• We are now running on a new, and hopefully much-improved, server. In addition we are also on new forum software. Any move entails a lot of technical details and I suspect we will encounter a few issues as the new server goes live. Please be patient with us. It will be worth it! :) Please help by posting all issues here.
  • The forum will be down for about an hour this weekend for maintenance. I apologize for the inconvenience.
  • If you are having trouble seeing the forum then you may need to clear your browser's DNS cache. Click here for instructions on how to do that
  • Please review the Forum Rules frequently as we are constantly trying to improve the forum for our members and visitors.

The Recent Database Issues

John Pierce

John Pierce

Administrator
Staff member
Joined
May 5, 2006
Messages
1,777
Ok. I believe that I have resolved the issues that have been plaguing us since last Friday's upgrade to vBulletin 4.10 PL 2.

In attempting to address the symptoms, I made a number of changes to the forum, some of which I plan to keep and some of which I will roll back (and some I didn't realize until members reported it).

So ... if you are experiencing anything that you think I need to change, please let me know. And thanks for being patient as I worked through the issue.

For those who are curious and technically minded, the issue was a combination of a brute force attack by parties unknown using the search features of the forum combined with the back-end database using table level locking which allowed one attack query to take down the entire database as subsequent queries backed up and quickly consumed all available system resources waiting for a table lock release that never came.

I hope that with the latest changes we have seen the end of the issues. But please report any problems if you encounter them.

Thanks again!


John
 
eye95

eye95

Well-known member
Joined
Jan 6, 2010
Messages
13,524
Location
Fairborn, Ohio, USA
Administrator said:
Ok. I believe that I have resolved the issues that have been plaguing us since last Friday's upgrade to vBulletin 4.10 PL 2.

In attempting to address the symptoms, I made a number of changes to the forum, some of which I plan to keep and some of which I will roll back (and some I didn't realize until members reported it).

So ... if you are experiencing anything that you think I need to change, please let me know. And thanks for being patient as I worked through the issue.

For those who are curious and technically minded, the issue was a combination of a brute force attack by parties unknown using the search features of the forum combined with the back-end database using table level locking which allowed one attack query to take down the entire database as subsequent queries backed up and quickly consumed all available system resources waiting for a table lock release that never came.

I hope that with the latest changes we have seen the end of the issues. But please report any problems if you encounter them.

Thanks again!


John
Click to expand...

Thanks for the explanation.

Question. If you do identify the culprit and if it turns out that the act was deliberate and malicious (for example, say, revenge from a disgruntled former member), did that person commit a crime? Can criminal (or civil) law be used to take the perp to task?
 
John Pierce

John Pierce

Administrator
Staff member
Joined
May 5, 2006
Messages
1,777
eye95 said:
Thanks for the explanation.

Question. If you do identify the culprit and if it turns out that the act was deliberate and malicious (for example, say, revenge from a disgruntled former member), did that person commit a crime? Can criminal (or civil) law be used to take the perp to task?
Click to expand...

There is at least one federal law making such an attack a criminal offense. And it also gives rise to a number of civil issues. However, a clever attacker, using anonymous proxies is VERY difficult to track.

The important thing is to be able to move forward.


John
 
C

Citizen

Founder's Club Member
Joined
Nov 15, 2006
Messages
18,269
Location
Fairfax Co., VA
Administrator said:
SNIP...the issue was a combination of a brute force attack by parties unknown using the search features of the forum combined with the back-end database using table level locking which allowed one attack query to take down the entire database as subsequent queries backed up and quickly consumed all available system resources waiting for a table lock release that never came.
Click to expand...

Huh!?! Wudhesay? Lawyers. Phhht. :D
 
Last edited:
Grapeshot

Grapeshot

Legendary Warrior
Joined
May 21, 2006
Messages
35,317
Location
Valhalla
Citizen said:
Look, just tell me that the feed lips were bent, or something understandable.

:D
Click to expand...

There are no feed lips on my magazine.

Kudos to John for solving this.

Opps - just found out I cannot copy and paste a picture.
 
Last edited:
ixtow

ixtow

Founder's Club Member
Joined
Nov 25, 2006
Messages
5,038
Location
Suwannee County, FL
Many forum moderators ban all TOR exit nodes. It does, however, also stifle free speech to ban TOR exit nodes. Many censored locales depend on TOR to take back what has been taken from them.

So it's a double-edged sword.

You might want to check the published list of exit nodes (TOR exit nodes are exposed and known by their very nature). It won't tell you whodunit, but it will tell you what level of sophistication your adversary has. Just a stupid script kiddie? Or a professional you can expect more trouble from...

I run a TOR node myself.

http://www.torproject.org/

When the enemies of freedom get smarter than you, you lose.
 
Last edited:
John Pierce

John Pierce

Administrator
Staff member
Joined
May 5, 2006
Messages
1,777
See this thread for an update on the anonymous proxy issue.

http://forum.opencarry.org/forums/s...-Proxies-Are-Now-Banned&p=1427393#post1427393

John

ixtow said:
Many forum moderators ban all TOR exit nodes. It does, however, also stifle free speech to ban TOR exit nodes. Many censored locales depend on TOR to take back what has been taken from them.

So it's a double-edged sword.

You might want to check the published list of exit nodes (TOR exit nodes are exposed and known by their very nature). It won't tell you whodunit, but it will tell you what level of sophistication your adversary has. Just a stupid script kiddie? Or a professional you can expect more trouble from...

I run a TOR node myself.

http://www.torproject.org/

When the enemies of freedom get smarter than you, you lose.
Click to expand...
 
eye95

eye95

Well-known member
Joined
Jan 6, 2010
Messages
13,524
Location
Fairborn, Ohio, USA
TopSnake said:
Is this why everytime I try to search I have to do a damn captcha?
Click to expand...

Yes. However, since the implementation of Captcha, the site has stabilized. There is little doubt that someone (or someones) were trying to sabotage the site. This is good work by the owners in heading these juvenile and destructive actions off.

Those perpetrating them are thugs.
 
You must log in or register to reply here.
Top