How to deal with DDos attack?

AlexFung

@psychobunny thank you for your help !!!

bitspook

strange... i got that same message yesterday on a dev environment hosted on digital Ocean. I was the only one on when it happened. The numbers were not abnormal.

pichalite

@bitspook did you get the message right after a reboot or restart?

bitspook

yikes, i do not recall now. if i remember correctly i was just changing some admin settings in custom html.

pichalite

@bitspook OK. just asking coz you will see the same 503 "Excessive load" page when you reload/restart NodeBB and refresh the page before the reload/restart is fully complete.

bitspook

Very well could be. I hadnt seen the screen before then.

jongarrison

@pichalite I've only ever seen 502 'bad gateway' in a restart scenario. Can you think of a reason why your system would show a 503?

pichalite

@jongarrison Not sure why. I have a test installation running on c9. Some times after a ./nodebb restart, when I refresh the page I get 503.

frissdiegurke

@jongarrison You should get 502 if you turn off NodeBB completely during restart (kill process, restart then) and nginx points to closed port in the meantime. If you however use NodeBB internal functions of restart/reload you're supposed to get a neat 503 page instead

pichalite

@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.

yariplus

Would it be possible for NodeBB to just wait before sending a response? NodeBB startup doesn't take that long.

jongarrison

@frissdiegurke Interesting

julian

@pichalite said:

@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.

Sure it is! When NodeBB reloads or restarts, it uses the entirety of the system's resources to compile CSS/templates/js, and thus doesn't have any spare cycles to dedicate to NodeBB.

All this is handled on a lower level than NodeBB itself, so it's really out of our hands. The toobusy middleware checks for a lag in the Node.js event loop, and when system resources are tied up, this loop lag goes up, hence a 503... perhaps it's not excessive load, per se, but the system is running low on spare cycles

frissdiegurke

@julian According to https://www.npmjs.com/package/toobusy you have the capability to change the text thought. 503 is absolutely correct, only the text is too specific.

Wikipedia says:

503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.

It's not about differentiating those cases

pichalite

for changing the text

AlexFung

My problem finally sloved by great support provided by NodeBB. XD
Developer told me that someone run Apache Bench on my forum.

bitspook

@AlexFung said:

Apache Bench

going to use Fail2Ban then?

julian

Actually, we just added the offending IP to the firewall rules. Not a permanent solution really, but works in a pinch.

bitspook

fail2ban works against a lot of low-level nuisances.

A Former User

To be honest I wonder very often how DDoS attacks can even occur.
It is not like I do not understand that there are some "bad guys" out there, but in the last year my site was not DDoSed any time.
No, I do not use CloudFlare to protect my site (got all settings disabled at it - except anycast DNS).

The only reason which comes into my mind is that the providers are simply inexperienced or lack the proper ressources to block such attacks.