LET is down?

Boogeyman

@skorupion said: As per @yoursunny signature, we need 3 dramas a week on LET.

Make that 4 and friday is mandatory because that's my off day.

bulbasaur

@LEBAdmin you do need to up your ratelimits a bit, I get blocked just after visiting a few threads. Maybe just put ratelimiting on the frequently requested endpoints?

notarobo

I think @codydoby has bad luck. just days before, big problems with many peoples about VPS recycle for big profit. then suddenly LET is down. such bad luck.

but I still blame him anyway.

Adam1

i'm still effectively banned

wii747

Cloudflare has some performance issues https://www.cloudflarestatus.com/

jbiloh

Who is still facing issues? And what type of issues are you seeing?

fragpic

@jbiloh

I'm still being rate limited and am not able to use the options in the text editor. Based in India

jbiloh

@fragpic said:
@jbiloh

I'm still being rate limited and am not able to use the options in the text editor. Based in India

Are you using a proxy or tor?

fragpic

@jbiloh said: Are you using a proxy or tor?

No, but it seems to be working now.

jbiloh

@fragpic said:

@jbiloh said: Are you using a proxy or tor?

No, but it seems to be working now.

What type of cf issue were you seeing?

fragpic

@jbiloh said: What type of cf issue were you seeing?

I was getting the DDOS loading screen and then when I was trying to use the link, image or format buttons on the text editor, they were not working.

jsg

@jbiloh said:
Who is still facing issues? And what type of issues are you seeing?

Just a nuisance but still ... Whenever I refresh the page now (after the DDOS) I get a "do you really want to retransmit the form" popup.

Adam1

@jbiloh said:
Who is still facing issues? And what type of issues are you seeing?

me, Error 1020

jbiloh

@fragpic said:

@jbiloh said: What type of cf issue were you seeing?

I was getting the DDOS loading screen and then when I was trying to use the link, image or format buttons on the text editor, they were not working.

But they are working for you now, correct?

jbiloh

@jsg said:

@jbiloh said:
Who is still facing issues? And what type of issues are you seeing?

Just a nuisance but still ... Whenever I refresh the page now (after the DDOS) I get a "do you really want to retransmit the form" popup.

Thanks for the information and feedback!

jbiloh

@Adam1 said:

@jbiloh said:
Who is still facing issues? And what type of issues are you seeing?

me, Error 1020

How often? What are you doing when you get that?

yoursunny

@its420somewhere said:
Was this an attack from China? I'm looking at you mjj @codydoby

News flash from MJJ headquarters
https://hostloc.com/thread-819894-1-3.html

LowEndTalk is being attacked, and what does that have anything to do with MJJ?
I am purely venting. Seeing everyone making up random alternate facts, I feel grass growing in my head.

Top replies:

• Let them say what they want to. You should continue DDoS-ing them until they beg for a pardon.
• It's all your fault that you are posting meaningless content there.
• Your drama is all over LET recently. Everyone is watching a monkey play. Moreover, you were caught for being a scalper, and you continued arguing. Therefore, you got exposed again.
• @yoursunny started the drama and you followed up with the story, making a scene. In the next scene, @its420somewhere started the drama, but there's no other actor to substitute you.
• Truth. @codydoby is now a celebrity.

There's another thread: @yoursunny on LowEndTalk is disgusting.
I couldn't see the content though.

Correlation but not causation, I'm still getting attacked:

$ jq -r 'select(.status==404 and (.request.uri|contains(".php"))) | [.ts,.request.method,.request.uri] | @tsv' yoursunny2017.log | tail -20
1616011209.1008286      POST    /x.php
1616011210.9789934      GET     /user.php?act=login
1616011214.542939       POST    /utility/convert/index.php?a=config&source=d7.2_x2.0
1616011218.3801823      POST    /libsoft.php
1616011220.364429       POST    /libsoft.php
1616011225.8595366      POST    /libsoft.php
1616011227.4459896      POST    /libsoft.php
1616011231.8533728      POST    /libsoft.php
1616011234.9658687      POST    /nuan.php
1616011237.783235       GET     /install/index.php.bak?step=11&insLockfile=a&s_lang=a&install_demo_name=../data/admin/config_update.php
1616011241.873344       GET     /user.php?act=login
1616012237.2402074      GET     /wp-login.php
1616012237.3959482      GET     /t/wp-login.php
1616021071.5935926      GET     /wp-login.php
1616021071.7585762      GET     /t/wp-login.php
1616032441.1776094      GET     /wp-login.php
1616052404.8948863      GET     /wp-login.php
1616053929.9959638      GET     /wp-login.php
1616057033.7921798      GET     /wp-login.php
1616067781.4642851      GET     /wp-login.php

In past 24 hours, there were 50 attacks.
80% of these attacks came from 114.228.12.98, located in Chinanet Jiangsu Province Network.

flawsome

What a baby, posting on another forum about another forum’s member being disgusting.

Sounds like he’s looking for attention and sympathy from the HostLoc community.

Adam1

@jbiloh said: How often? What are you doing when you get that?

since about 20 hours ago, just requesting /

jbiloh

@Adam1 said:

@jbiloh said: How often? What are you doing when you get that?

since about 20 hours ago, just requesting /

Are you connecting via a proxy service? Would you mind sending me your ip via pm?

Adam1

I am using opera proxy ("vpn") right now, my current (residential, dynamic) IP is currently in the range 183.88.61.0/24

h2o

@flawsome said:
What a baby, posting on another forum about another forum’s member being disgusting.

Sounds like he’s looking for attention and sympathy from the HostLoc community.

In China, we called that pupil and pupil behavior.

LEBAdmin

@stevewatson301 said:
@LEBAdmin you do need to up your ratelimits a bit, I get blocked just after visiting a few threads. Maybe just put ratelimiting on the frequently requested endpoints?

Appreciate the feedback. I've upped them. I can't comment specifically about what we can/can't/are/won't do because the attackers are reading this thread. This thread being one of the attack locations.

They are still probing as of this morning. They came back about 6x as hard as they hit us yesterday with the filtering working.

amarms

Haha. I'm sure the attack has nothing to do with the (former?) staff being pedophiles. Totally unrelated.

jbiloh

@amarms said:
Haha. I'm sure the attack has nothing to do with the (former?) staff being pedophiles. Totally unrelated.

LowEndTalk gets attacked daily/weekly. Most are never felt.

Not sure what you are referring to about the remarks about pedophiles though. Feel free to PM me if that is something you want to share something.

default

@jbiloh - stop trying to switch LET on a Windows machine. Stick with Unix man!

LEBAdmin

@default said:
@jbiloh - stop trying to switch LET on a Windows machine. Stick with Unix man!

But Windows 95 works so fast

bulbasaur

@jbiloh said:
Not sure what you are referring to about the remarks about pedophiles though.

It's about jarland (and possibly, me as well, his rants were incoherent enough to not definitively point out who was actually being accused) of being a pedo because we happened to point out why providers may request ID verification.

jbiloh

@stevewatson301 said:

@jbiloh said:
Not sure what you are referring to about the remarks about pedophiles though.

It's about jarland (and possibly, me as well, his rants were incoherent enough to not definitively point out who was actually being accused) of being a pedo because we happened to point out why providers may request ID verification.

Thanks for the context.

No one should be accusing others of such things on an internet forum about hosting.

If someone has legitimate information regarding such matters they should report it through proper channels (law enforcement).

bulbasaur

@yoursunny said: 80% of these attacks came from 114.228.12.98, located in Chinanet Jiangsu Province Network.

I'm not sure if these attacks are specifically targeted at you though. I see the IP to be both on the AbuseIPDB and DB-IP websites, which means this might be a hacked system used to attack random IP ranges.