FWIW, sight-unseen, I’ve seen this sort of thing before (and recently) when a bad actor attempts to do a vulnerability scan via a distributed network.
I’ve seen (for example) WordPress sites hammered into oblivion by multiple IP addresses doing coordinated “scans” where they do brute-force checks for external files.
So if there’s a known WordPress plugin called “insecurePlugin”, with a “insecureFile.php” file, they’ll just try to load:
Which kicks out a 404 error. But since modern websites almost never actually return 404 errors - they return user-friendly, helpful web pages that still have all the performance hits of a regular page view - the rapidity of the access is the equivalent of hundreds or even thousands of legitimate users trying to load the page simultaneously.
And it doesn’t matter if the website is even running WordPress - they’ll do the scan anyway because the scan is a “dumb” scan of a fixed list of vulnerabilities. I’ve seen WordPress sites checked for Drupal hacks. It’s just a huge list, and the hackers run down it rapid-fire until the server chokes.
It’s enough to severely tax the web server and the database backend, which overloads budget hardware or VPSs. And if it’s shared hosting, it’s the same problem - except the shared hosting typically won’t let the server itself be overloaded. It’ll just throttle the individual site.
Incidentally, this is one of the many “social” reasons to secure your hardware. Getting hacked and becoming part of a botnet that does nasty crap like this is sucks for sites - and it sucks more for sites from smaller, niche content providers (like the MPU forums).
Whatever is going on in this case, I hope they’re able to address it with their provider.
If it’s the sort of thing I’m talking about, it would just be random. I see websites with super-tiny amounts of traffic that get hit with this stuff. The fact that a website exists is all that’s necessary.
This is probably under the premise gaining a compromised server is useful, regardless of how big the website is.
If it were somebody who wanted to take this specific forum down for some reason the other option is a DoS attack of some sort. But I would think those wouldn’t be letting up.
i see the outage frequently (but cannot quote says) starting 6 am GMT until say 7 or 8. when i see it i usually do not go back until many hours later if at all.
I still believe that it isn’t being caused by heavy (legitimate) traffic. This is almost certainly the fault of the hosting provider or some sort of strange DDoS attack.
Or incorrectly configured software components. Without knowing anything about the system it’s a bit short-sighted to say it’s either the fault of the hosting provider or a DDoS attack. There are many more legitimate options for software failures.
That’s actually a really good point. For MPU, I seem to recall that they’d enlisted the help of some pretty knowledgeable people to get it set up - so I was assuming “well-configured server with unexpected traffic of some sort”. But there are definitely other possibilities, including something as simple as traffic just barely nudging past a threshold where the Digital Ocean droplet starts swapping and winds up thrashing. Or an improperly-indexed database table that’s suddenly being queried more than would otherwise be expected.
And all of these problems absolutely suck to try and troubleshoot. Much thanks to whoever is looking into it and getting the forum back up periodically.
