Jump to content

community.invisionpower.com is down?

Sonya*

By Sonya*
in Feedback

Recommended Posts

Wolfie Grand Master

Wolfie

Posted
Posted

Gosh, you have to be kidding me about 3.4.1
I just started updating people's designs to 3.4.0

If you mean the connection issues, it's not the fault of the software, it's a DDoS attack. If you mean something else.. Like how soon it's coming out, that's expected. The point releases (.1, .2, etc) are usually bug fixes, not tons of new content. So any skin edits/updates should be minimal.

It's the first time I am able to reach the community since yesterday.
I hope i'll be able to connect always now.

If you have problems, submit a ticket to account/billing.
Link to comment
Share on other sites
1977Burton Explorer

1977Burton

Posted
Posted

DDOS has nothing to do with Apache. The server can only handle so many network connections, regardless of what software you utilize.


I respectfully hope you meant to add the word "our" at the beginning of your response.

If not, it explains your inability to keep this situation under control, and will also be a determining factor in my evaluation of forum software for future projects I'm working on.

More Information

Link to comment
Share on other sites
Michael Grand Master

Michael

Posted
Posted

Linking to a Google Search is not 'more information'. Any web site can get attacked by a DDOS regardless of the web server software they are running. Different web server softwares just have different ways of dealing with them. If you think that Apache = DDOS magnet, then you're incorrect.

To say that this would color your perception of the forum software seems kind of silly too, since IPS is only producing the forum software, not Apache. Surely anyone who is seriously evaluating the software would be evaluating it on the web server software they choose, which is clearly not Apache in your case. So why would you care what IPS thinks about how to protect against a DDOS attack on Apache?

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

I respectfully hope you meant to add the word "our" at the beginning of your response.



If not, it explains your inability to keep this situation under control,


You do realize that a DDoS attack is hardware based and not software right? It's not like using an exploit in a piece of software to cause a problem, it's overwhelming a piece of equipment with more than it was meant to reasonably handle.

To put your perspective into other terms, it's like saying someone died from a 1,000 ft drop to the ground because they were wearing Fruit Of The Loom underwear instead of Hanes underwear.
Link to comment
Share on other sites
1977Burton Explorer

1977Burton

Posted
Posted

You do realize that a DDoS attack is hardware based and not software right? It's not like using an exploit in a piece of software to cause a problem, it's overwhelming a piece of equipment with more than it was meant to reasonably handle.



To put your perspective into other terms, it's like saying someone died from a 1,000 ft drop to the ground because they were wearing Fruit Of The Loom underwear instead of Hanes underwear.

Linking to a Google Search is not 'more information'. Any web site can get attacked by a DDOS regardless of the web server software they are running. Different web server softwares just have different ways of dealing with them. If you think that Apache = DDOS magnet, then you're incorrect.

To say that this would color your perception of the forum software seems kind of silly too, since IPS is only producing the forum software, not Apache. Surely anyone who is seriously evaluating the software would be evaluating it on the web server software they choose, which is clearly not Apache in your case. So why would you care what IPS thinks about how to protect against a DDOS attack on Apache?


You guys both need to do some more research. I'm not disputing that hardware is not a component of DDoS attack, I'm disputing the blanket statement was made that a DDoS attack cannot have anything to do with Apache. The link to the Google search results was intended to illustrate the pages and pages of articles written in regards to attacks specifically targeted at Apache.

Furthermore, it is no secret that Apache falls to its knees a lot faster than servers, such as nginx, in terms of the number of connections it can handle per second. My original post was meant as a light hearted joke about using Apache vs. a more robust web server, which is why I added a smile to the end. In response, an IPS Management staff member challenges my experience in this area by making a terse and inaccurate statement. I've been operating a big board for years now (25k concurrent users as I write this), and I am also a security engineer, so I think I hold credibility in this area.

Computer World, March 7th 2012: "The latest version of a distributed denial-of-service (DDoS) bot called Armageddon integrates a relatively new exploit known as Apache Killer, DDoS mitigation vendor Arbor Networks said Tuesday. The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition. The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it.

The Kill Apache attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges," said Arbor research analyst Jeff Edwards in a blog post on Tuesday. "This can cause a surprisingly heavy load on the target server.

The vulnerability exploited by Apache Killer is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix."

In regards to it influencing my choice of forum software, I'm referring to credibility. IP.Board sells software. Software needs to be secure. The developers need to demonstrate that they have the knowledge necessary to develop secure code.

Lastly, I also don't appreciate being treated rudely.

Link to comment
Share on other sites
Marcher Technologies Grand Master

Marcher Technologies

Posted
Posted

In regards to it influencing my choice of forum software, I'm referring to credibility. IP.Board sells software. Software needs to be secure. The developers need to demonstrate that they have the knowledge necessary to develop secure code.

:blink: What exactly does developing secure code have to do with a web-server vulnerability?

No matter how many checks and security measures are in place within the code, that matters literally not a bit when the web-server is badly configured/compromised.

You should do a bit of research yourself, PHP is a level below the server software, and has little to no control of it.

In simplest terms, there is no way for me, in the code, to execute a file marked non-executable, or read a file not readable, or write to a file not writable.

Link to comment
Share on other sites
Dmacleo Mentor

Dmacleo

Posted
Posted

it explains your inability to keep this situation under control, and will also be a determining factor in my evaluation of forum software for future projects I'm working on.

Lastly, I also don't appreciate being treated rudely.

the irony and hyperbole runs strongly in this one...

nobody was rude.

unless questioning you is rude then ...whatever.

seems to me people were polite, at least they didn't fill a screen with 23k member names (when the list of online members is 3 times the size of your content its RUDE) to play the I gotta bigger dick game

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

Furthermore, it is no secret that Apache falls to its knees a lot faster than servers, such as nginx,

This is where I stopped reading. The fact that you would even condone (let alone borderline praise) Nginx by mentioning it suggests to me that you have much to learn. I don't mean that as an insult, more simply an observation.

Also, just to point this out, an ongoing DDoS attack isn't the fault of the targeted server nor the company. Neither has any control over what outside sources attempt to do.

That said, I'm out.
Link to comment
Share on other sites
1977Burton Explorer

1977Burton

Posted
Posted

the irony and hyperbole runs strongly in this one...

nobody was rude.

unless questioning you is rude then ...whatever.

seems to me people were polite, at least they didn't fill a screen with 23k member names (when the list of online members is 3 times the size of your content its RUDE) to play the I gotta bigger dick game

If that's what you're using to measure forum activity, I guess I have a huge advantage.

This is where I stopped reading. The fact that you would even condone (let alone borderline praise) Nginx by mentioning it suggests to me that you have much to learn. I don't mean that as an insult, more simply an observation.



Also, just to point this out, an ongoing DDoS attack isn't the fault of the targeted server nor the company. Neither has any control over what outside sources attempt to do.



That said, I'm out.


The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn.

No need to worry about me. Your responses have actually been very enlightening and you won't hear from me again.

Link to comment
Share on other sites
Marcher Technologies Grand Master

Marcher Technologies

Posted
Posted

You need to get off of Apache :tongue:

I admin forums.androidcentral.com and our stats are: currently 24546 users online, 8648 members and 15898 guests.


We've had our fair share of haters and attacks in my time there, but nothing that lasted this long.

Do you maintain your servers personally? I ask this quite seriously, as if you are not a server administrator that actually mitigates such attacks, you are quite full of hot air posting for no more than laughs.

I'm not going to bash on one web-server or another, nor do I pretend to have an active community, but very frankly, I have worked on sites of such scale, so your last response has little bearing here.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn.

Forum activity or lack thereof isn't an indicator of a persons knowledge. Also, taking cheap shots doesn't make you right. If anything, it shows you know you are drowning and looking for a way to stay afloat in a debate. Thank you for indirectly acknowledging that you were wrong.
Link to comment
Share on other sites
Dmacleo Mentor

Dmacleo

Posted
Posted

The fact that neither of you have any users visiting your forums speaks volumes about what you have to learn.

300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like.

oops was that too rude?

sorry.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like.


oops was that too rude?


sorry.

I don't see how that was rude. Blunt, honest and factual, yes, but not rude.
Link to comment
Share on other sites
1977Burton Explorer

1977Burton

Posted
Posted

:blink: What exactly does developing secure code have to do with a web-server vulnerability?


No matter how many checks and security measures are in place within the code, that matters literally not a bit when the web-server is badly configured/compromised.


You should do a bit of research yourself, PHP is a level

below

the server software, and has little to no control of it.


In simplest terms, there is

no

way for me, in the code, to execute a file marked non-executable, or read a file not readable, or write to a file not writable.


I'm not sure why my point is so difficult to understand. I originally stated that Apache has been the target of DDoS attacks due to vulnerabilities in their software. For staff members to dispute that makes me question your technical aptitude.

Do you maintain your

servers

personally? I ask this quite seriously, as if you are

not

a

server

admistrator that actually mitigates such attacks, you are quite full of hot air posting for no more than laughs.


I'm not going to bash on one web-server or another, nor do I pretend to have an active community, but very frankly, I have

worked

on sites of such scale, so your last response has little bearing here.


Yes, I have 11 servers in a server farm sitting behind load balancers. Quite familiar with server mamagement thank you. Are you a paid staff member at IPS? If so, I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company.

300gb or so a month bandwidth each for the droid devs I host, 600 hundred gb or so of my own sites, 1.5 - 2 tb a month off the one server. I'm not too worried about what visitors to one site look like.


oops was that too rude?


sorry.

I don't see how that was rude. Blunt, honest and factual, yes, but not rude.


That's a lot of traffic for the 10 bots each of you have crawling your site right now.

1. It is incorrect to state that DDoS attacks are hardware based only. Apache itself maintains a page of vulnerabilities that have directly exposed itself to DDoS attacks. Here is a perfect example: http://httpd.apache.org/security/CVE-2011-3192.txt

2. I'm not going to do any more Googling for you, but if I were, I would show you plenty of benchmarks that illustrate Apache's abysmal performance under high load conditions. If I were to rip out Nginx & replace it with Apache, my entire infrastructure would collapse.

Link to comment
Share on other sites
Marcher Technologies Grand Master

Marcher Technologies

Posted
Posted

I'm not sure why my point is so difficult to understand. I originally stated that Apache has been the target of DDoS attacks due to vulnerabilities in their software. For staff members to dispute that makes me question your technical aptitude.





Yes, I have 11 servers in a server farm sitting behind load balancers. Quite familiar with server mamagement thank you. Are you a paid staff member at IPS? If so, I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company.





That's a lot of traffic for the 10 bots each of you have crawling your site right now.



1. It is incorrect to state that DDoS attacks are hardware based only. Apache itself has maintains a page of vulnerabilities that have directly exposed itself to DDoS attacks. Here is a perfect example:

http://httpd.apache.org/security/CVE-2011-3192.txt

I never once disputed anything you said. I asked for information, factual, I was not rude in any way. I am also not staff. I have nothing to apologize for I would think, I never disputed that Nginx holds up better under load, which would quite naturally lead to better handling of DDOS attacks, using less resources to do x is going to have that affect, additionally, such a widely used web-server as Apache is going to be the natural target for these loathsome individuals. I do not know where you read that I disputed such in my post.

Also, comparing a dedicated modder's website, one who writes code day in and day out for large sites such as yourself, to an actual website, is quite one-sided, you cannot judge the site owner by the activity on a demo site.

I would highly appreciate it if you left your words out of my mouth.

Link to comment
Share on other sites
Cyrem Collaborator

Cyrem

Posted
Posted

For staff members to dispute that makes me question your technical aptitude.


Perhaps you should do a little more 'observation', these people you are talking to are not staff members.

I would appreciate an apology. If you can't offer that, I'd appreciate a refund. You and your fan club have left a bad taste in the mouth of what could have been a pretty large opportunity for your company.

OH CLASSIC! This guy. Is Hilarous. You really do think a lot of yourself don't you?

I'm not going to do any more Googling for you

Cause one Google Search is... OH TOO MUCH!
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...