When it doesn't fit anywhere else
 #163182  by phpbb
 Sat Nov 03, 2018 4:58 pm
I did not notice this until today, maybe because of the escalation. IF you have had connectivity issue lately, I figured out the reason today. When I tried to connect today, I got the SQL errors that led me to think of another attack. This time I decided to use a tool that let me block traffic based on geography. I decided to only allow US + Canada. The graph below shows the scale of the attack currently happening, but being blocked. Based on my analysis, 100% of the traffic originates from China. The orange line represents traffic from United States, which accounts for 90% of all traffic. The Blue line above is all the traffic being blocked, 6 times the US traffic.

Image

Ultimately these "valid" requests flood the SQL Server causing connections errors as shown below:

Image
TI4-1009, old man down liked this
 #163184  by ac4468
 Sat Nov 03, 2018 5:58 pm
Clearly the Chinese have discovered the influence this group has on the American way of life and is targeting the most American of pastimes! Next thing you know they'll be flooding the board with fake wiring schematics.

All kidding aside, thanks for keeping this site running!
phpbb liked this
 #163185  by TI4-1009
 Sat Nov 03, 2018 7:04 pm
Those China Cats......
phpbb, ski_rick, FLH liked this
 #163190  by Jon S.
 Sun Nov 04, 2018 5:42 am
ac4468 wrote:
Sat Nov 03, 2018 5:58 pm
Clearly the Chinese have discovered the influence this group has on the American way of life and is targeting the most American of pastimes!
Well put! :D
 #163192  by waldo041
 Sun Nov 04, 2018 6:44 am
i believe it is pronounced ˈjīnə and rhymes with Vagina.

~waldo
MattMan liked this
 #163193  by ac4468
 Sun Nov 04, 2018 6:46 am
waldo041 wrote:i believe it is pronounced ˈjīnə and rhymes with Vagina.

~waldo
We’re on tonyou Waldo. IF that’s your real name.
MattMan liked this
 #163195  by waldo041
 Sun Nov 04, 2018 7:22 am
ac4468 wrote:
Sun Nov 04, 2018 6:46 am
waldo041 wrote:i believe it is pronounced ˈjīnə and rhymes with Vagina.

~waldo
We’re on to you Waldo. IF that’s your real name.
:oops: :shock:

going off topic a sec, cool f'in avatar ac4468! :cool:

~waldo
ac4468 liked this
 #163198  by phpbb
 Sun Nov 04, 2018 8:15 am
mkaufman wrote:
Sun Nov 04, 2018 6:12 am
Is your SQL server protected against injections, etc. It may be an attempt to hack in to infect the site.
yes, it is. I am also starting to use a product from AWS called "Web Application Firewall" that has the ability to monitor requests for SQL Injection and Cross Site Scripting, along with Blocking by IP or Geography.
waldo041, milobender, Jimv liked this
 #163199  by brianb
 Sun Nov 04, 2018 8:54 am
If you don't end up liking the WAF from Amazon, check out Sucuri Security https://sucuri.net/. This is a company founded by a friend / client of mine and it is a great product for defending against this sort of thing.
waldo041, phpbb liked this
 #163251  by old man down
 Wed Nov 07, 2018 12:31 pm
Here's an interesting aside.

Recently, I had completed my first run-through on the Watkins Glen Soundcheck Jam TAB, and the daily Views then fell off to near zero.

Then, unannounced, by working from an Edit page on the Thread and not making a new Post, I began working on an iPhone Version to the TAB, because I was interested in the viability that it could offer, which would avoid "wrap."

Almost overnight, the daily Views jumped up to 30 views per day. Whenever I'd go Online to work on the Edit page, to bring the work forward, I'd get hammered with the SQL error page, even though I'd see no one Online except the usual two Bots. I couldn't imagine how the connectivity could be so hamstrung with no one Online, except them.

Finally, phpbb identified China as the source of the SQL problem and denied it access to this site. Immediately, my SQL problems disappeared entirely, but I also noticed that the View increases per day went to zero.

In the back of my mind I thought, Hmmm, I bet the mention of iPhone in the Thread was picked up by Chinese Bots that are used to monitor technology on the Internet. Those invisible "intruders" may have been making the daily Views. Don't know. (iPhone is largely manufactured in China, and applications to it are of great interest to the Chinese)

Anyway, I'd rather have zero daily Views, any day, compared to a website that would barely even let you Enter Online to merely browse around.
TI4-1009 liked this