(Request) Out of band method to contact admins?

  • 6 Replies

0 Members and 1 Guest are viewing this topic.

Offline pauldelbrot

  • *
  • 3f
  • ******
  • Posts: 1982
« on: September 03, 2018, 08:55:56 PM »
I think we need an out of band method to contact the admins -- preferably NOT dependent on having an account with any particular service (other than here), e.g. twitter or facebook.

Last night I was collateral damage in an hours-long IP blockade presumably aimed at a misbehaving other customer of my ISP. I could not even view the site. My IP, and presumably my ISP's block of IPs, was allowed through the firewall to connect to the web server machine, but the httpd process running on that machine ignored all GET requests originating from here. (This indicates a block made using .htaccess, likely to stymie someone who had been trying to run exploits against the PHP instance backing these forums, since blocking there rather than at the firewall would have been useless against a DDoS assault, and IP-based blocking of any sort would have been overkill against a mere violation of forum rules where a simple account term would have sufficed.)

I had no reliable, definite way of contacting any admin of this site to report the overblocking affecting me as well as whoever the perpetrator was.

If it will be this site's policy to sometimes block whole ranges of residential IPs to fend off attackers armed with PHP exploits, I feel it is necessary that there be a way to contact the admins that does not rely on using this website to do so, so that any regular member who is inadvertently caught in the splash damage from such a block can report their plight and get the IP they're currently using exempted from it.

Other options besides IP blocks include: for exploits, filtering based on the content of packets to drop those that contain known exploits -- this should be much narrower and avoid collateral damage to innocent users such as myself; for DDoS, Cloudflare or a similar service; for either, throwing up a CAPTCHA for IPs originating from a range that's been originating attack traffic, which will block automated attacks but only inconvenience live humans, instead of blocking those IPs completely for the duration.

Please institute one of these alternatives to IP blocks, or else create an out of band channel to report overblocking to the admins. Thank you.

Linkback: https://fractalforums.org/forum-help-and-support/31/out-of-band-method-to-contact-admins/1811/

Offline gerrit

  • *
  • 3f
  • ******
  • Posts: 2148
« Reply #1 on: September 03, 2018, 09:58:17 PM »
FYI I experienced the same brown-out yesterday.

Offline Fraktalist

  • *
  • Administrator
  • *******
  • Strange Attractor
  • Posts: 1164
« Reply #2 on: September 03, 2018, 10:15:16 PM »
hm. and it was only fractalforums?

we do block single ips with suspicious activity via htaccess indeed. though the list is relatively short for the 9 months this has been active. the likelihood of you 2 making it on the list at the same time is nearly non existence.
too bad 3d has not logged in since the voting issue and seems to have abandoned his voluntary job without further notice.
he knows the rules, I don't. he could check, I can't.

no errors in our logs that match your problems in the last 3 days.

Anyways, I expect it was a general problem with our provider. if this stays a one time incident I see no reason to act for now.

if this happens again and for longer times: we have a catchall <at>fractalforums.org so just send a mail to any adress there to reach me.
no twitter/facebook for now.

do you have your ip adresses from yesterday by chance, so I can check if they were added to our blocklist?

Offline pauldelbrot

  • *
  • 3f
  • ******
  • Posts: 1982
« Reply #3 on: September 03, 2018, 10:32:16 PM »
I don't think mine's changed (no modem reboot or anything since then), so the IP on the post starting this thread is likely the one. It is definitely in the same class B.

Offline pauldelbrot

  • *
  • 3f
  • ******
  • Posts: 1982
« Reply #4 on: September 03, 2018, 11:44:44 PM »
New evidence has come to light that casts doubt on last night's incident being the result of any actions taken at your end.

Yesterday afternoon there was a shorter, but similar abnormal event when I was viewing a different web site. The server would intermittently ignore HTTP requests originating from my IP, after having accepted the initial handshake and established a TCP session on port 80. This persisted for only a minute or two.

Now a third similar incident has taken place, but this time it is blocking my access to Facebook, preventing any response by their web server from reaching me after the initial connection handshake.

Once is happenstance. Twice is coincidence. But three times is enemy action.

It is not, therefore, blocks instituted against my IP separately and independently at three different websites for escalating durations all during the same 24 hour period, but one single attacker who is carrying out a denial of service attack on my own machine or my ISP, selectively obstructing traffic to various web sites. Yesterday afternoon's incident was probably a test, and one that only semi-worked. Unfortunately rather than be discouraged the attacker improved his attack tool and used it again last night, this time targeting traffic between my machine and Fractalforums and completely preventing me from accessing this site for hours. And now the attacker is doing it again, only with my traffic to Facebook.

I must now enlist your help in fighting this attacker. Do any of you know how this is being done to me or what I might do to block or circumvent the attacks? I need my access to Facebook restored immediately and I need these attacks to cease happening to me immediately. Any information you might have of a technical nature would be beneficial. I can tell you this much: changing my IP by modem reboot did not help. The attacker immediately moved to blocking traffic from Facebook to my new IP, with a reaction time measured in the single digit minutes at most, and likely with the reaction time of a machine. I doubt they could have compromised my own machine so it's very likely the hack is inside my ISP if they can instantly follow me as my IP changes. Long story short, it doesn't look like I can use occasional modem reboots to stay ahead of this jerkwipe.

So what do I do? It appears to be an attack specifically on either outbound or inbound HTTP traffic, inside my ISP's network perimeter. Obviously calling my ISP's tech support will be useless, because it's a major telephone company's tech support, and they therefore can't even tie their own shoelaces or correctly diagnose an unplugged phone cord, let alone hunt down a malicious blackhat using complex attack tools who has silently penetrated their perimeter security. The attacker can quickly re-find me if my IP changes. I tried to access this site last night via proxies and was still blocked, so the attacker is also detecting HTTP proxy traffic during attacks and blocking that. It's possible they will miss TOR traffic but I wouldn't pin my hopes on it, and sites like Facebook probably block TOR anyway so it wouldn't help when the attacker is blocking me from Facebook.

Based on my own technical knowledge, there are zero options here except either accept this f#*!tard being able to dictate what websites I can or cannot use from now on in perpetuity, which obviously is unacceptable, or else hunt the twit down in meatspace and teach him the meaning of rubber hose cryptanalysis. Any less drastic alternative would be ... useful.

Offline gerrit

  • *
  • 3f
  • ******
  • Posts: 2148
« Reply #5 on: September 04, 2018, 06:27:09 AM »
Maybe try a VPN. Facebook does not block Tor.

Offline quaz0r

  • *
  • Fractal Friar
  • *
  • Posts: 120
« Reply #6 on: September 04, 2018, 08:37:11 AM »
fractalforums was unreachable for me as well.  paul unless you are into stuff we dont know about it seems highly unlikely anyone would seek to target your ability to post fractals or post what you ate for dinner to NSAbook.  also probably time for some serious reflection upon your life if you really think you "need" that crap.   8)

one thing i experience from time to time which i am not sure if anyone else does is once in a while some random site will become unreachable for me, whilst the entire rest of the internet continues to work fine.  it took me the longest time to figure out because it is so nonsensical, but i finally figured out by trial and error that if i reboot my cable modem the problem is resolved (until it happens again).  the need to power cycle modems and routers and things from time to time is something most people are familiar with, but this particular problem threw me for a loop for the longest time as the internet continued to work fine save for the one random site..

as far as ways outside of this website to communicate, i always wonder why nobody hangs out on irc?  claude does, or did, though i tried messaging him once and he ignored me.  as expected i guess  ::)

"Time Span"

Started by cricke49 on Fractal Image Gallery

0 Replies
Last post August 02, 2018, 07:05:21 AM
by cricke49
Out of band contact?

Started by pauldelbrot on Discuss Fractalforums

4 Replies
Last post October 26, 2019, 10:01:30 PM
by Fraktalist
Method for introducing new vec3 color options

Started by mclarekin on Color Snippets

1 Replies
Last post March 26, 2019, 12:53:06 AM
by mclarekin
OpenGL font rendering

Started by sjhalayka on Programming

2 Replies
Last post April 20, 2020, 05:00:47 PM
by sjhalayka
Bairstow's method, Durand-Kerner method and other root-finding methods

Started by FractalAlex on Fractal Mathematics And New Theories

70 Replies
Last post July 02, 2020, 05:15:28 AM
by gerrit