ClaudeBot server attack.
-
dad664npc
- Posts: 166
- Joined: 12 Sep 2022 14:32
- Location: Oxfordshire
Re: ClaudeBot server attack.
Are you still being attacked? PMs don't seem to be going out
ATARI STfm, STe, Mega ST, TT
Amstrad CPC464, CPC6128
PiStorm dev - https://github.com/gotaproblem/pistorm-atari
Pico HDC - https://bbansolutions.co.uk
Amstrad CPC464, CPC6128
PiStorm dev - https://github.com/gotaproblem/pistorm-atari
Pico HDC - https://bbansolutions.co.uk
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
No attacks. If there was the forum would be running very slow or die totally.
What do you mean by pms not going out ? Do you mean stuck in outbox ? As that simply means they not being read yet..
Pms working fine for me..
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
Can anyone open more than 100 connections at once to see if over 100 they now get dropped ?
I think I can also use fail2ban as a request limiter with temp ban. Will look into that more tomorrow.
I think I can also use fail2ban as a request limiter with temp ban. Will look into that more tomorrow.
-
dalek
- Posts: 232
- Joined: 08 Nov 2018 11:03
- Location: NSW Australia
Re: ClaudeBot server attack.
Amazon posts ip-ranges in json format which you can extract say once per day all the EC2 address ranges and add them to rate limiting (in e.g. fail2ban, iptables) or better since the site is running nginx in a rate limiting config
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
Didn't know they published IP ranges. But it be easier just to block aws servers and have some with it. But it doesn't help when some other servers outside of Amazon hits my server. It doesn't happen often, but it keeps happening and soaking up my time :(
Rate limit I tried a few posts back. The limit works but it doesn't help overall. It's why I'm looking just to ban IP addresses who flood the server automatically and have done with it all.
The tricky part is drawing the line between legitimate requests and flood attacks. But I'll study the logs more closely to figure that out.
Rate limit I tried a few posts back. The limit works but it doesn't help overall. It's why I'm looking just to ban IP addresses who flood the server automatically and have done with it all.
The tricky part is drawing the line between legitimate requests and flood attacks. But I'll study the logs more closely to figure that out.
-
sandord
- Posts: 764
- Joined: 13 Aug 2018 22:08
- Location: The Netherlands
Re: ClaudeBot server attack.
I wonder why phpBB's caching mechanism isn't helping enough in this case. Is it because most requests are to pages that aren't cached yet because they haven't been visited for a while? Or is phpBB still executing SQL queries even when serving a cached page?
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
I don't know much about phpbbs backend. Though it's always the SQL server which becomes the bottleneck. When I clear the cache it can take several seconds to show the index page. So it's doing something. But i guess that's mostly just code type caching and SQL queries are all still in realtime.sandord wrote: 28 Apr 2024 12:30 I wonder why phpBB's caching mechanism isn't helping enough in this case. Is it because most requests are to pages that aren't cached yet because they haven't been visited for a while? Or is phpBB still executing SQL queries even when serving a cached page?
I had monitors on slow SQL queries last year. It's the total post count which can take 2 seconds. If there are several requests at once it seems fine. But beyond that it takes 2 seconds. I've thought about just removing the counts a few times. But that only applies to the index page anyway. The server has lot of free ram so SQL should be caching a lot of stuff already. I've tried before to make it faster. I don't know what it is with mysql. It just seems to always be the bottleneck.
But when there is 900 IPs opening up 100s of requests per second anyway.. the server simply runs out of CPU power. Maybe if I had 100 CPU cores it would work fine.. but. 4 core is expensive enough.
-
sporniket
- Site sponsor

- Posts: 1164
- Joined: 26 Sep 2020 21:12
- Location: France
Re: ClaudeBot server attack.
It seems that the server is still under stress, I often get some server errors (HTTP 504/503) or missing pictures or stylesheet.
edit : most likely when I open several topics in a row in separate tabs when catching up with unread new posts.
edit : most likely when I open several topics in a row in separate tabs when catching up with unread new posts.
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
Its because as said a few posts up, there is a rate limit of 100 requests. But i've upped it to 300 now.sporniket wrote: 28 Apr 2024 17:01 It seems that the server is still under stress, I often get some server errors (HTTP 504/503) or missing pictures or stylesheet.
edit : most likely when I open several topics in a row in separate tabs when catching up with unread new posts.
-
exxos
- Site Admin

- Posts: 28360
- Joined: 16 Aug 2017 23:19
- Location: UK
Re: ClaudeBot server attack.
So 300 requests will work, then it will drop connections. That works fine. If I open the store page 3 times graphics start not loading.
Over 400 connections in 60 seconds *should* get the IP banned. But I don't think that's working.
@derkom not sure if you can help test IP banning ? (or anyone else)..
Over 400 connections in 60 seconds *should* get the IP banned. But I don't think that's working.
@derkom not sure if you can help test IP banning ? (or anyone else)..
Who is online
Users browsing this forum: ClaudeBot, trendiction [bot] and 4 guests