Date: | January 28, 2009 / year-entry #31 |
Tags: | non-computer |
Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20090128-01/?p=19343 |
Comments: | 20 |
Summary: | The servers that run this Web site are under heavy load, even when things are operating normally. And on top of that, they have to fend off a lot of attacks. There's the usual spam pingbots, but usually when the site starts to get all bogged down, it's because there is an active attack on... |
The servers that run this Web site are under heavy load, even when things are operating normally. And on top of that, they have to fend off a lot of attacks. There's the usual spam pingbots, but usually when the site starts to get all bogged down, it's because there is an active attack on the site at the network level. And it doesn't matter what software is running the site. It's not like the bad guys are going to say, "Oh, this site is using PHP. I guess we'll leave them alone." For example, the problems earlier this week were caused by two IP addresses saturating all the connections to the server. Last October's slowdown was caused by the server being overwhelmed by 100,000 simultaneous connections (suspected to be a denial of service attack but no proof). The slowdown from last August was caused by a distributed attack from a botnet attempting to perform various SQL injection attacks. (They failed, but they kept trying.) The outage from last July was caused by a computer owned by a different customer of the hosting service that had been hacked, and which was launching its own network attack that took out connectivity for all other computers on the same network subnet. (In other words, blogs.msdn.com just happened to be in the wrong place at the wrong time.) Those are all the outages for the past six months that I still have records of. (I'm not saying there were no other outages; those are just the ones that the people who run the servers considered significant enough that they sent out an explanation for the outage.) And it's not clear how switching to a different blog engine would have prevented any of them. |
Comments (20)
Comments are closed. |
I can’t believe no one has commented on this one yet :)
Or maybe they’re all in the mod queue :)
"we traced the calls. They come from inside your house".
Is there any time the server is not under attack? Judging by its performance, it’s always overstressed. It’s pretty normal for it to just drop comments without any error message. It just returns to the blog home. Maybe that’s because the blog engine is P.O.S.?
PS. Trying submit this for a few hours. Doesn’t work. Great.
Fix the server! Alexandre Grigoriev had to wait HOURS to complain today. How inconvenient.
Reginald,
This is a meta-complain.
Probably it’s another "Microsoft server under the desk of somebody who has left". :)
My biggest complaint with the blog software is that when it /does/ encounter an error, it redirects you to the error page in a way that breaks the back button. This causes big problems when resuming previous browser sessions.
Have you considered using some dedicated blog hosting service (something like WordPress.org or Blogspot.com but more Microsoft specfic probably :-)). In my experience they take very good care of uptime and security…
This reminds me of one of the minor dumbs in Marcus Ranum’s Six Dumbest Ideas in Computer Security:
"We’re Not a Target" – yes, you are.
Worms aren’t smart enough to realize
that your web site/home network isn’t
interesting.
(Or, in this case, that you’re running PHP).
My only complaint with the blog software is that a valid search often returns "No results". Only by trying over and over (and over) I can hope to get some results.
Examples: try searching for "windows", "memory" or "knitting".
The amount of hatred and bias against Microsoft is pervasive in both academia and industry. In school my professors refused to teach about Microsoft technologies because it was "proprietary" then when I graduated most of the employers expected .net programming skills. When I tried to join professional software development communities many other programmers thought I was less of a developer because I didn’t spend my days hacking on Linux systems. These are the types who would spend all their free time trying to get a DDOS attack going against blogs.msdn.com.
Why is it exactly, that everybody wanting to see you go down is a great thing about being popular.
@taralluccio: A good workaround for searching is to use a google search term like this:
windows site:blogs.msdn.com/oldnewthing/
This is helpful for a great deal of web forums, all of which somehow have crappy search functions.
CD-MaN: Actually, Raymond has this excellent alternative hosting service, called "book". Sure, it isn’t updated as quickly and you have to pay a little bit, but I guarantee you that it will never crash or time out.
@MS: "Raymond has this excellent alternative hosting service, called "book"."
Yes, I’ve visited it many times. But nobody ever responds to my posts over there…
-Wang-Lo.
@ton: The professors at your alma mater and the members of your professional organizations spend their time mounting DDOS attacks against a Microsoft server? Here on the planet Earth they usually just teach and discuss computer science.
-Wang-Lo.
"called "book". Sure, it isn’t updated as quickly and you have to pay a little bit, but I guarantee you that it will never crash or time out."
There are those little creatures called book WORMS out there … oh the irony. =)
ton:
no, speaking as a unix bigot working in an MS shop, I just like how it works better and have noticed that MS stuff tends to work best with other MS stuff, while unix stuff isn’t as picky. I don’t DDOS websites in my spare time, I expand my knowledge and pursue hobbies instead.
@Wang-Lo
Ha you’re very clever! The point is that short sighted hate and bias can lead some to eventually attempt DDOS attacks. I didn’t say *specifically* they did it but I do believe that their overall sentiment could lead to this type of irrational behavior.
Is it better for the attackers if websites reveal the details of attacks (including IPs), or keep them hidden? Wouldn’t extensive sharing of attack information help "triangulate" the attackers? (No, it’s not always going to be perfect, you nitpickers.)