Wolfie Posted December 9, 2012 Posted December 9, 2012 On 12/9/2012 at 8:33 PM, Sarah Joy Sokoloff said: Gosh, you have to be kidding me about 3.4.1I just started updating people's designs to 3.4.0If you mean the connection issues, it's not the fault of the software, it's a DDoS attack. If you mean something else.. Like how soon it's coming out, that's expected. The point releases (.1, .2, etc) are usually bug fixes, not tons of new content. So any skin edits/updates should be minimal. On 12/9/2012 at 8:33 PM, Sarah Joy Sokoloff said: It's the first time I am able to reach the community since yesterday.I hope i'll be able to connect always now.If you have problems, submit a ticket to account/billing.
1977Burton Posted December 10, 2012 Posted December 10, 2012 You need to get off of Apache :tongue: I admin [url=http://forums.androidcentral.com/introductions/12781-meet-moderators-android-central.html]forums.androidcentral.com and our stats are: currently 24546 users online, 8648 members and 15898 guests. We've had our fair share of haters and attacks in my time there, but nothing that lasted this long.
bfarber Posted December 11, 2012 Posted December 11, 2012 DDOS has nothing to do with Apache. The server can only handle so many network connections, regardless of what software you utilize.
Dmacleo Posted December 11, 2012 Posted December 11, 2012 you guys have any stats you could share? I'm not meaning ip's or anything personal like that but the ddos levels, equipment used to mitigate, stuff like that. just curious from a "techie" point of view.
1977Burton Posted December 11, 2012 Posted December 11, 2012 bfarber said: DDOS has nothing to do with Apache. The server can only handle so many network connections, regardless of what software you utilize. I respectfully hope you meant to add the word "our" at the beginning of your response. If not, it explains your inability to keep this situation under control, and will also be a determining factor in my evaluation of forum software for future projects I'm working on.More Information
Michael Posted December 11, 2012 Posted December 11, 2012 Linking to a Google Search is not 'more information'. Any web site can get attacked by a DDOS regardless of the web server software they are running. Different web server softwares just have different ways of dealing with them. If you think that Apache = DDOS magnet, then you're incorrect. To say that this would color your perception of the forum software seems kind of silly too, since IPS is only producing the forum software, not Apache. Surely anyone who is seriously evaluating the software would be evaluating it on the web server software they choose, which is clearly not Apache in your case. So why would you care what IPS thinks about how to protect against a DDOS attack on Apache?
Wolfie Posted December 11, 2012 Posted December 11, 2012 On 12/11/2012 at 5:50 PM, cstreater said: I respectfully hope you meant to add the word "our" at the beginning of your response.If not, it explains your inability to keep this situation under control,You do realize that a DDoS attack is hardware based and not software right? It's not like using an exploit in a piece of software to cause a problem, it's overwhelming a piece of equipment with more than it was meant to reasonably handle.To put your perspective into other terms, it's like saying someone died from a 1,000 ft drop to the ground because they were wearing Fruit Of The Loom underwear instead of Hanes underwear.
1977Burton Posted December 11, 2012 Posted December 11, 2012 On 12/11/2012 at 6:46 PM, Wolfie said: You do realize that a DDoS attack is hardware based and not software right? It's not like using an exploit in a piece of software to cause a problem, it's overwhelming a piece of equipment with more than it was meant to reasonably handle. To put your perspective into other terms, it's like saying someone died from a 1,000 ft drop to the ground because they were wearing Fruit Of The Loom underwear instead of Hanes underwear. On 12/11/2012 at 6:23 PM, Michael said: Linking to a Google Search is not 'more information'. Any web site can get attacked by a DDOS regardless of the web server software they are running. Different web server softwares just have different ways of dealing with them. If you think that Apache = DDOS magnet, then you're incorrect. To say that this would color your perception of the forum software seems kind of silly too, since IPS is only producing the forum software, not Apache. Surely anyone who is seriously evaluating the software would be evaluating it on the web server software they choose, which is clearly not Apache in your case. So why would you care what IPS thinks about how to protect against a DDOS attack on Apache? You guys both need to do some more research. I'm not disputing that hardware is not a component of DDoS attack, I'm disputing the blanket statement was made that a DDoS attack cannot have anything to do with Apache. The link to the Google search results was intended to illustrate the pages and pages of articles written in regards to attacks specifically targeted at Apache. Furthermore, it is no secret that Apache falls to its knees a lot faster than servers, such as nginx, in terms of the number of connections it can handle per second. My original post was meant as a light hearted joke about using Apache vs. a more robust web server, which is why I added a smile to the end. In response, an IPS Management staff member challenges my experience in this area by making a terse and inaccurate statement. I've been operating a big board for years now (25k concurrent users as I write this), and I am also a security engineer, so I think I hold credibility in this area. Computer World, March 7th 2012: "The latest version of a distributed denial-of-service (DDoS) bot called Armageddon integrates a relatively new exploit known as Apache Killer, DDoS mitigation vendor Arbor Networks said Tuesday. The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition. The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it. The Kill Apache attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges," said Arbor research analyst Jeff Edwards in a blog post on Tuesday. "This can cause a surprisingly heavy load on the target server. The vulnerability exploited by Apache Killer is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix." In regards to it influencing my choice of forum software, I'm referring to credibility. IP.Board sells software. Software needs to be secure. The developers need to demonstrate that they have the knowledge necessary to develop secure code. Lastly, I also don't appreciate being treated rudely.
Marcher Technologies Posted December 11, 2012 Posted December 11, 2012 On 12/11/2012 at 9:57 PM, cstreater said: In regards to it influencing my choice of forum software, I'm referring to credibility. IP.Board sells software. Software needs to be secure. The developers need to demonstrate that they have the knowledge necessary to develop secure code. :blink: What exactly does developing secure code have to do with a web-server vulnerability? No matter how many checks and security measures are in place within the code, that matters literally not a bit when the web-server is badly configured/compromised. You should do a bit of research yourself, PHP is a level below the server software, and has little to no control of it. In simplest terms, there is no way for me, in the code, to execute a file marked non-executable, or read a file not readable, or write to a file not writable.
Dmacleo Posted December 11, 2012 Posted December 11, 2012 Quote it explains your inability to keep this situation under control, and will also be a determining factor in my evaluation of forum software for future projects I'm working on. Quote Lastly, I also don't appreciate being treated rudely. the irony and hyperbole runs strongly in this one... nobody was rude. unless questioning you is rude then ...whatever. seems to me people were polite, at least they didn't fill a screen with 23k member names (when the list of online members is 3 times the size of your content its RUDE) to play the I gotta bigger dick game
3DKiwi Posted December 11, 2012 Posted December 11, 2012 Vote to lock this thread. IPS are back up and working now so it's past its use by date.
Wolfie Posted December 11, 2012 Posted December 11, 2012 On 12/11/2012 at 9:57 PM, cstreater said: Furthermore, it is no secret that Apache falls to its knees a lot faster than servers, such as nginx,This is where I stopped reading. The fact that you would even condone (let alone borderline praise) Nginx by mentioning it suggests to me that you have much to learn. I don't mean that as an insult, more simply an observation.Also, just to point this out, an ongoing DDoS attack isn't the fault of the targeted server nor the company. Neither has any control over what outside sources attempt to do.That said, I'm out.
1977Burton Posted December 12, 2012 Posted December 12, 2012 On 12/11/2012 at 10:17 PM, Dmacleo said: the irony and hyperbole runs strongly in this one... nobody was rude. unless questioning you is rude then ...whatever. seems to me people were polite, at least they didn't fill a screen with 23k member names (when the list of online members is 3 times the size of your content its RUDE) to play the I gotta bigger dick game If that's what you're using to measure forum activity, I guess I have a huge advantage. On 12/11/2012 at 11:39 PM, Wolfie said: This is where I stopped reading. The fact that you would even condone (let alone borderline praise) Nginx by mentioning it suggests to me that you have much to learn. I don't mean that as an insult, more simply an observation. Also, just to point this out, an ongoing DDoS attack isn't the fault of the targeted server nor the company. Neither has any control over what outside sources attempt to do. That said, I'm out. The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn. No need to worry about me. Your responses have actually been very enlightening and you won't hear from me again.
Marcher Technologies Posted December 12, 2012 Posted December 12, 2012 On 12/10/2012 at 6:45 PM, cstreater said: You need to get off of Apache :tongue: I admin forums.androidcentral.com and our stats are: currently 24546 users online, 8648 members and 15898 guests. We've had our fair share of haters and attacks in my time there, but nothing that lasted this long. Do you maintain your servers personally? I ask this quite seriously, as if you are not a server administrator that actually mitigates such attacks, you are quite full of hot air posting for no more than laughs. I'm not going to bash on one web-server or another, nor do I pretend to have an active community, but very frankly, I have worked on sites of such scale, so your last response has little bearing here.
Wolfie Posted December 12, 2012 Posted December 12, 2012 On 12/12/2012 at 1:48 AM, cstreater said: The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn.Forum activity or lack thereof isn't an indicator of a persons knowledge. Also, taking cheap shots doesn't make you right. If anything, it shows you know you are drowning and looking for a way to stay afloat in a debate. Thank you for indirectly acknowledging that you were wrong.
Dmacleo Posted December 12, 2012 Posted December 12, 2012 Quote The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn. 300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like. oops was that too rude? sorry.
Wolfie Posted December 12, 2012 Posted December 12, 2012 On 12/12/2012 at 2:03 AM, Dmacleo said: 300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like.oops was that too rude?sorry.I don't see how that was rude. Blunt, honest and factual, yes, but not rude.
1977Burton Posted December 12, 2012 Posted December 12, 2012 On 12/11/2012 at 10:03 PM, Marcher Technologies said: :blink: What exactly does developing secure code have to do with a web-server vulnerability? No matter how many checks and security measures are in place within the code, that matters literally not a bit when the web-server is badly configured/compromised. You should do a bit of research yourself, PHP is a level below the server software, and has little to no control of it. In simplest terms, there is no way for me, in the code, to execute a file marked non-executable, or read a file not readable, or write to a file not writable. I'm not sure why my point is so difficult to understand. I originally stated that Apache has been the target of DDoS attacks due to vulnerabilities in their software. For staff members to dispute that makes me question your technical aptitude. On 12/12/2012 at 1:56 AM, Marcher Technologies said: Do you maintain your servers personally? I ask this quite seriously, as if you are not a server admistrator that actually mitigates such attacks, you are quite full of hot air posting for no more than laughs. I'm not going to bash on one web-server or another, nor do I pretend to have an active community, but very frankly, I have worked on sites of such scale, so your last response has little bearing here. Yes, I have 11 servers in a server farm sitting behind load balancers. Quite familiar with server mamagement thank you. Are you a paid staff member at IPS? If so, I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company. On 12/12/2012 at 2:03 AM, Dmacleo said: 300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like. oops was that too rude? sorry. On 12/12/2012 at 2:07 AM, Wolfie said: I don't see how that was rude. Blunt, honest and factual, yes, but not rude. That's a lot of traffic for the 10 bots each of you have crawling your site right now. 1. It is incorrect to state that DDoS attacks are hardware based only. Apache itself maintains a page of vulnerabilities that have directly exposed itself to DDoS attacks. Here is a perfect example: http://httpd.apache.org/security/CVE-2011-3192.txt 2. I'm not going to do any more Googling for you, but if I were, I would show you plenty of benchmarks that illustrate Apache's abysmal performance under high load conditions. If I were to rip out Nginx & replace it with Apache, my entire infrastructure would collapse.
Marcher Technologies Posted December 12, 2012 Posted December 12, 2012 On 12/12/2012 at 6:34 AM, cstreater said: I'm not sure why my point is so difficult to understand. I originally stated that Apache has been the target of DDoS attacks due to vulnerabilities in their software. For staff members to dispute that makes me question your technical aptitude. Yes, I have 11 servers in a server farm sitting behind load balancers. Quite familiar with server mamagement thank you. Are you a paid staff member at IPS? If so, I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company. That's a lot of traffic for the 10 bots each of you have crawling your site right now. 1. It is incorrect to state that DDoS attacks are hardware based only. Apache itself has maintains a page of vulnerabilities that have directly exposed itself to DDoS attacks. Here is a perfect example: http://httpd.apache.org/security/CVE-2011-3192.txt I never once disputed anything you said. I asked for information, factual, I was not rude in any way. I am also not staff. I have nothing to apologize for I would think, I never disputed that Nginx holds up better under load, which would quite naturally lead to better handling of DDOS attacks, using less resources to do x is going to have that affect, additionally, such a widely used web-server as Apache is going to be the natural target for these loathsome individuals. I do not know where you read that I disputed such in my post. Also, comparing a dedicated modder's website, one who writes code day in and day out for large sites such as yourself, to an actual website, is quite one-sided, you cannot judge the site owner by the activity on a demo site. I would highly appreciate it if you left your words out of my mouth.
Cyrem Posted December 12, 2012 Posted December 12, 2012 Quote For staff members to dispute that makes me question your technical aptitude.Perhaps you should do a little more 'observation', these people you are talking to are not staff members. Quote I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company.OH CLASSIC! This guy. Is Hilarous. You really do think a lot of yourself don't you? cstreater said: I'm not going to do any more Googling for youCause one Google Search is... OH TOO MUCH!
Rhett Posted December 12, 2012 Posted December 12, 2012 If you are experiencing any issues with the community here, please file a support ticket and we will address any issues that remain. Thank you
Recommended Posts
Archived
This topic is now archived and is closed to further replies.