www.Arowanaclub.ca is under attack

S

stratos

Dovii
MFK Member
Jul 6, 2005
329
318
102
A heads up to mods on this site...what is happening to arownaclub.ca could happen here too...

About an hour ago, our monitoring systems alerted us to a very high load on the web server hosting arowanaclub.ca. After investigating the issue, we determined that your site was experiencing a HUGE influx of traffic. You can actually see this number at the bottom of your forums - Most users ever online was 4,181 Today at 5:35 PM.

To protect other customers on the server, we were forced to temporarily suspend your account until the traffic stopped. We are seeing this happen a lot lately with vBulletin forums and it appears to be some sort of botnet scanning for vulnerabilities in the software. After about an hour of hammering your site, the traffic disappeared and we were able to bring your site live again.
Click to expand...
Arowanaclub.ca admin: thanks for the notice. So, is this a DNS attack or some kind of variant of one?

No. This was literally just 5000 machines loading your site at once. It's very odd but we are seeing this same pattern on many vb installations right now.... You're not the only one
Click to expand...
Unfortunately, we had to suspend it again as the attack continued. At this point, we must do a 12 hour suspension in order to ensure other customer sites aren't affected.
Click to expand...
 
S

stratos

Dovii
MFK Member
Jul 6, 2005
329
318
102
Arowanaclub Admin: Do you think this could be due to a recently registered user who could be "rogue" somehow? Any idea as to motive?

Not likely. Normally I would say yes, but over the past several weeks, we've seen this happen on almost two dozen VB sites. Thousands of users (From Russia, mainly) flood the site for several hours, then disappear. From what we've been able to figure out, it's either a poorly programmed search engine attempting to index the entire site at once or it's an exploit scanner.
Click to expand...
This morning we unsuspended your account after the 12 hour suspension and almost immediately your site again became overwhelmed with requests. Per our AUP, we must now suspend the site for 48 hours.

There is unfortunately nothing we can do to work around this problem, as unsuspending your account has an immediate effect on the other sites hosted on this server due to the huge load that it receives.
Click to expand...
And so the buggers are still at it. Looking at getting a whole new secure server at a secure Canadian hosting company...could take a few days...
 
B

BuffaloPolypteridae

Feeder Fish
MFK Member
Aug 5, 2013
3,011
7
0
Buffalo
Its called a ddos attack or distributed denial of service, they could have been trying to figure out addresses and locations of expensive fish or equipment who knows but the easiest way to stop them is a cloud mitigation provider that detects and filters out these hijacked servers and only sends clean traffic your way

Sent from my XT1080 using MonsterAquariaNetwork App
 
You must log in or register to reply here.
zoomed.com
hikariusa.com
aqaimports.com
Store
Top Bottom