Discussion in 'Site News and Announcements' started by sue, Nov 7, 2011.

  1. sue Administrator

    Some will hate it some will love it.

    Here is the deal:

    Donations have been down (virtually zero) and we have been burning through the development budget to keep the site online with ddos mitigation. Needless to say this is a dead end, especially since the mitigation in place fails to twarth the larger attacks without us shelling out even more. In other words, we were throwing money into a bottomless pit.

    Cloudflare is less expensive and while not a full mitigation provider deters similar attacks, especially those smaller in size.

    Most of all, overall performance and page load times for most parts of the site should improve, especially for our european visitors.

    Either way we're giving this a test run, we will see if this works out for us.

    I will also in the next few weeks be looking into the well overdue ssl support, but this might take a little longer to setup as wildcard certificates are rather expensive and pushing the forums into the root/community/ directory will require for us to look at the url rewrite engine. (wordpress / xenforo)

    I might not have explained it all correctly, nor do i know if everything comes across as it should.

    The bottom line is:

    If in the next few days people get weird warning pages and so forth: We're testing out a new service.

    Thank you.
    • Like Like x 13
  2. Anonymous Member


    Good old CloudFlare!
  3. telomere Member

    thank you.
    • Like Like x 3
  4. Anna_Asks Member

    I'm excited; CloudFlare is a very good company and you'll likely be very happy with them!
    • Like Like x 1
  5. sue Administrator

    Yes, we've been using them for several websites and have so far been very happy with it. It is however the first time we're using it on this one. Some things could still use some slight improvements, but it's nothing that would warrant not using the service.
  6. Anonymous Member

    Awesome work. And it matters. Thank-you.
    • Like Like x 2
  7. sue Administrator

    Bah, completely skipped the part where we have thousands of remotely hosted images linked into posts. Now i remember why we didn't set up ssl before. My bad, not something that is going to happen within the next few weeks. Fixing that is going to take a little bit more than setting up certificates.
    • Like Like x 2
  8. Tangerine Member

    The amount of images is a conversation in itself. Thanks for all your work.
    • Like Like x 4
  9. telomere Member

    that's almost exactly word-for-word,
    the convo I had with a [customer] yesterday. jinx!!!
  10. sue Administrator

    it's possible to do so by sticking a server with a vpn and a nginx (x-accel-redirect) reverse proxy for remote adressess. Vpn to prevent giving out the origin IP for "sneaky" "hi your ip is **.*.**.***" kind of image sites.

    Obviously this would take time to setup and test properly. Wouldn't want to introduce gaping wide holes. But then we could add ssl on that and any and all images are served through the ssl proxy :)

    Then videos.. ooh well it would take some more time. Good luck with your project.
    • Like Like x 3
  11. telomere Member

    Thank you.
    [we] won't need to go there. SSL would be nice but the stakes are lower.
    Sometimes it just feels good to be reminded that [we]'re not alone.

    • Like Like x 2
  12. sue Administrator

    And there i was hoping you were going to offer doing it for us. Damn.
    • Like Like x 2
  13. Anonymous Member

    Too tech-illiterate to understand hardly anything being discussed in this thread, but I'm confident WWP admins and other staff will figure out a good plan of action. Thanks for all the work you guys do.
    • Like Like x 2
  14. Anonymous Member

    No idea what any of this means so I donated again.
    • Like Like x 8
  15. ZeroC Member

    Just spoke to my friend who I use as a monetary proxy,

    $500 has been credited to your account.
    • Like Like x 10
  16. sue Administrator

    thank you for your generosity.
  17. TorontosRoot Member

    I have been wondering why the cloudflare splash page has been displaying instead of the forums, was it a result of a transition or a D/DoS attack? I couldn't even post a reply to the november 19th thread or read replies. I hope all is well.
  18. sue Administrator

    when was this?
  19. I have never noticed a problem because of cloudfare, I use open DNS though so maybe updated faster than normal DNS? if that has anything to do with it... also i have a middle mouse button on my mouse wheel.
  20. cfanon Member

    I think it was last night UK time.... but can't say for sure, I didn't pay much attention, just saw the cloudflare page and figured it was a (D)DoS and went else where, never payed much attention to the time. Shouldn't it be in the server logs?
  21. maybe in the logs of cloudflare but i don't think the server logs would show anything, maybe LACK of traffic? the whole point of cloudflare is to protect us from such attacks and I would figure a brutal attack would show a default page. I dunno. please submit a freedom of internets request with WWP by filling out form BH22 completely along with a scanned image of 2 Cheerios box tops and wait 6 to 8 weeks for us to contact you back by phone where we verify your membership, then wait another 2 weeks for tech support to send you a support ticket number. From there you may have to wait 1 week to receive a confirmation email that WWP has received your support ticket. 3 days after that you will receive a form letter stating that your security level does not require WWP to disclose traffic log information and to contact Phoenix Wright in our legal dept.
  22. cfanon Member

    The lack of (or major drop in) server logs for a specific time a pretty big clue of something going wrong. AKA Cloudflare blocking the requests.
    • Like Like x 1
  23. sue Administrator

    I tried searching for "last night UK time" it didn't return any results.
  24. cfanon Member

    There's your problem then. That must be the time it happened if there were no results.
    • Like Like x 2
  25. TorontosRoot Member

    So either way, if I see the default page showing, I'll screencap it and link to it here.

    It said something about the site being down (last week I assume) and that there was no cache or mirror available? A screencap will really be helpful.
  26. I don't have a screencap key, I still use an old machine so I only have printscreen. Is there a program to emulate the new key? I have a windows key though. Instead I guess I'll just mock up in photoshop what I think people saw, like a police sketch.
  27. Anonymous Member

  28. TorontosRoot Member

    Printscreen is on just about every keyboard except some laptops and netbooks, if you must, use a USB keyboard that has it. It's quite possibly the best key there is. There should also be some free windows utilities too. Linux has one titled "take screenshot" in the gnome area. Mac users, I forgot the shortcut key.
  29. i used my DDOS button repeatedly (f5) until i got this to come up, then used printscreen to cap - hope it helps admins.
    • Like Like x 1
  30. Cheshirecat Member

    lol googling taco recipes.

    Also good job Admins.
  31. z0Yz2.jpg

    Site was unavailable for some time. As shown above, the off-line message came up on several tabbed pages I was working with.
  32. cfanon Member

    ^ That's the error message I got a couple of days ago :)
  33. sue Administrator

    How long? Are we talking a minute or two or are we talking an hour + ?
  34. Anonymous Member

    minute or 2 or 3 for me
  35. SOUNDS SERIOUS. though, I'm no doctor. consult a professional immediately!
  36. Apologies, sue. I didn't take notes on the overall downtime. When each of 6 or 7 tabbed pages became inaccessible, I went AFK for about 30 minutes. According to the Anon post above it was a brief period.
  37. TorontosRoot Member

    It lasted for more than a few hours for me. I was disappointed. But after that while, it was back online.
    • Like Like x 1
  38. telomere Member

    I've noticed there seems to be an almost-daily downtime, between ~ 08:15 and 08:30 GMT.
    I can't give any specifics, but it seems to be more than 5, and less than 30 minutes duration.

    (It may not be every day, but has been at least 3-5 days a week)
    I'll see if I can get better numbers on that.

    Thanks, Jacky ;)

  39. There is a scheduled daily maintenance period. It usually starts around 00:10 Pacific Standard/or Daylight time and lasts for the better part of 30 mins.

    A member can stay on-line at WWP for this period, but if pages are interacted with, an error message is returned.

    When the maintenance period ends, a member can return to what they were doing on the site prior to the downtime.
  40. sue Administrator

    That is very unusual.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins