Why does mersenneforum.org sometimes require registration to read?

Xyzzy · 2013-12-08, 11:29

Temporarily, the forums are closed to unregistered members.

We do not wish to do this, but the forum has been the target of a severe registration/spambot thing that we are thus far unable to counter.

For example, we looked at a random day recently and there were more than 60,000 (!) registration attempts.

We have attached a chart to this post to illustrate the problem. It is a combination of extreme registration attempts, extreme amounts of database queries and extreme "scraping" of every page the forum has.

Note that our "test" shutdown from 19-22 November produced reasonable bandwidth usage.

Unfortunately, this is not a problem that we can solve by throwing money at it. Please be patient until we can figure out what is going on.

Thanks!

f1pokerspeed · 2013-12-08, 13:10

So one thing that could be done perhaps is throw the server through CloudFlare. They have built in scaling DDoS protection, security for virtually all attacks and analytics for all traffic, including crawlers and threats.

TheMawn · 2013-12-08, 18:00

Maybe we're just very popular?

WraithX · 2013-12-08, 20:44

I haven't looked too in-depth at these options, but it looks like both CloudFlare and Incapsula both have options to help protect web sites.

On the CloudFlare plans/pricing web page (here) you can see that they offer "Content scraping protection" on their $20 and higher plans. I don't see specific mention of this on the Incapsula pricing page (here).

I didn't see mention of protection against excessive registration attempts or db queries, but they might have special names for those (maybe bot attacks?).

Also, if you think this might be a problem in the future, they both have tiers to protect websites from a wide array of DDoS attacks. According to a recent (2013/10) report titled: "CloudFlare vs Incapsula: Round 2" (available here) you can see that Incapsula performed much better at protecting against the listed attacks.

With all that said, I think it'd be interesting to see what happens when the forum is behind one of:
CloudFlare Free ($0/month)
CloudFlare Pro ($20/month)
Incapsula Free ($0/month)
Incapsula Personal ($19/month)
Incapsula Business ($59/month)

The DDoS protection kicks in at the higher levels, such as:
CloudFlare Business ($200/month)
Incapsula Business+ ($299/month)

kladner · 2013-12-08, 20:58

These services might help. However, it should be borne in mind that hosting for the forum is $30/month, IIRC. Additional paid services would merit a higher level of contributions to support them. (So says a person who has yet to donate to the cause.

)

ewmayer · 2013-12-08, 21:33

Quote:

Originally Posted by Xyzzy

Temporarily, the forums are closed to unregistered members.

We do not wish to do this, but the forum has bee

Mike, I suggest you put the above why-we-are-doing-this note on the registration/login page users now see, so folks are clued in to the "new look" startpage right away.

ixfd64 · 2013-12-08, 23:00

I wish we were getting 60,000 new GIMPS participants instead.

TObject · 2013-12-09, 20:30

I have seen it a few times before—a popular web site becomes a victim of large scale attack, for seemingly no reason.

Then the site moves to CloudFlare and the attacks stop.

Wild guess: maybe that is how CloudFlare is shopping for new customers?
An even wilder guess: perhaps NSA wants all popular sites behind CloudFlare, as it makes it easier to snoop.

chalsall · 2013-12-09, 21:57

Quote:

Originally Posted by TObject

Wild guess: maybe that is how CloudFlare is shopping for new customers? An even wilder guess: perhaps NSA wants all popular sites behind CloudFlare, as it makes it easier to snoop.

I appreciate, and resonate with, your paranoia.

For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.

TheMawn · 2013-12-09, 23:52

Quote:

Originally Posted by chalsall

For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.

Spike them! SPIKE THEM!

http://www.youtube.com/watch?v=mIq9jFdEfZo

Uncwilly · 2013-12-10, 00:06

Quote:

Originally Posted by chalsall

For reasons we don't fully understand, the forum is being attacked. It appears that some of the attempts are by low-paid humans.

Are you sure that they are not humans that don't realise that they are helping an attack?
I can think of one person who is currently "wearing a purple jersey" that might be upset enough to do this.

2013-12-08, 11:29	#1
Xyzzy "Mike" Aug 2002 2⁵·257 Posts	Why does mersenneforum.org sometimes require registration to read? Temporarily, the forums are closed to unregistered members. We do not wish to do this, but the forum has been the target of a severe registration/spambot thing that we are thus far unable to counter. For example, we looked at a random day recently and there were more than 60,000 (!) registration attempts. We have attached a chart to this post to illustrate the problem. It is a combination of extreme registration attempts, extreme amounts of database queries and extreme "scraping" of every page the forum has. Note that our "test" shutdown from 19-22 November produced reasonable bandwidth usage. Unfortunately, this is not a problem that we can solve by throwing money at it. Please be patient until we can figure out what is going on. Thanks! Attached Thumbnails

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Registration impossible	Unregistered	Information & Answers	6	2013-06-14 12:38
does Windows XP require more memory now?	ixfd64	Lounge	7	2009-06-24 03:36
No registration?	Unregistered	Forum Feedback	0	2007-08-12 23:44
Registration...	Xyzzy	mersennewiki	0	2006-05-21 17:15
chance of finding a factor?......Read me read me read me :)	Firedog18	Software	9	2003-07-25 17:10

2013-12-08, 13:10	#2
f1pokerspeed Jun 2012 6A₁₆ Posts	So one thing that could be done perhaps is throw the server through CloudFlare. They have built in scaling DDoS protection, security for virtually all attacks and analytics for all traffic, including crawlers and threats.

2013-12-08, 18:00	#3
TheMawn May 2013 East. Always East. 11·157 Posts	Maybe we're just very popular?

2013-12-08, 20:44	#4
WraithX Mar 2006 479 Posts	I haven't looked too in-depth at these options, but it looks like both CloudFlare and Incapsula both have options to help protect web sites. On the CloudFlare plans/pricing web page (here) you can see that they offer "Content scraping protection" on their $20 and higher plans. I don't see specific mention of this on the Incapsula pricing page (here). I didn't see mention of protection against excessive registration attempts or db queries, but they might have special names for those (maybe bot attacks?). Also, if you think this might be a problem in the future, they both have tiers to protect websites from a wide array of DDoS attacks. According to a recent (2013/10) report titled: "CloudFlare vs Incapsula: Round 2" (available here) you can see that Incapsula performed much better at protecting against the listed attacks. With all that said, I think it'd be interesting to see what happens when the forum is behind one of: CloudFlare Free ($0/month) CloudFlare Pro ($20/month) Incapsula Free ($0/month) Incapsula Personal ($19/month) Incapsula Business ($59/month) The DDoS protection kicks in at the higher levels, such as: CloudFlare Business ($200/month) Incapsula Business+ ($299/month)

2013-12-08, 20:58	#5
kladner "Kieren" Jul 2011 In My Own Galaxy! 10011110101110₂ Posts	These services might help. However, it should be borne in mind that hosting for the forum is $30/month, IIRC. Additional paid services would merit a higher level of contributions to support them. (So says a person who has yet to donate to the cause. )

2013-12-08, 23:00	#7
ixfd64 Bemusing Prompter "Danny" Dec 2002 California 2×5×239 Posts	I wish we were getting 60,000 new GIMPS participants instead.

2013-12-09, 20:30	#8
TObject Feb 2012 3⁴·5 Posts	I have seen it a few times before—a popular web site becomes a victim of large scale attack, for seemingly no reason. Then the site moves to CloudFlare and the attacks stop. Wild guess: maybe that is how CloudFlare is shopping for new customers? An even wilder guess: perhaps NSA wants all popular sites behind CloudFlare, as it makes it easier to snoop.