ClaudeBot server attack.

Latest Atari related news.
dad664npc
Posts: 148
Joined: Mon Sep 12, 2022 2:32 pm
Location: South East

Re: ClaudeBot server attack.

Post by dad664npc »

Are you still being attacked? PMs don't seem to be going out
ATARI STfm, STe, Mega ST, TT, Falcon
Amstrad CPC464, CPC6128
PiStorm dev - https://github.com/gotaproblem/pistorm-atari
Pico HDC - https://bbansolutions.co.uk
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

dad664npc wrote: Sat Apr 27, 2024 10:38 pm Are you still being attacked? PMs don't seem to be going out
No attacks. If there was the forum would be running very slow or die totally.

What do you mean by pms not going out ? Do you mean stuck in outbox ? As that simply means they not being read yet..

Pms working fine for me..
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

Can anyone open more than 100 connections at once to see if over 100 they now get dropped ?

I think I can also use fail2ban as a request limiter with temp ban. Will look into that more tomorrow.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
dalek
Posts: 225
Joined: Thu Nov 08, 2018 11:03 am
Location: NSW Australia

Re: ClaudeBot server attack.

Post by dalek »

Amazon posts ip-ranges in json format which you can extract say once per day all the EC2 address ranges and add them to rate limiting (in e.g. fail2ban, iptables) or better since the site is running nginx in a rate limiting config
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

Didn't know they published IP ranges. But it be easier just to block aws servers and have some with it. But it doesn't help when some other servers outside of Amazon hits my server. It doesn't happen often, but it keeps happening and soaking up my time :(

Rate limit I tried a few posts back. The limit works but it doesn't help overall. It's why I'm looking just to ban IP addresses who flood the server automatically and have done with it all.

The tricky part is drawing the line between legitimate requests and flood attacks. But I'll study the logs more closely to figure that out.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
sandord
Posts: 678
Joined: Mon Aug 13, 2018 10:08 pm
Location: The Netherlands
Contact:

Re: ClaudeBot server attack.

Post by sandord »

I wonder why phpBB's caching mechanism isn't helping enough in this case. Is it because most requests are to pages that aren't cached yet because they haven't been visited for a while? Or is phpBB still executing SQL queries even when serving a cached page?
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

sandord wrote: Sun Apr 28, 2024 12:30 pm I wonder why phpBB's caching mechanism isn't helping enough in this case. Is it because most requests are to pages that aren't cached yet because they haven't been visited for a while? Or is phpBB still executing SQL queries even when serving a cached page?
I don't know much about phpbbs backend. Though it's always the SQL server which becomes the bottleneck. When I clear the cache it can take several seconds to show the index page. So it's doing something. But i guess that's mostly just code type caching and SQL queries are all still in realtime.

I had monitors on slow SQL queries last year. It's the total post count which can take 2 seconds. If there are several requests at once it seems fine. But beyond that it takes 2 seconds. I've thought about just removing the counts a few times. But that only applies to the index page anyway. The server has lot of free ram so SQL should be caching a lot of stuff already. I've tried before to make it faster. I don't know what it is with mysql. It just seems to always be the bottleneck.

But when there is 900 IPs opening up 100s of requests per second anyway.. the server simply runs out of CPU power. Maybe if I had 100 CPU cores it would work fine.. but. 4 core is expensive enough.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
sporniket
Posts: 1003
Joined: Sat Sep 26, 2020 9:12 pm
Location: France
Contact:

Re: ClaudeBot server attack.

Post by sporniket »

It seems that the server is still under stress, I often get some server errors (HTTP 504/503) or missing pictures or stylesheet.

edit : most likely when I open several topics in a row in separate tabs when catching up with unread new posts.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

sporniket wrote: Sun Apr 28, 2024 5:01 pm It seems that the server is still under stress, I often get some server errors (HTTP 504/503) or missing pictures or stylesheet.

edit : most likely when I open several topics in a row in separate tabs when catching up with unread new posts.
Its because as said a few posts up, there is a rate limit of 100 requests. But i've upped it to 300 now.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

So 300 requests will work, then it will drop connections. That works fine. If I open the store page 3 times graphics start not loading.

Over 400 connections in 60 seconds *should* get the IP banned. But I don't think that's working.

@derkom not sure if you can help test IP banning ? (or anyone else)..
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
Post Reply

Return to “NEWS & ANNOUNCEMENTS”