Forum bombed by thousands of connections [Archive] - thinBasic: Basic Programming Language Community Forum

View Full Version : Forum bombed by thousands of connections

ErosOlmi

23-12-2022, 13:58

It is a couple of days we are fighting against a kind of connection bombing from thousands of simultaneous connections from different sources.
Forum was unusable for 2 days because cpu and max background process were to the limit of our provider plan

We have blocked for a while some IP ranges in order to reduce simultaneous connections
Most connections were coming from AWS, Azure, Google, applebot.apple.com, Petalsearch.com ... and other scan bots

We also limited the possibilities of GUEST users: they can only see forum home page and not go further in threads or read posts.
You must be logged in order to see posts.
I will leave this limitation for a while and see what happen.

Now forum is still available but bombing is not ending ... anyway now I can manage it and fine control remote IPs

Will see next days.

Ciao
Eros

ErosOlmi

27-12-2022, 14:57

Community forum still bombed by some bot/crawlers
In particular hundred of threads from applebot.apple.com
Banned its ip range 17.241.0.0/16, will see

dco045

27-12-2022, 19:11

Hi Eros,

Does a captcha would help ??

Best wishes for the end of year.

Dany :)

ErosOlmi

27-12-2022, 19:39

Ciao,

no if I want leave forum home page at least visible to all.
I can make forum private and leave just one login page but its not what I want.

At the moment if you are a guest you can only see forum home page and posts are visible only to registered users.
Is not what I want, I prefer to have open forum and leave people register if they want but actually I HAD TO reduce access hoping this bombing will last in few weeks.

Today I blocked many IPs from Apple bot
Also blocked many IPs coming from a Microsoft network but they do not have reverse DNS so I cannot get the name.
Will see next days.

Up to about 800/900 simultaneous connections ... forum slow down a bit but it is still usable
Above that number forum is unusable even for going into admin panel.

ErosOlmi

16-01-2023, 09:12

Re-activated almost all forum functionalities.
I think bombing was activated by crazy crawler activities by some search engine like Apple, Microsoft and some others I didn't know
After blocking their ip ranges for a while now their activity seems returned to acceptable level.