No, you wouldn't be correct. If we deem an issue worth commenting on, we do it in the main News page.

I don't know if we're talking about the same thing, but sure enough, it is a hard day. It took me, at least 30 minutes to connect at AW, and once I'm in, it's very hard, to travel from page to page, even more to view pictures, or even read the thread.

But what the heck, it's Christmas eve, and we are suppose to be happy and patient. So, let's hope it will get better as the day goes by.

Yes, we were undergoing another DoS attack. They seem to have gotten bored now, but they may come back.

Sorry, there is nothing we can do, except ride out the storm.

a

oh, and our reason for not starting a new thread was cos we were sleeping.

Sheesh, give us a break, eh?

a

Who does these attacks and why?

In my eyes the same kind of sick people who write viruses, trojans & spy software.

Why do they do it? There are different possible reasons: trying to break-in to a site, to get the site unavailable, to annoy people.

It's a pity that there's nothing you can do when it happens.

Lxm

For a software solution there is always http://www.packeteer.com/resources/p...rBroFinal2.pdf . It is not free but it actually works.

Cisco Systems offers the most robust and impressive hardware that I have ever worked with. It can literally reflect DoS Attacks to the offending servers and, depending on your local laws and regulations, respawn one stream into multiple streams so that the offending machine is 'cripled' to a complete shutdown within moments.

FREEsco http://www.freesco.org offers a very nice router package that may be run on an old 386 machine that you have sitting in storage. The number of NICs is only limited by the number of open card slots on your motherboard. You may drop it in right behind your CSU/DSU to gain the greatest speed performance or you may plug it inline if you are on a less robust network. You obviously want a more modern machine if you are running on OC3 or DS3 (T3 or E3) so that you make use of at least one Gigabit NIC for the main I/O gateway. If you are using one or more T1s or E1s then standard 100BTX cards should offer sufficient throughput.

DoS Attacks are certainly irritating but their effects may be minimized by using a healthy combination of hardware firewalls and software packet and stream monitors. I do not know many of the freeware Linux distributions for this type of software. Most of the projects that I have worked on have been commercial in nature so they employed CISCO products and commercial software packages. I hope that this information proves more useful than irritating because DoS Attacks certainly made me cranky until I figured out how to get around them.

What, you were sleeping again? Didn't you sleep yesterday as well?

<g>

Numlock, we have explored those apps, and several similar.

Unfortunately, none of them can do what we need - they will be good on some aspects, but bad on others.

a

It is truly unfortunate that some childish individuals create so much otherwise unnecessary expense. The Cisco
PIX 500 series do a fine job but they come at a hefty price tag as well. I believe that a 525 retails for just under $12K US but some of the online auctions have them for much less. Then again, the purchase is usually the easiest part of the whole ordeal. The difficulty comes in convincing an IT department that's in love with Microsoft products that it must adapt to meet the needs of the customer base. I think that I would rather wrestle a crocodile than go through that process again! The results are staggering and immediate but so are the hurt feelings. I think that most men are better equipped to hear that their members are too small than they are to hear that they must discard years of learning and start all over with a new technology!

Best of luck!

Is it like syn flood or a bot network attach or something else? I assume your in a datacenter with a load balancer of some sort and a firewall behind that and then the servers? Mazu makes some good DOS attack tools. They are an inline/bridging devices that can recognize dos attack patterns and then block them. Also if it's a bot or dos attack the application is usaully writen in a way that makes their packets look a bit different than the rest. If you have a good router like juniper you can match these differences and drop the packets. Your provider might not like to do that stuff for you tho, since it puts a burden on the datacenter network. If you have a packet capture of the attack I can look at it for you.

There are things you can do you just need to pony for some cash for the tech

zinner, cash is not the problem - nor is it a reluctance to apply it.

We cannot find a product that will allow new customer to join easily, allow existing members to access the site fine, and not allow crackers to perfom DDoS attacks.

We're using a cluster of three servers currently, yes.

a

I believe that Zinner has the right idea. I know of no single tool, software program or network appliance that can handle the complexity of enterprise network management. A good combination of Sun Microsystems servers and Cisco network infrastructure can do the job. It's not the brand names of these products that matter. It's the fact that the hardware is designed specifically to run network protocols. Without getting into the whole 'little-endian/big-endian' data processing jargon, Intel based servers running standard MS products work just fine for small to mid sized networks. (Windows Server 2003 Web Edition is not the proper tool for a professional business (IMHO).) Linux ramps this up to make them even more powerful. Sun servers do not require any 'ramping up'. They are built with a different set of core programming. (The machine itself is built with the ability to balance traffic loads and requires no additional software to take advantage of this feature - Even Solaris has a standard load balancing interface.) It might be interesting to attend a webinar on the power and performance of the Cisco/Sun combination if you have the time and opportunity.

I am certainly not here to critique the way that you run the AW site. For the most part it is elegant and powerful. (And of course the content is breathtaking!) My first post was only a statement of observation that something unusual had taken place and that my initial guess was a downed server because most commercial sites handle DoS attacks almost transparently these days.

Best Regards

A Basic Professional Configuration

The worst part about a server problem, be it a DoS attack, a hardware problem, or a software glitch, is that the new members who sign up think this is our standard way of operating and that it's that problematic and slow all the time. And yet, as regular members will attest, most of the time the site is very speedy and problem-free.

The irony is, the more popular we are, the more of a target we are for nefarious deeds like DoS attacks, and also the more we expand the site the more potential problems can creep in, and the busier we are the slower the site can get at peak times...

It's one of those hellishly annoying compromises that are inevitable and unavoidable. And we get blamed for it.

Hmm... sounds to me like you need to go think it over with the help of a few pots in a sunny beer garden somewhere. After all, it's a beautiful day out there today, and your tone suggest's you could use a break.

Remember that people who are quickest to blame are the one's you should worry about the least.

I think that most people want 24/7 uptime with unlimited bandwidth and expect the 24/7 part but settle for less in the bandwidth department. I just chugged off another 3-month subscription because I like the content and the DoS attacks have been pretty much reserved for the weekends. I usually visit in off-hours so this isn't a big deal for me.

As for who is at fault, I see that as being more or less irrelevant. I'm a strong advocate of, "
Fix the problem - not the blame!" That is difficult in this situation because it requires change and we all know how much everyone likes that. Passing the users through a secure server to a secondary DMZ is a 'quick and dirty' solution but it requires that AW double up on bandwidth usage. That gets expensive very fast. The same is true of 'proper' network infrastructure. The hardware alone would cost well over $60,000USD and then there are annual service contracts and other 'unforseen' items that would easily kick that up to $100,000USD for the first year and then $40,000/yr thereafter. This means that the first year alone would require 555 users paying quarterly and then the 'regular expenses' would require additional users.

If the AW site hosts to more than 1,500 monthly paying users then this is a 'no-brainer'. If not, a brief note in the main page explaining the situation would really help when a DoS attack hits. I can accept the facts when a frustrating situation takes place. I think that most people can. I think that most new users would prefer this too. If they are told what is happening then many new users will shrug it off and move on to other sites but at least they will know that this is the exception rather than the rule. They might cancel their subscription after only one month but at least they won't tell everyone they know how it appears that the AW site is being run from someone's basement.

drinking lots of beer can further aggravate the situation

users need to keep current with daily visits

everyone in my hometown is a member

several don't own computers

if Edison didnt invent the lightbulb, none of us could see the on/off switch on our computers and dos attacks would then be a rare event

I'd like to second this idea. Informing your members should ease things somewhat. I have indeed been shruggin' it off already, so to speak (and also before getting into the shower of course ).

Only if they are further aggrivated elfie.

Sometimes when we think it relevant we do inform people. In this case I didn't know it was happening until I logged on, and then i didn't know what was causing it, or if our tech guys were already addressing it.

As it turns out, they were not, because this is a weekend and they're off doing their own thing at that particular time. Like sleep.

I still don't know what caused it, so there's still nothing really to inform you all of.

This is information, not a complaint. From where I am sitting the site seems to have been very slow whenever I've logged in over the last 2 days.

Now Candace has started throwing Page Not Found and the home page has gone all to hell, with the news disappearing! Time for bed.

Yes. We know. This is why I brought it up.

Oh my word, my front page has redesigned itself in the most bizarre style! it looks like the first ever web pages from 15 years ago!

I was having problem downloading Miranda because of slowness so I went to bed knowing that (and hoping) when I log in again it will be fine. Right now I downlaoding one of Miranda mpg3 and its going along nicely. It could one or two thing whats causing it-

one: Someone has nothing to do and hack into your system. or

two: Its too many of us logged into this site. Either they are members or guest looking at the guest area. I use to go into a free site once (very hot to) and sometimes it takes forever for the galleries to appear. But later on when I going into that site it works fine.

Last Saturday night I was downloading one of Susie and Melissa mpg3 and it took just over five hours to downlaod. I was expecting when I go home after a saturday night it will be stopped halfway. In my surprise it was still going and just about finish. It finished after midnight.(good mpg3 but don't like music. I want to hear the models speak) I don't know I am not a computer expert, but the size of the download is a part of the problem? Bigger downloads take a bit too much bandwidth from this site?

Must go now I have work to do

GCG71 'Living is the sunniest state of Australia'

I just finished reading the “Slow – FAQ” and found it quite enlightening. I was not aware that the AW site is hosted from California. Neither was I aware that it has “many thousands of members.”

Linux-Apache-MySql-Php (LAMP) is the preferred setup for small to mid sized websites. It does a fine job for many growing web producers. “Many thousands of members” sounds a bit bigger than a typical LAMP configuration. That’s got to wreak havoc on the stacks and heap.

I do not know the AW site’s configuration. This makes me happy because if I do not know it then others are less likely to know it. This means that in my mind the site is more secure. With that said I do have to wonder if enough is being done to correct the current problems. As the site is hosted in California (no difficulty obtaining high-end security or load-balancing products) and it offers service to many thousands of members (plenty of financial resources) a week of ‘limping along’ seems a bit excessive.

I typically connect during off-hours so my download performance is still quite good. I do like the site even if it has a glitch or two along the way. I would like it even more if the glitches were removed though.

So did I. Thanks for taking the time and effort to write such a comprehensive overview.

Smitten.

Well, we'll take this on board, Numlock, but you admit your assumptions are based on conjecture, so I honestly think it's an inappropriate critticism to make without all (or even most) of the facts on hand.

As you also admit that the details of how we host are best kept secret for security issues (something that is deliberate, I might add), you'll easily forgive me for not elaborating. You'll just have to trust me when I tell you, it's not as easy as you imply.

You can only imagine how stressed out I was by our intermittant / down time - unlike on the boards, people do not feel the need to hold back in emails to me about how they cannot believe how badly we're ripping them off, how we're just as bad as all the other porn sites, and so on; these are things that honestly hurt me personally, cos it's so obvious how hard we try to ensure every aspect of the site is as good as we can possibly make with the tools available.

Anyway, the good news is, we have those problems licked now, and we're more solid than ever. We're looking at adding at least one new programmers for features, and sharing another with another site who's going to switch to our CMS, so hold on to your socks: we're going to have one fucking amazing CMS by the end of this year.

Sure, there will be spunky models still, but the CMS will do things that make you go, "nudie chicks or not, I want to stay here to play with the neat tools!".

a