New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Just been out cold since my last update, even via a RDP and proxy; 552 errors again.
What the hell is going on? Its been like this for ages!
We have Cloudflare on the lowest setting, so don't really know what to do at this point.
@jbiloh - it is not cloudflare or it would be consistent and given how fast they reply to support ticket they would have told you want the issue was by now if it was at their side.
Have you put some sort of ACL in place to mitigate the attacks that have been happening? just saying it is a hell of a coincidence that this only started happening after the attacks.
lol now on random occasions im getting 522 errors via web proxies as well.
Well there are also constant attacks.
We're continuing to try and pin down what is causing the problem.
For me looks like it's trying to edit a post, or edit it more than once, is what kills everything.
We do have numerous thresholds in place right now, we'll tweak that some. But that's only part of the problem, and doesn't explain users who cannot get to LET/LEB at all.
My guess would be... make sure you're not rate-limiting access from CloudFlare IPs on the web server.
Fairly certain that is already done but we will re-check.
The real IPs of let/leb are leaking somewhere, can you help us via PM to find where that is coming from?
But it does so for others, including me.
As I said, you might want to elaborate.
Was just inaccessible again. Latest Cloudflare ID was 17de8a038a040893
But then it wouldnt work for anybody, which it doesnt. I guess only Cloudflare could say more based on the posted error traces.
Oh so that's how the attackers are getting you. You move the server to a different ip range and they find out what the ips are somehow. Once you figure it out and patch it can you let us know how they were able to do it?
Sent emails maybe?
I believe they use mandrill
Last time I checked they were routed through Mandrill due to historic delivery issues.
host mail1b.lowendbox.com
mail1b.lowendbox.com has address 23.94.24.51
dig -x 23.94.24.51
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 23.94.24.51
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;51.24.94.23.in-addr.arpa. IN PTR
;; ANSWER SECTION:
51.24.94.23.in-addr.arpa. 3599 IN PTR host.colocrossing.com.
;; Query time: 38 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 23 09:47:33 2014
;; MSG SIZE rcvd: 77
As long as the IP is dropped there ....
Any obscure area of the forum maybe where the URL includes the IP address?
Can you guys let us know how it's working for you now?
Couldn't you limit access to the real IP to only the CloudFlare ranges, and blackhole all other traffic at the border router?
Still no luck!
This would be the most ideal solution anyhow.
Still no luck have to use a proxy
Cloudflare says "Error 522 Ray ID: 17df02d0aec71353 Connection timed out"
That's what we've done.
@solarman can you PM me your personal IP please that is getting rejected?
@premumN can you PM me your personal IP too please that is getting rejected?
The error would indicate that Cloudflare couldnt establish a connection in the first place, so it shouldnt even get to the point where the end-user IP is transmitted. My guess would be still that either Cloudflare has intermittent problems or you "occasionally" block certain Cloudflare servers (temporarily at least).
We're continuing to work on it.
Its not allowing me to PM for some reason. Check my IP logs. I always had a static ip so you can find out which one.
Its random our isp issues a different one each time we login.
So I cant use your site from my phone
@jbiloh was the REAL IP Address of LET and LEB changed AFTER you moved to using CloudFlare?
Then maybe you've forgot to allow some of the Cloudflare ranges, and this can explain why it works for some people (at some locations) and doesn't work for others.
Does CF even have an official list of "we'll access your website from these, and only from these source IPs" anywhere?
@rm_ quite easy to get a list of all IP Address CloudFlare uses http://bgp.he.net/AS13335#_asinfo