Recent Server Issues on Health Rising

Cort

Founder of Health Rising and Phoenix Rising
Staff member
We've been having issues with our servers for about as long as I can remember (about a month and a half). We recently hired a server specialist to figure out what the heck is going on. He's identified at least three problems and fixed them and we thought we were in the clear, but then we had our longest server outage the other day.

That was a bit disappointing....(sigh)

We're committed to getting this fixed and we will.

(One silver lining is that Stavya is learning a heck of a lot about servers.)

Please hang in there until we get this fixed.

I'll keep you informed on our progress on this thread.

Thanks for your patience.

Cort
 

Cort

Founder of Health Rising and Phoenix Rising
Staff member
Thanks for all your hard work and diligence Cort!
Thanks Wayne.

We are getting with what's called Distributed Denial of Service attacks. Why they're targeting Health Rising I don't know. Many website are busier than HR.

In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.[1]

A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. The scale of DDoS attacks has continued to rise over recent years, even reaching over 400Gbit/s.[2]

Criminal perpetrators of DoS and DDoS attacks often target sites or services hosted on high-profile web servers such as banks, credit card payment gateways. Motives of revenge, blackmail[3][4][5] or activism[6] can be behind other attacks.

The most serious attacks are distributed[8] and in many or most cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address.

The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down.

These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time.
 

Cort

Founder of Health Rising and Phoenix Rising
Staff member
It's almost a continual battle actually.

Before we opened the Forums to the public someone snuck in posted hundreds of spam messages on it without our realizing it. That ended up with servers targeting HR as a spam source and cutting our emails off.

Then we were deluged with spammers registering for the Forums for several months. We finally got that mostly shut down.

Now there's these DDOS attacks which have been going on for a couple of months it appears.

It's life on the internet, I guess.
 

Hip

Well-Known Member
I just did some quick Googling on the motivations for DDOS attacks, and found these articles:

http://saudigazette.com.sa/business/5-common-motives-ddos-attacks

http://arch.simplicable.com/arch/new/the-5-motives-for-DDoS-attack

http://www.slideshare.net/intruguard/10-most-common-reasons-you-get-d-do-s


From reading these, it seems that at the most innocent end of the spectrum, a website might just be targeted by individuals known as "script kiddies" — these are kids that don't have the technical skills to write their own hacking scripts or code, but download ready-made hacking scripts from the Internet, and randomly target websites, just to prove to themselves that they can use these scripts.
 

Cort

Founder of Health Rising and Phoenix Rising
Staff member
I just did some quick Googling on the motivations for DDOS attacks, and found these articles:

http://saudigazette.com.sa/business/5-common-motives-ddos-attacks

http://arch.simplicable.com/arch/new/the-5-motives-for-DDoS-attack

http://www.slideshare.net/intruguard/10-most-common-reasons-you-get-d-do-s


From reading these, it seems that at the most innocent end of the spectrum, a website might just be targeted by individuals known as "script kiddies" — these are kids that don't have the technical skills to write their own hacking scripts or code, but download ready-made hacking scripts from the Internet, and randomly target websites, just to prove to themselves that they can use these scripts.
Thanks Hip

It is strange that little old HR is getting attacked so much - so maybe it is kid targeting less well defended websites. If they are kids they should know they are costing us quite a bit of money!
 

Hip

Well-Known Member
It is strange that little old HR is getting attacked so much - so maybe it is kid targeting less well defended websites. If they are kids they should know they are costing us quite a bit of money!

If it is just teenagers messing about, you'd think they might choose some more traditional forms of teenage delinquency, like getting up to mischief at shopping malls, or hanging around on the streets!
 

Get Our Free ME/CFS and FM Blog!



Forum Tips

Support Our Work

DO IT MONTHLY

HEALTH RISING IS NOT A 501 (c) 3 NON-PROFIT

Shopping on Amazon.com For HR

Latest Resources

Top