Close
dadaIMC Discussion List
Re: Binghamton-IMC DDoS attack
here in santa barbara we were getting killed with dada comment spam for
a while. turning on captchas helped it immediately almost entirely.
we're also on our way to moving to drupal as a CMS backend. this should
hopefully be completed by the end of October.
-jon
BHUSTON-AT-stny.rr.com wrote:
> I honestly don't know the present state of things.
> I understand we (the sysadmin at our hosting co.)
> tried to upgrade dada, but this always breaks the site
> (has happened 3-4 times now). We don't have shell access,
> so manual fixes are difficult. Apparently the
> db conversion failed.
>
> IMC-Binghamton is presently down while we figure out
> what to do. Our present ideas are:
>
> 1: blow away the database, and install latest dada fresh,
> try to migrate the legacy stories/comments later.
>
> 2: try a different CMS
>
> Also, our hosting provider is giving us flack, b/c
> when our site is DDoS'd, the other sites hosted
> on the shared host are whacked as well.
>
> Are other Dada sites experienceing this level of attack?
> Or is it just IMC-Binghamton?
>
> What are the experiences of other Dada sites who have
> tried the Dada CAPTCHAs? Does it slow down the comment
> spam?
>
> --
> Bill Huston
> 607-724-1755
> bhuston-AT-stny.rr.com
>
> ----- Original Message -----
> From: magduv <magduv-AT-gmail.com>
> Date: Monday, September 25, 2006 12:17 pm
> Subject: Re: Binghamton-IMC DDoS attack
> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
>
>
>> hi,
>>
>> did you tried to enable anti-spam function for comments?
>>
>> *
>>
>>
>> On 9/4/06, BHUSTON-AT-stny.rr.com <BHUSTON-AT-stny.rr.com> wrote:
>>
>>> Spud, et. al.,
>>>
>>> IMC-Binghamton is under a DDoS attack. Other Dada sites beware.
>>>
>>> We have been victimized by comment spam for many months
>>> now, and while annoying, has not as yet disabled the site.
>>>
>>> Sometime yesterday, our site became unusable. I don't know all
>>> the details yet, but apparently they are doing searches on the
>>> database using SQL wildcard characters.
>>>
>>> Unless anyone has any better ideas, the approach I will take for
>>>
>> now is
>>
>>> as follows
>>> to get the site back up:
>>>
>>> 1) disable the search function
>>> 2) examine logs to determine worst offending IP address
>>> 3) manually block IP addresses.
>>>
>>> BTW Spud. #3 is especially difficult, b/c the addresses
>>> in the blocked_ips table is encoded as an MD5 hash.
>>>
>>> I think this is a problematic, because it makes checking
>>> which IPs have been already blocked a problem, especially
>>> since a database exception is thrown and an email is generated
>>> to the admin account if you try to add an IP already in the db
>>> (when using the Admin "block IP" form).
>>>
>>> I'm developing some perl scripts to help with this problem,
>>> which I'll share with other IMCs.
>>>
>>> I'll post more to this list as I learn more about the
>>> problem.
>>>
>>> Spud, if you can assist me during this, I would be
>>> grateful.
>>>
>>> --
>>> Bill Huston
>>> 607-724-1755
>>> bhuston-AT-stny.rr.com
>>> -------------
>>> To unsubscribe, send blank email
>>> to dadaIMC-off-AT-lists.dadaimc.org
>>>
>>>
>>>
>> --
>> GPG PUBLIC KEY:
>> keys.indymedia.org/cgi-bin/lookup
>> -------------
>> To unsubscribe, send blank email
>> to dadaIMC-off-AT-lists.dadaimc.org
>>
>>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
>
>
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
a while. turning on captchas helped it immediately almost entirely.
we're also on our way to moving to drupal as a CMS backend. this should
hopefully be completed by the end of October.
-jon
BHUSTON-AT-stny.rr.com wrote:
> I honestly don't know the present state of things.
> I understand we (the sysadmin at our hosting co.)
> tried to upgrade dada, but this always breaks the site
> (has happened 3-4 times now). We don't have shell access,
> so manual fixes are difficult. Apparently the
> db conversion failed.
>
> IMC-Binghamton is presently down while we figure out
> what to do. Our present ideas are:
>
> 1: blow away the database, and install latest dada fresh,
> try to migrate the legacy stories/comments later.
>
> 2: try a different CMS
>
> Also, our hosting provider is giving us flack, b/c
> when our site is DDoS'd, the other sites hosted
> on the shared host are whacked as well.
>
> Are other Dada sites experienceing this level of attack?
> Or is it just IMC-Binghamton?
>
> What are the experiences of other Dada sites who have
> tried the Dada CAPTCHAs? Does it slow down the comment
> spam?
>
> --
> Bill Huston
> 607-724-1755
> bhuston-AT-stny.rr.com
>
> ----- Original Message -----
> From: magduv <magduv-AT-gmail.com>
> Date: Monday, September 25, 2006 12:17 pm
> Subject: Re: Binghamton-IMC DDoS attack
> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
>
>
>> hi,
>>
>> did you tried to enable anti-spam function for comments?
>>
>> *
>>
>>
>> On 9/4/06, BHUSTON-AT-stny.rr.com <BHUSTON-AT-stny.rr.com> wrote:
>>
>>> Spud, et. al.,
>>>
>>> IMC-Binghamton is under a DDoS attack. Other Dada sites beware.
>>>
>>> We have been victimized by comment spam for many months
>>> now, and while annoying, has not as yet disabled the site.
>>>
>>> Sometime yesterday, our site became unusable. I don't know all
>>> the details yet, but apparently they are doing searches on the
>>> database using SQL wildcard characters.
>>>
>>> Unless anyone has any better ideas, the approach I will take for
>>>
>> now is
>>
>>> as follows
>>> to get the site back up:
>>>
>>> 1) disable the search function
>>> 2) examine logs to determine worst offending IP address
>>> 3) manually block IP addresses.
>>>
>>> BTW Spud. #3 is especially difficult, b/c the addresses
>>> in the blocked_ips table is encoded as an MD5 hash.
>>>
>>> I think this is a problematic, because it makes checking
>>> which IPs have been already blocked a problem, especially
>>> since a database exception is thrown and an email is generated
>>> to the admin account if you try to add an IP already in the db
>>> (when using the Admin "block IP" form).
>>>
>>> I'm developing some perl scripts to help with this problem,
>>> which I'll share with other IMCs.
>>>
>>> I'll post more to this list as I learn more about the
>>> problem.
>>>
>>> Spud, if you can assist me during this, I would be
>>> grateful.
>>>
>>> --
>>> Bill Huston
>>> 607-724-1755
>>> bhuston-AT-stny.rr.com
>>> -------------
>>> To unsubscribe, send blank email
>>> to dadaIMC-off-AT-lists.dadaimc.org
>>>
>>>
>>>
>> --
>> GPG PUBLIC KEY:
>> keys.indymedia.org/cgi-bin/lookup
>> -------------
>> To unsubscribe, send blank email
>> to dadaIMC-off-AT-lists.dadaimc.org
>>
>>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
>
>
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
Previous message in thread
Thread
Binghamton-IMC DDoS attack / BHUSTON@stny.rr.com / 04 Sep 2006
Re: Binghamton-IMC DDoS attack / magduv <magduv-AT-gmail.com> / 31 Dec 1969
Re: Binghamton-IMC DDoS attack / BHUSTON-AT-stny.rr.com / 25 Sep 2006
Re: Binghamton-IMC DDoS attack / John Milton <john-AT-johnmilton.ca> / 25 Sep 2006
• Re: Binghamton-IMC DDoS attack / Jon Sullivan <punkrider-AT-gmail.com> / 25 Sep 2006
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!