internet to do the dirty work.

That doesn't always imply that the attackers have been "hacked", although there are many examples where e.g. domestic routers or IP-connected cameras have been compromised and then lent- or hired- out to do the dirty work. In some cases however it's due to an ill-conceived feature in a comms protocol, e.g. https://en.wikipedia.org/wiki/Smurf_attack

Quote
I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

Joanna, KNOCK IT OFF. We've had enough of that.

Quote
Even if all legit forum users were whitelisted, ip addresses aren’t permanent.

Depends on whether the apparent attacker is using NAT. People in businesses or smaller ISPs will generally be associated with a small range of IP addresses, while those using a browser on a mobile 'phone are likely to see their apparent address change (my experience exploring this is that bigger 'phone companies have multiple layers of NAT). Works both ways: people are commenting that they were able to connect from a 'phone but not from their desktop.

Quote
I don’t know how feasible it would be to stop all accounts who aren’t logged in from entering the forum?

That's not such a bad idea, but my suspicion is that there are two cases here. The first case is preventing the login screen (and for that matter any more of the HTTP server software that hosts the forum) from responding to a login attempt. However that wouldn't protect against the second case which would need a lower-level blacklist to prevent /all/ traffic getting through the lower levels of the network stack (which might need an unprivileged webserver process to run privileged firewall commands, which is an obvious can of worms).

I have a vivid memory of setting up a relatively high-bandwidth server with SSH exposed on its standard port (22). Even without that being advertised on e.g. a webpage, within minutes there was a fullblooded attack going on of machines trying to brute-force the password, and even killing the SSH server left them taking kernel resources as a flood of "port unavailable" ICMP messages was routed outwards.

It got interesting though when I started running analysis software on a fraction of the attackers ** . However I remember a more innocent age 30 years or so ago when such things were considered grossly unprofessional...

MarkMLl

** https://lcamtuf.coredump.cx/p0f3/ https://lcamtuf.coredump.cx/oldtcp/tcpseq.html https://lcamtuf.coredump.cx/newtcp/ noting that unlike e.g. Nmap those are passive.
« Last Edit: October 02, 2024, 02:30:35 pm by MarkMLl »
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

dbannon

  • Hero Member
  • *****
  • Posts: 3156
    • tomboy-ng, a rewrite of the classic Tomboy
Re: ***Attention Website mods ***
« Reply #7 on: October 02, 2024, 02:43:47 pm »
I wonder who is behind these attacks synchronized with the release of latest Lazarus ide. I expect that there will be more attacks in the future.

My guess is that the people who initiated the attack knows nothing about Pascal. They are developing a cool tool to hurt people and ours was a suitable site to test it on. Thats all.

Or, just, something went wrong ?

Never attribute to malice something than can safely be blamed on incompetence.

Davo
Lazarus 3, Linux (and reluctantly Win10/11, OSX Monterey)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Joanna from IRC

  • Hero Member
  • *****
  • Posts: 1207
Re: ***Attention Website mods ***
« Reply #8 on: October 02, 2024, 03:18:09 pm »
It seems like this site has a recurring problem of getting ddosed by bots as well as other strange things.
I talked to some people in chat and they said that ai bots like to scrape archives of information. So the only way to stop the bots would to require login to access website which would be a very sad state of affairs.

It’s a “tragedy of the commons” https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Greedy Bots will use up all the resources so that nobody else can have access. So how to exclude bots and still allow non bots?  The owners of this site probably want it being referenced in search results for search engines so are unlikely to exclude the bots. I don’t know if there is a way to only ban misbehaving bots and allow the slow bots...

If it comes down to pascal users or bots, the correct choice is obvious.
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  #pascal Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

JanRoza

  • Hero Member
  • *****
  • Posts: 700
    • http://www.silentwings.nl
Re: ***Attention Website mods ***
« Reply #9 on: October 02, 2024, 05:16:21 pm »
Johanna, several people in this forum have asked you several times to stop posting about bots and trolls but apparently you seem blind and deaf for those requests.
Now you start again, now please stop this, enough is enough.
There are moderators and administrators in this forum who are more than capable enough to tackle intruders if they appear so please behave as any normal forum user, ask questions about Pascal or Lazarus when you have them but stop this hobby horse about trolls and bots and leave it to the specialists.  >:D >:D >:D
OS: Windows 11 / Linux Mint 22
       Lazarus 4.0 RC FPC 3.2.2
       CodeTyphon 8.50 FPC 3.3.1

JanRoza

  • Hero Member
  • *****
  • Posts: 700
    • http://www.silentwings.nl
Re: ***Attention Website mods ***
« Reply #10 on: October 03, 2024, 01:02:59 am »
Johanna, you apparently still do not get it.
It is you who causes many forum items to end in off-topic discussions about trolling.
If you just talk about Lazarus or Pascal matters, no problem but please stop behaving as the guard of this forum.
And that's the last I say about it in this discussion otherwise even this item will become chaos and off-topic.
OS: Windows 11 / Linux Mint 22
       Lazarus 4.0 RC FPC 3.2.2
       CodeTyphon 8.50 FPC 3.3.1

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 10550
  • Debugger - SynEdit - and more
    • wiki
Re: ***Attention Website mods ***
« Reply #11 on: October 03, 2024, 01:13:52 am »
yet it happens.

And your countless tirades about it have changed that how? Other than many people apparently feeling (opinions) it changed it to the worse?

MarkMLl

  • Hero Member
  • *****
  • Posts: 8013
Re: ***Attention Website mods ***
« Reply #12 on: October 03, 2024, 08:52:38 am »
And your countless tirades about it have changed that how? Other than many people apparently feeling (opinions) it changed it to the worse?

Joanna (says she) is working on components, which is something I haven't done hence from my POV deserves respect.

But apart from that her sole purpose here appears to be to convince everybody that the World is full of "Pascal Haters" and that "True Believers" would be better off in her own little fiefdom (details conveniently provided in sig) where such people are filtered out.

I know that I can be short-tempered with people that refuse to listen to well-founded advice, and have incurred moderatorial wrath on at least one occasion. So in that context, I'm sure that I've snapped at Joanna on at least one occasion since she started being vocal in this forum with inadequate justification.

The first time I heard of Joanna was when somebody turned up in this forum (or it might have been a mailing list) uncomfortable with the way that they'd been treated on her IRC channel. I see no reason why this community should have to take responsibility for her attitude, which gives the impression that Pascal users are /not/ nice people... and $DEITY knows that by now the language has enough other factors stacked against it, starting off with Kernighan's 1981 critique which non-users probably believe is still valid.

Hence I regret that I have to say that in my opinion Joanna is doing the community considerable harm.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Gustavo 'Gus' Carreno

  • Hero Member
  • *****
  • Posts: 1153
  • Professional amateur ;-P
Re: ***Attention Website mods ***
« Reply #13 on: October 03, 2024, 10:58:38 am »
Hey Mark,

Hence I regret that I have to say that in my opinion Joanna is doing the community considerable harm.

I sure wish the forums could have emojis we can add as reactions, because this post alone deserves:
💯 ☝️ 🫂 ❤️

Cheers,
Gus
« Last Edit: October 03, 2024, 11:17:26 am by Gustavo 'Gus' Carreno »
Lazarus 3.99(main) FPC 3.3.1(main) Ubuntu 23.10 64b Dark Theme
Lazarus 3.0.0(stable) FPC 3.2.2(stable) Ubuntu 23.10 64b Dark Theme
http://github.com/gcarreno

Bogen85

  • Hero Member
  • *****
  • Posts: 685
Re: ***Attention Website mods ***
« Reply #14 on: October 03, 2024, 11:10:58 am »
Hey Mark,

Hence I regret that I have to say that in my opinion Joanna is doing the community considerable harm.

I sure wish the forums could have emojis we can add as reactions, because this post alone deserves:
💯 ☝️ 🫂 ❤️

As much as Joanna loves Pascal and feels she is actually helping the Pascal community, I have to agree. And it would be much better of someone who loves a programming language and claims to love it's community, would actually bring benefit to it. She actually has brought benefit to some looking into Free Pascal. But she has caused extreme considerable harm to many others. And she has been called out on that many times by others, and by me.

I will reiterate, Joanna loves Pascal and feels she is actually helping the Pascal community

However Joanna, I will be blunt: Your programming world view is extremely narrow. And your pascal view is actually narrow as well. And what you don't understand, you more than often attack, then attempt to understand.

 

TinyPortal © 2005-2018