How to deal with DDos attack?
-
@frissdiegurke Interesting
-
@pichalite said:
@frissdiegurke It's a neat 503 page but don't think the "Excessive Load" message is appropriate during restart/reload.
Sure it is! When NodeBB reloads or restarts, it uses the entirety of the system's resources to compile CSS/templates/js, and thus doesn't have any spare cycles to dedicate to NodeBB.
All this is handled on a lower level than NodeBB itself, so it's really out of our hands. The toobusy middleware checks for a lag in the Node.js event loop, and when system resources are tied up, this loop lag goes up, hence a 503... perhaps it's not excessive load, per se, but the system is running low on spare cycles
-
@julian According to https://www.npmjs.com/package/toobusy you have the capability to change the text thought. 503 is absolutely correct, only the text is too specific.
Wikipedia says:
503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.It's not about differentiating those cases
-
for changing the text
-
To be honest I wonder very often how DDoS attacks can even occur.
It is not like I do not understand that there are some "bad guys" out there, but in the last year my site was not DDoSed any time.
No, I do not use CloudFlare to protect my site (got all settings disabled at it - except anycast DNS).The only reason which comes into my mind is that the providers are simply inexperienced or lack the proper ressources to block such attacks.
-
@AOKP said:
The only reason which comes into my mind is that the providers are simply inexperienced or lack the proper ressources to block such attacks.
Careful, @AOKP, such words could be to your disadvantage
Denial of service attacks can be mitigated by rules like fail2ban, firewall rules, etc.
Distributed denial of service attacks are very different, and it is difficult to determine when traffic is legitimate vs what is a garbage request.
When you control all of the resources from server to pipe, then sure, you can spend time figuring out who is doing what and taking steps to block bad requests, but when you're using a hosting provider, you've got a bit of pressure to resolve the situation immediately, otherwise you're looking at hefty fines (AWS), or service suspension/termination (DigitalOcean).
We make it a policy to not accept high risk customers without a significant investment in a DNS level DDoS protection service, typically CloudFlare (or actually, Incapsula, since they allow WebSockets at a lower pricing tier).
In @AlexFung's case, investigating the nginx access log showed repeated requests from a single IP, with the user agent
ApacheBench/2.3
. -
@julian I bet every single penny I have that DDoS attacks will have no effect on my site, unless you use a really big botnet.
My provider uses Arbor and Tilera systems against these sort of attacks and is well known for its strong anti-ddos capabilites. -
Try running your URL through Cloudpiercer.org... if your origin IP is exposed, cloud-based mitigation is largely useless when DNS attacks are still such an effective threat. Not all the bad guys are only toting Low Orbit Ion Cannons.
-
-
@Joykiller well and thats why I am boasting a little with mine. They have a 100% anti-DDoS guarantee. There is no bandwith limit nor any maximum ammount of attacks.
Actually they are known for having one of the best protections in the world.
-
@AOKP said:
@Joykiller well and thats why I am boasting a little with mine. They have a 100% anti-DDoS guarantee. There is no bandwith limit nor any maximum ammount of attacks.
Actually they are known for having one of the best protections in the world.
Thats good. What host is it? I'm always on the look for good hosting. I use a gaming server host for most of my VPS's they been best I've ever used with great DDoS protection on Internap.
-
@Joykiller it is OVH.
Currently they are the world 3rd biggest hosting company, currently working to have 1.000.000 servers.Also be sure to take a look at Kimsufi & SoYouStart. Both are owned by OVH, providing cheap servers for smaller projects/mid-sized projects.
-
@AOKP Oh yeah heard of them, used them for a month or so didn't really find them that appealing, imo. I honestly use a Gaming server provider mainly because they hardened them selves over the years due to kids DDoSing servers. Their support is top notch, literally 1-2 min ticket responses even at like 2 am. They have an amazing SLA. While on a Tier 1 backbone, 20000-50000 Mbps bandwidth ports. Oh yeah and one of my main reasons, free windows 2008/2012 license. (But mainly only use that for game servers hah.)
-
@Joykiller... Windows....
OVH improved enormously in the past years and thanks to an attractive pricing and good service (except you use Kimsufi) they are getting more and more popular.In the end everyone has to decide it by himself.
-
@AOKP said:
@Joykiller... Windows....
OVH improved enormously in the past years and thanks to an attractive pricing and good service (except you use Kimsufi) they are getting more and more popular.In the end everyone has to decide it by himself.
Yeah I know, I wish all game developers would use linux binaries for their game servers but nope. I will also not run them under wine because usually most don't work with it, the ones that do usually end up losing like huge performance vs windows box.