Server outage earlier today

tom

Well-known member
Administrator
I spent quite a bit of the day today dealing with the server outage. It's been happening off and on for the last 6-8 weeks. Pretty random slow downs.

The hosting company figured out it was hackers trying to Remote Desktop (RDP) into the server. It must have been a lot of requests flooding the server.

We setup firewall rules to restrict RDP to my IP address. That should stop it cold.

The hackers never actually got into the server but it certainly affected it as a denial of service attack.

I am meeting with Tim Pierson and Dave Thomas tomorrow to setup a protocol in case the server is ever down during market hours again. I have other servers that can access the member database. I'll build a tool for the experts to send messages from an alternative server.

I thought you'd like to know!

Tom
 

status1

Active member
Does this have anything to do with attachments not being able to view them or is that a separate issue ?
 

tom

Well-known member
Administrator
That's a different server. Do you have a thread I can check? The attachments seem ok to me.
 

Marcas

Active member
Tom, re server problems.
I think you know better but in case...
Disable any passwords to the server, close all but necessary ports, change ssh port, and specifically for you problem use firewall with brute force protection. Check out fail2ban.
 

tom

Well-known member
Administrator
Hi Marcas,

The only open ports are 80 and 443 for the web server and the RDP port that is restrict by IP address. Everything else is closed. I also use CloudFlare for their firewall too but it didn't help on the Hostek server IP. I'm using the hostek firewall for the member server.

I'll check out fail2ban. I have another log scanner too. ;)
 

Marcas

Active member
I'm not to fluent in this, just know some basics (or I hope so :) ).
Didn't know about Hostek. Checked it out. Isn't it a Windows only? Why wont you switch to Unix/Linux server?
I'm not to give any advice - rather to take one.
I know it's not the place but starting to deal with this stuff myself and looking for 'easy' solutions. Do you deploy on Docker? I think it's quite reasonable and gives you much flexibility (afaik).
 

tom

Well-known member
Administrator
I'm not to fluent in this, just know some basics (or I hope so :) ).
Didn't know about Hostek. Checked it out. Isn't it a Windows only? Why wont you switch to Unix/Linux server?
I'm not to give any advice - rather to take one.
I know it's not the place but starting to deal with this stuff myself and looking for 'easy' solutions. Do you deploy on Docker? I think it's quite reasonable and gives you much flexibility (afaik).
I am using a windows server for the member's site. I could possibly switch to a linux server. I've had this one for several years so moving it with all of the domains would be a lot of work.
I don't use Docker but will take a look at it.
 

Marcas

Active member
Definitely not my intention to put more work on you. Moving directly installed website manually is very tedious task that takes time an effort.
I doubt it is possible to make server 100% proof anyway.
I know Docker is an additional learning step but it will make installing and moving from server to server a bliss plus gives you an option for orchestrated service (which brings you back to tedious settings - not sure if you need this presently).
You are doing good job with Aeromir, Tom.
Thanks.
 

tom

Well-known member
Administrator
Thanks Marcas,

It sure is work to keep things running lol. I'll look at Docker but I have a lot of other things to do first. It's definitely a low priority today.

Thanks for the suggestion though. Always looking for better ways to build the mousetrap!
 

Marcas

Active member
When you have time also take a look at serverless services. It has downsides but may take all servicing out off your head.
Unfortunately day is only 24h long... :)
 
Top
Contact Us