Sciencemadness Discussion Board

Sm down?

99chemicals - 26-12-2012 at 13:48

Today and I have been having periods of SM being up and down . It is saying to run the debug.

It was down earlier and then was up. I am getting suspicious because it it was just down for less than a minute. I was going to the home and it gave me run debug screen. I refreshed and it was up again.

Unless Polverone is actively working on it then something is up.

Any body else having these problems?

IrC - 26-12-2012 at 14:32

Yes it has been giving me the same error on and off in the last three days or so.

neptunium - 26-12-2012 at 15:50

it looks like everytime i try to log in it gives me this same error message...just like you guys!
and the forum has been down for me since yesterday morning! christmas morning..

Polverone - 27-12-2012 at 19:13

Not sure why the database is being flakier than usual. I have added a script to automate the most common error and recovery scenario.

Rosco Bodine - 27-12-2012 at 19:22

The site has been down for a day or so. Totally 404'ed, no such website, and it just dumped a reply and the connection isn't stable even now.

Update: it seems stable for the past 10 minutes, so far so good

[Edited on 28-12-2012 by Rosco Bodine]

Rosco Bodine - 27-12-2012 at 19:33

See the spammer in Energetic Materials ? Online again and here they come like clockwork. Spambots may be part of the problem.

Polverone - 27-12-2012 at 19:35

I think I figured it out. Someone has been trying to brute force guess passwords and accounts on sciencemadness. The many attempts led to many authentication processes starting. So many processes were started that the system was starved of memory, which made everything else super-slow and probably contributed to the database corruption.

I have limited the number of authentication processes that can run simultaneously. I have also installed fail2ban which should render the guessing guy much less disruptive.

Rosco Bodine - 27-12-2012 at 19:38

Some people need to get a life huh, nothing better to do than eff with people's websites.

White Yeti - 27-12-2012 at 20:00

I thought samarium was down continuously for two days. Granted, I don't login very often, but every time I tried to access the site, it was on debug. It's good to hear the problem has been found.

All that remains to be done is to find a bucket of HF and trace the IP address [kidding]

IrC - 27-12-2012 at 20:05

Quote: Originally posted by Polverone  
I think I figured it out. Someone has been trying to brute force guess passwords and accounts on sciencemadness. The many attempts led to many authentication processes starting. So many processes were started that the system was starved of memory, which made everything else super-slow and probably contributed to the database corruption.

I have limited the number of authentication processes that can run simultaneously. I have also installed fail2ban which should render the guessing guy much less disruptive.


So completely shut down the authentication process for a few days. This will stop the hacking, as well as spammers registering for a while. Maybe long enough they will move on to easier prey.

Irritates the hell out of me I have been wanting to post this story all day.

http://www.theblaze.com/stories/do-modern-no-chemical-chemis...



[Edited on 12-28-2012 by IrC]

Oscilllator - 27-12-2012 at 20:11

I keep getting the message "The system has failed to process your request. If you're an administrator, please set the DEBUG flag to true in config.php."
Dunno if that helps or not, but it seems people are getting different errors

elementcollector1 - 27-12-2012 at 22:43

I had the same error as Oscillator.
So, some guy's trying to brute-force hack passwords? Reminds me a bit of a certain metal ball with a blue eye:
"Okay... A-A-A-A-A-A." (Buzzer) "...A-A-A-A-A-C!" (Buzzer) "No. Wait, did I do B? Have you got a pen? Start writing these down!"

12AX7 - 27-12-2012 at 23:56

That's pretty much it... I have an FTP running, set up to accept only secure clients. Every so often, the logs show two hours of "cannot login, must use SSL" before they time out and give up.

Edit: Hasn't been many attempts lately, actually. Though there was one: "GET /HTTP/1.0", which replied "500 command not recognized"... lol.

Tim

[Edited on 12-28-2012 by 12AX7]

Hexavalent - 28-12-2012 at 05:47

I continually get the same error message as Oscillator....why is it, then, that different people have been getting different error codes and messages?

White Yeti - 28-12-2012 at 07:37

When someone tries to brute force guess access codes, is the computing capacity of a PC sufficient? Or is external ayuda necessary? IIRC some hackers use the CPU time of "zombie computers" to speed up the process. If the samarium servers can't handle the hacking, I guess it doesn't really matter either way.

99chemicals - 28-12-2012 at 09:06

I finally got back on. I was constantly checking yesterday and based on peoples posts It went up after I went to sleep. Oh well. Time to catch up on what I missed...

Stupid hackers.:mad:

12AX7 - 28-12-2012 at 23:56

Quote: Originally posted by White Yeti  
When someone tries to brute force guess access codes, is the computing capacity of a PC sufficient? Or is external ayuda necessary? IIRC some hackers use the CPU time of "zombie computers" to speed up the process. If the samarium servers can't handle the hacking, I guess it doesn't really matter either way.


If the only way to tell if you've got the correct code is to attempt login, the only thing you can do is try every possible password on the target computer. If multiple-attempt banning is enforced, the DDoS approach can be used, but it will still be slow (since obviously, you don't want to attack the target with more traffic than it can process).

If you had some cyphertext, or public keys or something like that, you might have more luck -- instead of a single server bottleneck, you can run crack in massive parallel.

Tim

Eddygp - 10-1-2013 at 14:29

The first time I saw this thread, I thought it was about samarium down...

Sorry for the downtime

Polverone - 28-1-2013 at 01:12

I did a bunch of system software upgrades today. I got stuck on the last part and it took a while before the system would boot properly again. Things should be working again now, and it should be a while before I need to do any more system upgrades.

Spammers took us down

Polverone - 19-4-2013 at 11:54

The site was unavailable for some hours today. Somehow spammers managed to start sending email spam through SM early this morning. So not only is SM now on dozens of mail block-lists around the world, the high activity completely filled the disk with log files after a couple of hours and caused the web site to cease functioning.

I have been running what I thought was a secure postfix configuration for years with no prior spam problems. I haven't had to try to deal with a site of mine being flagged as a spam distributor in more than 10 years; this ought to be fun.

In the short term I have simply shut down postfix (the mail system). If there is anyone out there who can expedite understanding the mail logs and figuring out where the security problem lies, such help would be appreciated.

neptunium - 19-4-2013 at 12:23

its been shut down quite a few time lately...last time was arround chrismas i think

chemcam - 26-5-2013 at 10:08

Every other thread I try to open gives this error:

"The system has failed to process your request. If you're an administrator, please set the DEBUG flag to true in config.php"

Polverone - 26-5-2013 at 12:41

The system rebooted after a kernel upgrade and I forgot to manually shut off postfix again. The spammers ran wild again, filling up the disk like before. How I hate spammers and SMTP.

chemcam - 26-5-2013 at 14:23

Yes, everything is working well now; I wish the spammers would choke on a cloud of NO2! :P

Finnnicus - 26-5-2013 at 23:54

No chemcam, fluorine.