You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.
  • Just got a cloudflare 'checking browser' thing that mentioned DDoS (had it on desktop and mobile), is the forum being attacked?

  • The forum is being attacked.

    It's a layer 7 attack, meaning a web application attack.

    The requests look like this:

    2a02:c7f:624:3500:a889:f9e4:656f:6ccf - - [19/Jul/2016:05:52:12 +0000] "GET /today/?offset=25 HTTP/1.1" 499 0 "https://www.lfgss.com" "Mozilla/5.0 (Windows NT 6.0; rv:47.0) Gecko/20100101 Firefox/47.0"
    

    They nearly all originated from Sky broadband connections (which that IPv6 belongs to) and they have been reported to abuse@sky.com which is the abuse email for Sky http://bgp.he.net/ip/2a02:c7f:624:3500:a889:f9e4:656f:6ccf http://bgp.he.net/AS5607#_whois

    We received between 30-60 HTTP requests per second for /today/?offset=25 from just before midnight BST through to my turning on CloudFlare this morning.

    I'll be adding a rate limiter today to auto block such attacks in future, but in the meantime CloudFlare are handling it.

About

Avatar for Velocio @Velocio started