The website is expected to be slow for several hours. For an unknown reason, there are a lot of invalid password requests being sent to the website, even though the site easily detects these requests and bans the IP addresses, preventing any actual accounts from being compromised. The IP addresses send hundreds of password requests, even though they are banned after the first three.
iptables slows down after 15,000 banned addresses, which has never been encountered by us before, so we need time to determine how to install ipset (https://github.com/ritsu/ipset-fail2ban). Once ipset has been installed and processing of banned traffic is sped up, the website should return to normal performance.
We'll post an update once we've learned how to configure ipset.
Website expected to be slow for several hours
Forum rules
The News forum is only for updates about the Prohashing pool.
Replies to posts in this forum should be related to the news being announced. If you need support on another issue, please post in the forum related to that topic or seek one of the official support options listed in the top right corner of the forums page or on prohashing.com/about.
For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
The News forum is only for updates about the Prohashing pool.
Replies to posts in this forum should be related to the news being announced. If you need support on another issue, please post in the forum related to that topic or seek one of the official support options listed in the top right corner of the forums page or on prohashing.com/about.
For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
-
Steve Sokolowski
- Posts: 4585
- Joined: Wed Aug 27, 2014 3:27 pm
- Location: State College, PA
-
Steve Sokolowski
- Posts: 4585
- Joined: Wed Aug 27, 2014 3:27 pm
- Location: State College, PA
Re: Website expected to be slow for several hours
This issue has been resolved. We successfully added the 34,000 banned IP addresses to a hashtable, and the website ban procedure performs about 5,000 times faster than the linear search that was performed before using iptables.
No accounts had passwords successfully guessed in whatever this was about. Whoever was responsible simply burned a lot of money and got an entire botnet's IP addresses banned by submitting passwords that failed over and over because the Google Recaptcha solutions were invalid. They're still getting addresses banned at a rate of almost one every two seconds, or 40,000 per day.
No accounts had passwords successfully guessed in whatever this was about. Whoever was responsible simply burned a lot of money and got an entire botnet's IP addresses banned by submitting passwords that failed over and over because the Google Recaptcha solutions were invalid. They're still getting addresses banned at a rate of almost one every two seconds, or 40,000 per day.