How to deal with DDos attack?
-
@psychobunny thank you for your help !!!
-
@pichalite I've only ever seen 502 'bad gateway' in a restart scenario. Can you think of a reason why your system would show a 503?
-
@jongarrison Not sure why. I have a test installation running on c9. Some times after a
./nodebb restart
, when I refresh the page I get 503. -
@jongarrison You should get 502 if you turn off NodeBB completely during restart (kill process, restart then) and nginx points to closed port in the meantime. If you however use NodeBB internal functions of restart/reload you're supposed to get a neat 503 page instead
-
@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.
-
Would it be possible for NodeBB to just wait before sending a response? NodeBB startup doesn't take that long.
-
@frissdiegurke Interesting
-
@pichalite said:
@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.
Sure it is! When NodeBB reloads or restarts, it uses the entirety of the system's resources to compile CSS/templates/js, and thus doesn't have any spare cycles to dedicate to NodeBB.
All this is handled on a lower level than NodeBB itself, so it's really out of our hands. The toobusy middleware checks for a lag in the Node.js event loop, and when system resources are tied up, this loop lag goes up, hence a 503... perhaps it's not excessive load, per se, but the system is running low on spare cycles
-
@julian According to https://www.npmjs.com/package/toobusy you have the capability to change the text thought. 503 is absolutely correct, only the text is too specific.
Wikipedia says:
503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.It's not about differentiating those cases
-
for changing the text
-
To be honest I wonder very often how DDoS attacks can even occur.
It is not like I do not understand that there are some "bad guys" out there, but in the last year my site was not DDoSed any time.
No, I do not use CloudFlare to protect my site (got all settings disabled at it - except anycast DNS).The only reason which comes into my mind is that the providers are simply inexperienced or lack the proper ressources to block such attacks.