Bitcoin Forum

Is it just me, or was there server downtime for a significant period of time? (>30 minutes)

About half an hour before making this post, I mean of course it's working right now. I got an error code which I forgot to save when it finally loaded. Anybody else?

When you not sure if a website is offline for all people you can easily check it with a website like this: http://isitdownorjust.me/bitcointalk-org/ (http://isitdownorjust.me/bitcointalk-org/). Other websites can do something similar for you but you can google that by yourself.

Yeah. At first I was getting time out error but it changed to smf database error (website checkers don't see this as down) in the last few minutes. Probably just server overload or something.

That site is not always correct. Sometimes the site is not down but you cannot access the website because it has some error.

Yes, there was a DDoS attack.

It was also down here. After a while the forum was back up, but the index page was only showing an error. It would be nice if the bitcointalk twitter account would be used to give people some information.

dunno if theses sites will give an accurate results since we could load bitcointalk but we can't access it

thanks for the answer (couldn't say it before because it got hanged cuz of the attack)

OMG! Is everything going to be okay? Can we expect more downtime? Please answer!

Probably there will be periodic downtime until they stop or until I figure out how to mitigate the attack.

Yep, was down.  Went out to the store to buy some melatonin for our clients, came back and it's up. 

Did we get hacked?

I don't know but on a hidden market which I can't name, I saw a Bitcointalk.org accounts listing, so I would change my password ASAP. It had plenty of sales too.

OK, that sounds like a damn good idea.  But is that the old database or what?  Like, last time we got hacked and had to change our passwords?

Anyhow, thanks, gonna change it now.  I removed that feedback BTW but you ought not deal in accounts.

Well, I guess this was quick. Thanks theymos.

It is down for me as well. I was in the discussion with another trader. and thought my internet connection was down. 

Forum was hacked in the past - so unless staff will confirm that today's forum outage is linked to database hack as well - I am gonna assume that they are selling database from from that previous hack.

Yeah I noticed it too when I cant load the site even I had a stable connection, but thanks its litle bit fast. Just what happened few years ago. Our accounts are safe from hackers? Do we need to change our passwords because of this?

Given the circumstances, it wouldn't hurt to change passwords anyway, just for good measure. That's my thoughts on it at least.

oh,that's a good question

A DDoS attack takes a site down, it doesn't provide the attacker with any access.

You should make a thread with the details. Perhaps programmers would help you solve the problem. I know I would take a look and try to come up with solution.

Theymos is a programmer. The site has been under multiple DDoS attacks. There isn't much that can be done that hasn't already is done.

These HF kids with their botnets really need to get a life =/

"News: Due to DDoS attacks, there may be periodic downtime."

Are we attack this period? I can't access the site in several minutes even I have a stable internet connection, I tried in http://www.isitdownrightnow.com/ and it is down at that time and just for a while I'm able to access it again. Is everyone experienced it also?

Getting intermittent connection right now it was worst yesterday.

Yes, please read my post above, we are being attacked.

"News: Due to DDoS attacks, there may be periodic downtime."

From the "News" listed underneath your total time logged in

But my question whether bitcoin talk is not secured with cloudflare? and every 30 minutes bctalk is already recovering and just 5 minutes later bctalk is down again

You never asked about cloudflare. People here cannot read your mind, so you actually do need to ask what you want to know.

And no, Bitcointalk does not use cloudflare. This is because CloudFlare can become a Man-In-The-Middle and risk user privacy and security.

That's just the nature of a DDoS attack. Sometimes they take things down, sometimes the countermeasures work, and sometimes it just slows the site down a lot.

It seems like the DDoSing has stopped. The forum isn't slow or crashing every five minutes.

Honestly, you don't need CloudFlare. Just set the server to require captcha input after x% server load or lag.

Your explanation is make mi mind is bright, thanks for that.

I guess they're going to do it every day at around this time until I figure out how to stop them... I've made some progress on that front, but it's not done yet.

If anyone is an actual expert in Linux networking (ie. the term "GRE tunnel" is familiar to you), I could use your help in figuring some of this stuff out.

How long will they keep attacking this forum. What's the main reason why they keep doing this. Is theymos is a big treat to them or whatsoever  :'(

It was absolutely down for the last 2.5 hours. No connection at all.
Just now was able to log in and surprised how long it was just timed out for.

Theymos, were there any demands linked to these attacks? I know that in the past, when forum were DDoSed attackers wanted to extort 10 BTC.
This time is different? Or do they want money as well? Someone is bored/has grudge against bitcointalk or something?

Maybe there is no DDoS attack, and the forum is being taken down for hours at a time for days in order to cause the signature spammers to lose interest in spamming the forum, and to look for income opportunities elsewhere.

#ConspiracyTheory
#ThisWouldActuallyBeGenius

Nope.

Can't afford a cloudfare ddos protection or something similar?

since theymos said there is no demand about these attack, i am thinking they are just a group of kids trying to do this DDoS thing or they are owner of another crypto related forum trying to get some members when main btc forum is down

I missed you Bitcointalk!!! <3 <3 <3

It was the longest day of my life, I had absolutely nothing to do with my life, I was so heartbroken :(

I was actually missing the trolls in the Politics and Society subsection!

Are we good now?

I'll be glad to help. My testing computer & router farm is temporarily in storage due to moves, but my brain is available.

The further discussion probably has to switch to private messages for security reasons.

Instead of Cloudflare use an DDoS protected Reverse Proxy IP. The Cloudflare Free Plan is not helping at all, to stop an big attack.


Edit: It seems you switched to Cloudflare and forgot to add SPF Records which fail to deliver mails to most known email provider. However, I do not receive notifications of Bitcointalk.

The ddos is still active or what? I couldn't browse the forums in the last 30 minutes without having a connection problem, don't know if this issue happens only now or it is persistant..
Theymos please fix it  :(

What are you talking about? Bitcointalk doesn't use Cloudflare.

You can't stop a DDoS attack, you can only attempt to mitigate the effects of the attack. Theymos is still trying to figure out a way to mitigate the effects, but clearly networking isn't his expertise.

I hate to be that post but, yeah, I agree, please fix it. I really really am addicted to this forum, say what you want, but just like people have their Netflix, television, etc, I have Bitcointalk, and without it I really don't have a hobby anymore :(

I hope you fix it soon. I know you're trying your best.

Isn't it possible to change servers?

If you change servers, the person who is ddosing will simply redirect their computers toward the new server. Plus, it takes a while to point nameservers.

I had similar experience two days back also and now today again wasn't able to visit forum as it was unavailable.
Yes it should be fixed now.Is Theymos aware of this problem?

Yes, please read the thread before commenting. The notice has been posted in "News" below your Total time logged in, he has also stated here that he is working on figuring out a way to mitigate the attack, and we can expect more periodic downtime

I think it might be time to reconsider using cloudflare or similar service.

In the past, one of the main reasons why it was said cloudflare will not be used is that theymos would need to give up effective control over the HTTPS keys to google in order to use cloudflare.

However with the claim that bitcointalk.org (and bitoin.org) might be the subject of state-sponsored hacking attempts (and that such state-sponsored hackers might be able to compromise and/or impersonate the HTTPS keys).

The argument behind theymos maintaining exclusive control over the HTTPS keys is that he would be able to (and be expected to) push back against legal processes demanding access to information that would be accessible with the HTTPS keys. However, IMO google would likely be better equipped to counter state-sponsored hacking attempts, and would have greater resources to do so. Giving google effective access to the HTTPS keys would not make users defenseless against illegitimate requests for information accessible with HTTPS keys because, at the very least there will be some level of judicial oversight over legal processes requesting information, and even when this is insufficient, theymos would likely still be able to fight these kinds of requests to some extent. 

I think we are no longer being attacked. Why do the news still speculate there may be periodic downtime?

Maybe theymos forget to remove it from the News section.

IIRC, I saw that message a few times too.

EDIT: I saw the message again and got a chance to copy it. ;p
"Due to DDoS attacks, there may be periodic downtime."

You never know when the forum will be attacked again, so I guess it is stickied while there is no other news to show

<just sharin' what I've learnt today is all>

https://en.wikipedia.org/wiki/Denial-of-service_attack#DDoS_extortion


Solon, Olivia (9 September 2015). "Cyber-Extortionists Targeting the Financial Sector Are Demanding Bitcoin Ransoms" (http://www.bloomberg.com/news/articles/2015-09-09/bitcoin-ddos-ransom-demands-raise-dd4bc-profile?mod=djemRiskCompliance). Bloomberg. Retrieved 15 September 2015.

Wow, thank you so much for sharing, this could explain why so many websites are going through DDoS attacks right now!