Anything else just isn't Enterprise enough.

Is the site being attacked?

The response time is very poor.
Permalink NPR 
August 9th, 2017 10:03am
Works OK for me.
Permalink Legion 
August 9th, 2017 10:07am
Well, reading is fast, but posting is slow.
Permalink Legion 
August 9th, 2017 10:09am
I see that too. He's probably throttling the posting to slow down attacks.
Permalink Bored Bystander 
August 9th, 2017 11:28am
Might be too aggressive if you notice it.
Permalink Send private email Almost Anonymous 
August 9th, 2017 11:42am
It is very, very noticeable.  But it is ok, if you need it.
Permalink Legion 
August 9th, 2017 9:18pm
I had bad lag and it led to me accidentally triple-posting.  It's better now.
Permalink FSK 
August 9th, 2017 9:55pm
I'm guessing... hope this does not help Dr. H....

The posting delay could vary based upon the time since the last successful post from any other user. It's about the only way I can see to defeat a ddos style posting attack like when the site was scrolling by a few messages a second.

So this may cause the delay to seem non existent at certain times of the day when the forum is dead, but at busier times you're being held up because someone else just pressed OK.
Permalink Send private email Bored Bystander 
August 9th, 2017 10:47pm
Yeah, that's exactly what I did.  The problem is tweaking the variables -- this place doesn't get many posts and it doesn't take too many to be annoying.  So it's hard to be aggressive enough to be useful but not so aggressive that it's annoying to regular posters.

I played with a number of variables and analyzed the post history to come up with the numbers.

From what I've seen so far, it doesn't seem too bad.  But I don't post very much.
Permalink Send private email Almost Anonymous 
August 10th, 2017 12:53pm
And I assume you keep a rolling history of posting frequency. If posts start to come in one after another in a regular pattern (if it were my board) which is also not normal I would throttle down more. Or start displaying the CoT "you have an error" window.
Permalink Send private email Bored Bystander 
August 10th, 2017 12:57pm
Right now it's wholly acceptable. I only had a couple of delays I even noticed.
Permalink Send private email Bored Bystander 
August 10th, 2017 12:58pm
It could be more intelligent but I'm basically doing notepad.exe development against PHP4.  It's pretty low-tech.  I don't think I can even run this site on my desktop anymore.
Permalink Send private email Almost Anonymous 
August 10th, 2017 2:13pm
Sorry, how does the delay keep an attacker from just making a bunch of requests concurrently?
Permalink NPR 
August 10th, 2017 6:22pm
Because it's a global rate limiter, not per ip address.

Get some reading comprehension, friend! It was already established that the clock issue was because if you post something right after someone else, it can be delayed due to the rate limiter. This is only possible since this is a low volume site.
Permalink Reality Check 
August 10th, 2017 6:44pm
The response is delayed.

The server accepts the request instantly.
Permalink NPR 
August 10th, 2017 9:06pm
I'm assuming it's that part between the TCP handshake and the HTTP 200 OK that's sent back to the browser that you've inserted some kind of delay:

https://www.eventhelix.com/RealtimeMantra/Networking/HTTP_Post.pdf
Permalink NPR 
August 10th, 2017 9:12pm
I just guessed that Wayne put some firewall like code into Fruitshow and I guessed how it might work. The assumption is that you can receive post requests here from any number of IP addresses, so going per-IP won't help with herr doctor type vandalism. Your only other available remedy is to rely on the average level of usage of this board to set up some timing based restrictions.

The poster 'g' is pretty funny. :)
Permalink Send private email Bored Bystander 
August 11th, 2017 12:41am
My point is that you could still bring down a server just initiating a bunch of concurrent requests.

But I guess this delay would prevent the database from being trashed.
Permalink NPR 
August 12th, 2017 11:24am

This topic is archived. No further replies will be accepted.

Other topics: August, 2017 Other topics: August, 2017 Recent topics Recent topics