In the next day or so, I’m going to be upgrading the panda website. This will be a multi-step process:
Step 1. Install a new OS on a new machine.
Step 2. Lock the forums on the old machine.
Step 3. Copy the data over to the new machine.
Step 4. Change the DNS to point at the new machine.
So from your point of view, there will be a day or so where you can’t post, and then things will return to normal. I’m sure that I’ll fail to copy something or other, and it will probably take a few days to work the kinks out.
After the transition, you’ll notice a new antispam captcha on the phpbb2 registration page. You’ll also see that we’re running the latest version of everything (wiki, phpbb2, etc). Hopefully, you won’t notice any other changes.
Update: if you’re looking at this, the forum upgrade is complete.
o0 wow… being 2 days not online and missing all the fun
Nice Job!
Regards, Bigfoot29
cagey
October 26, 2006, 11:06am
4
panda3d.org/manual/index.php/Examp … _Community
The links in the above page (and probable more pages) need to be updated to link to the new forum. They link to /forum rather than the new /phpbb2
Well, it looks like the new web server isn’t stable. It ran for several days and then locked up. Once it locked up, it was totally inaccessible, even via the console. I get the impression that it ran out of RAM, but I’m not sure about that. I’ll be monitoring it for the next few days to see what happened.
sm3
October 30, 2006, 4:08pm
7
I was wondering what happened. I thought it was me user error. Either that or the spambots were getting revenge by a denial-of-service attack
Hm. This is interesting, from the web server statistics:
Month Unique visitors Number of visits Pages Hits Bandwidth
22 Oct 2006 688 5670 46007 6.36 GB
23 Oct 2006 833 6762 45049 4.71 GB
24 Oct 2006 277 2993 18827 1.62 GB
25 Oct 2006 839 6761 46488 5.87 GB
26 Oct 2006 820 6464 39557 4.82 GB
27 Oct 2006 809 7494 49329 12.83 GB
28 Oct 2006 647 102668 139940 50.21 GB
29 Oct 2006 180 47461 54411 48.83 GB
It’s beginning to look like a DOS attack. Almost all the additional bandwidth is to one IP address. The server logs look like this:
80.191.15.6 - - [29/Oct/2006:09:15:24 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38992 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:28 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38958 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:31 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38980 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:42 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 39027 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:45 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38989 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:48 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38952 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:53 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38956 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:56 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 39001 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:15:59 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38987 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:16:03 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38980 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:16:06 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38966 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:16:10 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38976 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
80.191.15.6 - - [29/Oct/2006:09:16:18 -0500] “POST /phpbb2/viewtopic.php?t=892&start=0 HTTP/1.1” 200 38972 “https://discourse.panda3d.org/viewtopic.php?t=903&view=previous ” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)”
Anybody have any clue about what this could mean?
sm3
October 30, 2006, 5:42pm
10
Well that is interesting. The netblock owner for 80.191.0.0 - 80.191.87.255 is Information Technology Corporation Tehran, Iran.
You can email this address for abuse:
abuse@mail.dci.co.ir
This is from the whois data. It’s a start I guess.
Well, the web logs say it’s a windows 98 machine. My guess is, an infected one.
sm3
October 30, 2006, 6:04pm
12
Well, from that section you posted, that could just be a user hitting refresh lots of times I guess, wondering why the webserver isn’t responding.
If so, they hit “refresh” a total of 193,421 times.
Isn’t it possible to just block the IP if its always the same? Either using iptables or using Apache itself? (afaik there should be such a ability…)
Just my 2 (Euro-)cents
Regards, Bigfoot29
Well, it went down again last night, and not because of a DOS this time. I just did a test — the webserver is allowing unlimited concurrent downloads, which it isn’t supposed to do. I’m going to see why it appears to be ignoring its config file.
Well, I’ve made two configuration changes. We’ll see how it goes:
I’ve reduced the max number of servers from 150 down to 50.
I’ve installed mod_limitipconn, and set the limit to 3 concurrent downloads per IP address.
sm3
November 1, 2006, 3:21pm
18
Well, your changes seem to have worked Josh. The webserver was actually responding this morning.
kaweh
November 2, 2006, 10:40am
20
josh, acccess any page i get
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.0.55 (Debian) PHP/5.1.6-1 Server at panda3d.org Port 80
now when i reload the page immediatly , i will get to the page! so it’s a permanent ‘click-reload’ cycle for me to see each page.
I’m on OS X / Safari if that makes any difference.
cheers,
kaweh