IPS Company Forums 403 Forbidden Error

[truyentranh]

oh, this will be a new feature in 2.2 ??

[truyentranh]

this site had SQL error few hours ago too, right ?

NOTE: my 2 posts are just 1 second from each other, how come they are not merged ??

[TestingSomething]

They dont have it set to merge here.

[Stewart]

oh, this will be a new feature in 2.2 ??

No, it's an Apache module :)

[robirming]

Sorry to say, but I still do get this error very often even though I'm not clicking around like made.

[Matt]

As far as I know, we're still under DoS attack and because of this, we're not going to remove the '403' 'feature'. Its annoying, but not half as annoying as having the whole server (forums / website, etc) offline for a week. :)

[kafloo]

you should use dos-deflate instead

http://deflate.medialayer.com/

it's more effective than what you're using

[Petrescu]

You don't have permission to access /index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I've been getting this upon every visit for the past week or so, I refresh but it's says until after around 30 seconds when the site loads up again.

[TestingSomething]

you should use dos-deflate instead

http://deflate.medialayer.com/

it's more effective than what you're using

Does that have to be done to the actual server rather than someone using shared hosting being able to somehow apply it to their site?

[Brandon C]

You don't have permission to access /index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I've been getting this upon every visit for the past week or so, I refresh but it's says until after around 30 seconds when the site loads up again.

Same here, and there has to be a better way they can implement security to protect against a DoS attack than this as this is rediculous.

[.Ryan]

Personally, the errors are a pain, but I would rather get them then people attacking the site like crazy. Some people just need to get a life.

What about these page cannont be displayed and random errors like IPS Driver Error, that we received last night?

[Lindy]

Personally, the errors are a pain, but I would rather get them then people attacking the site like crazy. Some people just need to get a life.

What about these page cannont be displayed and random errors like IPS Driver Error, that we received last night?

We had loosened the threshold a bit and in turn the ongoing attack(s) were able to have an impact... so they were subsequently tightened again. It is frustrating, but you'll just have to bear with us until we get another solution in place.

[RawkBob]

Yeah, they broke ipsbirc again too *hint* please fix, thanky! :D

[ellawella]

Same here, and there has to be a better way they can implement security to protect against a DoS attack than this as this is rediculous.

No doubt that if there was a better way, they'd be using that instead. mod_evasive is the best affordable solution, anyway.

Why would anyone want to DoS the IPS forums? Don't understand it. Unless the reverse DNS for the offending IP addresses points back to vbulletin.com :ph34r:

[Keven Fox]

Odd, I'm finally getting this. It was about 10 minutes ago.

I closed the site, and went back to it and all was fine. :unsure:

[ellawella]

Moreover, I've tried on numerous occasions opening tons of links in quick succession and I don't get the 403 error, yet people are claiming they get it even when their behaviour isn't at all consistent with a DoS attack. Maybe this means the system isn't working properly? :unsure:

[Brandon C]

Moreover, I've tried on numerous occasions opening tons of links in quick succession and I don't get the 403 error, yet people are claiming they get it even when their behaviour isn't at all consistent with a DoS attack. Maybe this means the system isn't working properly? :unsure:

Try visiting threads and various pages on these forums at a very rapid succession, then see if you get it.

[ellawella]

Try visiting threads and various pages on these forums at a very rapid succession, then see if you get it.

Yes, I've done that. Nothing at all.

I can circumvent mod_evasive! (w00t)

EDIT: Although not deliberately, might I add.

[GerryMc]

I get the error but it tells me too many connected to the database, it happens at night for me, for this board and IPSBeyond bet they are both on the same server.

[ZuCruTrooper2]

Yeah, they are on the same server... which sucks since both go down if one does...

Recently I've been consistently having problems connecting to the server... I'm not sure if MySQL is on this same server ( hope not, you'd be an idiot to have it on the same) but it seems like Apache is always down (not a 403, i'm talking non-responsive)

[Keven Fox]

I guess I understand why they did this but maybe it comes up too soon. I am here often, I refresh the page alot to see new posts/topics.

I've only had this problem like 3 times so far but still it's a concern.

[Lindy]

I guess I understand why they did this but maybe it comes up too soon. I am here often, I refresh the page alot to see new posts/topics.

I've only had this problem like 3 times so far but still it's a concern.

Would the forums being completely down be less concerning to you? :)

As said, we're working on it and these forums will be moved to our new datacenter with IPS-owned equipment in due course. Until then, I really have no solution for you, I'm very sorry... if you're the refresh-refresh-refresh type, you will get locked out as the system has no idea whether you're attacking the server or you're just anxious for activity. :)

[Keven Fox]

Would the forums being completely down be less concerning to you? :)

As said, we're working on it and these forums will be moved to our new datacenter with IPS-owned equipment in due course. Until then, I really have no solution for you, I'm very sorry... if you're the refresh-refresh-refresh type, you will get locked out as the system has no idea whether you're attacking the server or you're just anxious for activity. :)

Wow that was harsh.

I just made a statement. I already said I understand why you guys are doing it. It's actually a good idea I thought, but could maybe be adjusted a bit as I implied.

[Lindy]

Sorry - wasn't intending to seem harsh, this is just becoming a frustrating issue as I'm sure you can understand. :)

We did make some adjustments on our end - please understand there's a LOT of traffic hitting this particular server and between hardware and software, it's a challenge keeping it online until we can migrate to our new facility which we've better equipped to deal with this. The adjustments we made to make things more lax crippled the machine last night as others have noted in this topic, so we had no choice but to tighten things up until the attacks subside. I do understand fully that it is a bit of an inconvenience and I apologize the same... unfortunately, it's our only option at this point. We'd much prefer that a few people a bit heavy with the refresh key or tabs get a 403 error than the forums be completely offline.

Hopefully we'll be back on course soon enough and everyone will be happy. :)

[Keven Fox]

Actually if you can work it out I'd love to see such a feature within IPB, perhaps toggle off/on too. Maybe set the time it takes to come up?