Following Spamhaus DDoS Attack, Action Taken. We Seek Your Feedback!

Mike

Windows Forum Admin
Staff member
Premium Supporter
Joined
Jul 22, 2005
Location
New York, NY, United States
Hello everyone,

Tonight, we implemented CloudFlare, which uses its own content delivery network and content processing. Were the site to go down, content would continue to be available for a number of days, even if our servers that process that data goes down. This is not the first time that we have implemented CloudFlare as a solution, but it was abandoned due to too many spam false positives several years ago, during the month of December 2010.

We rejoin CloudFlare, in combination MaxCDN, in an effort to speed up page loading. The great part is that we are no longer hosting DNS locally, and we have two solutions working interconnected. The finalization of this change involved the compilation and addition of mod_cloudflare to our main web server.

Do you host your own website? At this time, with the basic CloudFlare service being free, if you host a website, we actually encourage you to adopt this service at this time. This is not a paid endorsement at all, but a security and performance enhancement suggestion.

With CloudFlare, we have implemented the CDN + Full implementation option, all image optimization options (including lazy load - where site images won't be loaded until you actually scroll down to it), and SPDY: a next generation transfer protocol that makes webpages load faster on supported browsers.

We are using aggressive caching. This means we attempt to have the global content delivery network catch everything on the site. We will continue to auto minify CSS, JavaScript, and HTML. We have also enabled website preloading. The preloader will try to download the most popular content on the website and should start working to it fullest efficiency within the next 48 hours by quantifying this data.

Important Security Feedback Needed

An executive decision was made to implement CloudFlare today, due to the record-breaking distributed denial of service attack (DDoS) on Spamhaus.

See:




Like many responsible sites, we use Spamhaus to prevent spambots, spam networks, scammers, and spammers, from accessing our services. Spamhaus was attacked with at least 300Gbps (300 billion bits per second) worth of invalid/garbage packets. Spamhaus survived the attack by using CloudFlare. This is because CloudFlare's major advantage is that it operates on the DNS level.

osi_layers.gif
network-layer.gif

While the application level can often be inferior in protecting systems, it may also be critical. As seen, the entire Internet would fall apart without the root DNS servers (although his is a hotly contested statement):

root-map.gif

If you are trying to get on our site, a small minority of members might get a screen that offers a challenge to view the site. This is a CloudFlare feature. We are monitoring how many people are seeing the site, but have it on a very flexible setting that can be modified (and even disabled finally) at any time. However, if there are too many false positives, we will remove it entirely. We need your feedback to know if this challenge page is appearing on healthy systems for many visitors.

For a further example:

CloudFlare knows which visitors to challenge (also referred to as suspicious visitors) based on a variety of data sources. Specifically, CloudFlare leverages threat data from Project Honey Pot and a variety of other third-party sources to identify online threats. In addition, CloudFlare uses the collective intelligence of the websites on its system to identify new threats that arise. So if a new threat is identified on one site, CloudFlare can automatically protect the rest of the CloudFlare community. The types of threats that CloudFlare identifies is broad and includes email harvesting, SQL injection, cross-site scripting, comment spam, credential hacking, denial of service attacks and so on.

We are looking at installing Railgun at the earliest possible convenience to even further speed up performance:

Railgun | CloudFlare | The web performance & security company

We are considering adding a CDN access point in Tokyo with MaxCDN, as well as several other locations, depending on the cost.

Thanks for viewing this post - and please provide any feedback indicating any problems or improvements you may have noticed during this transition.
 
Last edited by a moderator:
The only thing I see, problem wise, is the so called faster page load time, which in fact has become slower on my PC. I did notice last night that the site was doing some funky stuff when switching between post, along with slower page load times.

Lets see if this bug can work itself out, will at least lets hope so.
 
Last edited:
Google is reporting a 93/100 speed page load time which is unprecedented. Also, I'd not normally release this so prematurely, but Auto-generated (3/28/2013 5:22:40 AM) - Load Impact - On Demand Website Load Testing and Performance Testing Service. We would not normally get these kind of results - ever. It would normally be up there around 8-10 seconds. Some sever optimizations were also made to decrease the level of security for too many concurrent connections. The thought was maybe the browser is connecting much more than we realized from a single IP. Give it a day or two and we will see how it goes. We can turn it off at any time, and the Asian CDN for MaxCDN won't be provisioned until the working day tomorrow. Although, we have been using MaxCDN for years, and they won't reroute your traffic to Singapore... it will go to the fastest possible edge server. Some additional code was added to force compatibility for HTML5 in older browsers, and a warning put up for anyone using IE6 or lower to go get a newer browser. I think, overall, these changes are positive.

If it is truly running slow for you, we will need to fix it.

I currently use this to test compatibility:

Check Browser Compatibility, Cross Platform Browser Test - Browsershots

Also try:

GTmetrix | Website Speed and Performance Optimization

There is one that tests directly from your browser, but I can't find it. It reloads the page over and over from your browser and gives you an accurate result. We used to use this quite often.
 
Last edited by a moderator:
It's still doing the funky stuff...but the page load time is almost back to normal. The funky stuff is hard to describe. When switching from post to post, sub topic to sub topic...when doing so the frame of the individual posts are shown as a large box but then quickly resizes itself back to normal, then when I scroll the page down the same thing happens. This is happening to me on both the 7 and 8 forum sites. I wish I had some way of showing you exactly what I'm seeing. It's just a minor glitch that I can live with, just thought you should know what it's doing on my machine and if others have posted something similar.
 
This was during the switch over. Try opening the Command Prompt (cmd) and run nslookup windows7forums.com

You should NOT see the IP address 96.30.23.200. If so the DNS provisioning has not fully propagated yet.

Did that and no IP address of 96.30.23.200, I got one of 108.162.204.163
 
We need time. It may be the loading of the images as you scroll down. Give us time to evaluate the data as it comes in. Try to PrtScrn as it happens and send a screenshot? (May also want to CTRL-F5 your refresh of the site or delete your browser cache of the site).
 
Last edited by a moderator:
Back
Top Bottom