How to deal with DDos attack?
-
@nhl.pl I can't access my forum for about 3 hours
The pageviews keep increasing... and unique visitors are dropping..
503
This forum is temporarily unavailable due to excessive load.
We shouldn't be down for long. Please check back shortly. Sorry for the inconvenience!
-
Are you self-hosting this?
If it's actually a denial of service attack, your host should handle it for you.
-
@AlexFung Best you can do then is contact the guys from NodeBB then. cugh @administrators
-
@AlexFung we're looking into it - next time feel free to send us a direct email at [email protected], thanks!
-
@psychobunny thank you for your help !!!
-
@pichalite I've only ever seen 502 'bad gateway' in a restart scenario. Can you think of a reason why your system would show a 503?
-
@jongarrison Not sure why. I have a test installation running on c9. Some times after a
./nodebb restart
, when I refresh the page I get 503. -
@jongarrison You should get 502 if you turn off NodeBB completely during restart (kill process, restart then) and nginx points to closed port in the meantime. If you however use NodeBB internal functions of restart/reload you're supposed to get a neat 503 page instead
-
@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.
-
Would it be possible for NodeBB to just wait before sending a response? NodeBB startup doesn't take that long.
-
@frissdiegurke Interesting
-
@pichalite said:
@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.
Sure it is! When NodeBB reloads or restarts, it uses the entirety of the system's resources to compile CSS/templates/js, and thus doesn't have any spare cycles to dedicate to NodeBB.
All this is handled on a lower level than NodeBB itself, so it's really out of our hands. The toobusy middleware checks for a lag in the Node.js event loop, and when system resources are tied up, this loop lag goes up, hence a 503... perhaps it's not excessive load, per se, but the system is running low on spare cycles
-
@julian According to https://www.npmjs.com/package/toobusy you have the capability to change the text thought. 503 is absolutely correct, only the text is too specific.
Wikipedia says:
503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.It's not about differentiating those cases