-
The forum is being attacked.
It's a layer 7 attack, meaning a web application attack.
The requests look like this:
2a02:c7f:624:3500:a889:f9e4:656f:6ccf - - [19/Jul/2016:05:52:12 +0000] "GET /today/?offset=25 HTTP/1.1" 499 0 "https://www.lfgss.com" "Mozilla/5.0 (Windows NT 6.0; rv:47.0) Gecko/20100101 Firefox/47.0"
They nearly all originated from Sky broadband connections (which that IPv6 belongs to) and they have been reported to abuse@sky.com which is the abuse email for Sky http://bgp.he.net/ip/2a02:c7f:624:3500:a889:f9e4:656f:6ccf http://bgp.he.net/AS5607#_whois
We received between 30-60 HTTP requests per second for /today/?offset=25 from just before midnight BST through to my turning on CloudFlare this morning.
I'll be adding a rate limiter today to auto block such attacks in future, but in the meantime CloudFlare are handling it.
Just got a cloudflare 'checking browser' thing that mentioned DDoS (had it on desktop and mobile), is the forum being attacked?