Why does mersenneforum.org sometimes require registration to read?
 

Temporarily, the forums are closed to unregistered members.

We do not wish to do this, but the forum has been the target of a severe registration/spambot thing that we are thus far unable to counter.

For example, we looked at a random day recently and there were more than 60,000 (!) registration attempts.

We have attached a chart to this post to illustrate the problem. It is a combination of extreme registration attempts, extreme amounts of database queries and extreme "scraping" of every page the forum has.

Note that our "test" shutdown from 19-22 November produced reasonable bandwidth usage.

Unfortunately, this is not a problem that we can solve by throwing money at it. Please be patient until we can figure out what is going on.

Thanks!

:mike:

So one thing that could be done perhaps is throw the server through [URL="https://www.cloudflare.com/"]CloudFlare.[/URL] They have built in scaling DDoS protection, security for virtually all attacks and analytics for all traffic, including crawlers and threats.

Maybe we're just very popular?

I haven't looked too in-depth at these options, but it looks like both CloudFlare and Incapsula both have options to help protect web sites.

On the CloudFlare plans/pricing web page ([URL="https://www.cloudflare.com/plans"]here[/URL]) you can see that they offer "Content scraping protection" on their $20 and higher plans. I don't see specific mention of this on the Incapsula pricing page ([URL="http://www.incapsula.com/pricing-and-plans/compare-all-plans/"]here[/URL]).

I didn't see mention of protection against excessive registration attempts or db queries, but they might have special names for those (maybe bot attacks?).

Also, if you think this might be a problem in the future, they both have tiers to protect websites from a wide array of DDoS attacks. According to a recent (2013/10) report titled: "CloudFlare vs Incapsula: Round 2" (available [URL="http://zeroscience.mk/blog/10/2013/cloudflare-vs-incapsula-round-2-comparative-penetration-testing-analysis-report/"]here[/URL]) you can see that Incapsula performed much better at protecting against the listed attacks.

With all that said, I think it'd be interesting to see what happens when the forum is behind one of:
CloudFlare Free ($0/month)
CloudFlare Pro ($20/month)
Incapsula Free ($0/month)
Incapsula Personal ($19/month)
Incapsula Business ($59/month)

The DDoS protection kicks in at the higher levels, such as:
CloudFlare Business ($200/month)
Incapsula Business+ ($299/month)

These services might help. However, it should be borne in mind that hosting for the forum is $30/month, IIRC. Additional paid services would merit a higher level of contributions to support them. (So says a person who has yet to donate to the cause. :redface:)

[QUOTE=Xyzzy;361458]Temporarily, the forums are closed to unregistered members.

We do not wish to do this, but the forum has bee[/QUOTE]

Mike, I suggest you put the above why-we-are-doing-this note on the registration/login page users now see, so folks are clued in to the "new look" startpage right away.

I wish we were getting 60,000 new GIMPS participants instead.

I have seen it a few times before—a popular web site becomes a victim of large scale attack, for seemingly no reason.

Then the site moves to CloudFlare and the attacks stop.

Wild guess: maybe that is how CloudFlare is shopping for new customers?
An even wilder guess: perhaps NSA wants all popular sites behind CloudFlare, as it makes it easier to snoop.

[QUOTE=TObject;361583]Wild guess: maybe that is how CloudFlare is shopping for new customers? An even wilder guess: perhaps NSA wants all popular sites behind CloudFlare, as it makes it easier to snoop.[/QUOTE]

I appreciate, and resonate with, your paranoia. :smile:

For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.

[QUOTE=chalsall;361591]For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.[/QUOTE]

Spike them! SPIKE THEM!

[url]http://www.youtube.com/watch?v=mIq9jFdEfZo[/url]

[QUOTE=chalsall;361591]For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.[/QUOTE]Are you sure that they are not humans that don't realise that they are helping an attack?
I can think of one person who is currently "wearing a purple jersey" that might be upset enough to do this.