Fixes in the works


I am getting many complaints about recent changes. In response to the DDOS attack (Jason has all the details), there have been some new problems caused by the repairs: RSS is down, and there are apparently some slightly annoying javascript additions. We have Top Men working behind the scenes, it looks like we might be getting a security company to tighten us up, and also, coming down the track is a complete redesign of the site. Patience.

Years ago when I was running this place off my own server, one of the reasons I happily leapt aboard the Scienceblogs ship was that they’d take care of all the techy fol-de-rol needed to keep it running. Now that I’m on a different network, I’m constantly grateful that we have people like Ed to handle management, and Jason to futz with the guts, and another person lurking in the black bowels of the machine who I will not name, all juggling all the balls all at once.

Comments

  1. says

    Worst thing for me is that it checks every so often (to see I’m not a robot? Not that I blame it, I do that all the time), but then it goes back to the top o’ the page!

  2. Nerd of Redhead, Dances OM Trolls says

    According to Cloud Flare, you need javascript turned on and cookies accepted for your browser in order to pass the check.

  3. skepticalpete says

    I’m missing the RSS feeds something awful, since I almost never directly visit the site. Good thing I follow most of you on Twitter so I know when you’ve posted something.

    Good luck with the fixes, this stuff is all such a hassle. And all because of some Internet bullies.

  4. nich says

    …one of the reasons I happily leapt aboard the Scienceblogs ship…

    I heard from super secret sources it was to desecrate religious icons and drum up feminazi controversy all in the name of the glorious, glorious page views and the sweet, sweet ad revenue. My MRA surveillance network has it on good authority that it was YOU in that elevator! #falseflag #thisisntwitterdumbass

  5. Dave, ex-Kwisatz Haderach says

    Much thanks to those lurking in the bowels! I dunno what I would do if I couldn’t get my FTB fix.

    Techy sort of question (from an hopeless Luddite): Cloudflare is saying it was hit with the biggest DDoS attack on record. Was that the one aimed at FTB and Feminist Frequency, or just coincidental timing?

  6. Nerd of Redhead, Dances OM Trolls says

    Cloudflare is saying it was hit with the biggest DDoS attack on record. Was that the one aimed at FTB and Feminist Frequency, or just coincidental timing?

    While searching Cloudflare to find what it necessary to pass the browser test, I noticed it has been reported that the DDoS demons find Cloudflare to be the enemy, and attack it regularly. Coincidence is my guess.

  7. raven says

    I’ts a miracle!!! Freethoughtblogs is back from the dead!!!

    LOL.

    FTB’s has been blocked for one of my systems since Saturday night. I did some checking and this was a common problem with many different IP’s.

    Apparently, whatever they did to defeat the DDOS attacks blocked a whole lot of IP addresses. I was able to read it in Google cache.

  8. Scr... Archivist says

    We have Top Men working behind the scenes…

    So you’re telling us that the website is going to be boxed up and forgotten in some massive warehouse ?

    Fools. You don’t know what you’ve got here.

  9. skepticalpete says

    Seems the RSS feeds just blurted out a big batch of articles, at least for Pharyngula and Lousy Canuck. So it looks like things are slowly coming back online.

    Thanks to the Top Men and those lurking in the bowels.

  10. mightybigcar says

    RSS feeds are working for Akregator now (hooray! buy the Top Code Monkeys a pint!) but not for Feedly yet (despair. drink the pint myself to drown sorrow).

  11. says

    The Top Ball Jugglers (better?) have informed us that many barriers were erected to block possible avenues of incursion, but as they diagnose the specific nature of the attack, they’ve been dropping the ones that are irrelevant to this particular penetration. RSS should be coming up shortly.

    They have also told me that the big European DDOS event was not the same as our attack, and was probably not related (although I suppose we could have been a little league training event for assholes). The attack on us was specific and targeted: they were directly going after our IP address.

  12. says

    I have no objection to the system checking that I’m not a bot or hacker, even if I don’t like how it slows down the connection. But occasionally, it’s causing posts or attempted posts to be lost and choked on.

    I usually write posts in a text editor then copy and paste them here, so I don’t lose what I’ve done. But I’m sure there are a few people who have lost what they were trying to write.

  13. says

    The “paranoid” mode of Cloudflare has been disabled. It’s really only good if you’re under attack right then, and only if the attack is an attempt to access the website proper. Since that doesn’t fit the profile of the attack on Saturday, it’s been turned off, and the RSS should be good now (though Feedly I believe caches their blogs every half an hour or so, so it might take a bit for them to figure out that we’re back up).

    I answered some of the slimepit alternate histories in this comment, which should give some more context to what actually happened and why it’s likely unrelated to the attack on Cloudflare.

    Though, the tactics are identical. I believe it’s the recently discovered NTP amplification attack — an attacker’s internet connection does not have to be very large to flood a site with thousands of times more network traffic than they’re themselves sending out. So a single attacker with a tiny little wee internet pipe can still take down a site by training someone ELSE’S big fat network pipe at your server.

  14. says

    I should also say — I’m only telling everyone what the attackers themselves already know, and I’m not giving out and will not give out anything that will put us at more risk.

  15. AMM says

    I notice that they no longer require JavaScript.

    That’s a great relief, since turning JS on generally increases load times by a factor of 10 or so.

    Also, turning it on enables a bunch of weird and sometimes creepy ads. There were a number of ads featuring nearly-naked women (you know, the old “buy our product and this woman will be your sex slave” pitch), not to mention a number of ads clearly aimed at members of certain religious groups (the one offering hookups with “other mormons” was the best.)

  16. jste says

    @Raven:

    FTB’s has been blocked for one of my systems since Saturday night. I did some checking and this was a common problem with many different IP’s.

    Apparently, whatever they did to defeat the DDOS attacks blocked a whole lot of IP addresses. I was able to read it in Google cache.

    Yes, the way the internet works combined with the nature of DDOS attacks means there is often a bit of collateral damage in weathering the attack. To be honest, Cloudflare do one of the best jobs of handling DDOS that I’ve ever seen though.

  17. Nerd of Redhead, Dances OM Trolls says

    Ah, Firefox and Safari both back to being able to visit Pharyngula.

  18. says

    Well, other than the, “checking to make sure you are on a browser.”, message on Firefox, I never had an issue getting in. But then, I only keep content.ad, googleleadservices, and google-analytics dead. Though, having taken a quick look, I think I will enable the analytics. It seems to be about usage, not ads. Anything “new” and not directed from the site itself, however, will stay dead, since its likely to come in via one of the ad systems.

  19. Sunday Afternoon says

    How will it be, this website redesign that you have spoken of Brother PZ, how will it be?

  20. edrowland says

    A distributed denial-of-service attack targeting a client of the content delivery network Cloudflare reached new highs in malicious traffic today, striking at the company’s data centers in Europe and the US. According to a Twitter post by Cloudflare CEO Matthew Prince, the full volume of the attack exceeded 400 gigabits per second—making it the largest DDoS attack ever recorded.

    Was that you YOU??!?