Hello There, Guest! Register

SOMETHING SO IMPORTANT ABOUT THE DOWNLOAD SERVER IT NEEDS A THREAD
Kirby
Uninstalling
***

Posts: 3,853
Joined: Jun 2009
#1
03-27-2012, 04:22 PM

Ok, so apparently my webserver's address finally got into some lists it didn't need to be in, and it is now getting hammered with vulnerability scanners and the likes, quite often.

I'm taking measures against this because as it's running on a VDS, it's set up to run in a mode that isn't very heavy on RAM but it does spawn a lot of child processes, which makes it so some of the vulnerability scanners can effectively DoS the server by forcing Apache to spawn 300 new instances of itself every second or so. The solution is the ubiquitous request rate limiting that many websites use, and have the warning on them "Please disable any download accelerators or you might get blocked"

Two of you have already been blocked by Apache, someone using RoadRunner in Ohio and someone attending Christopher Newport University. I've removed both blocks, but you both need to turn off your stupid download accelerators, to download 4 maps you made over 30 connections each to the webserver, pointlessly.

The server sits on a gigabit connection and can use every last bit of it, it could packet flood you offline by itself. You're not getting files any faster by using an accelerator, it's uploading just as fast as you can download.

I'm not going to check Apache every hour and cross-reference the access logs with who's been blocked to see if you're a brbu'er or some automated scanner hitting the server, so this is going to serve as the only heads up to everyone.




tl;dr

Nope, read it.


-edit-

And just to make it clear, it is 100% impossible to trigger this block if you're downloading replays or maps in-game. Download accelerators, scanning Apache with an exploit/vulnerability scanner or mashing on F5 on a single page are the only possible ways to trigger it.


[Image: fastdlusage.png]


[Image: b_350_20_5A6C3E_383F2D_D2E1B5_2E3226.png]
[Image: b_350_20_FFAD41_E98100_000000_591F11.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]

[Image: b_350_20_323957_202743_F19A15_111111.png]

[Image: amd.jpg]
[Image: radeon.jpg]
[Image: win7.jpg]
[Image: ubuntu.jpg]
[Image: xp.jpg]
[Image: chrome.jpg]
[Image: pyro.jpg]
Reply
Something Swain
Lurker


Posts: 136
Joined: Oct 2011
#2
03-27-2012, 05:01 PM

I use Roadrunner and live in Ohio, but I have no idea what a "download accelerator" is or how to turn it off.

Reply
CaffeinePowered
Mad Hatter
*******

Posts: 12,998
Joined: Mar 2008
#3
03-27-2012, 05:18 PM

(03-27-2012, 05:01 PM)Something Swain link Wrote: I use Roadrunner and live in Ohio, but I have no idea what a "download accelerator" is or how to turn it off.

Did you download from the direct links under the TFT thread?

What browser do you use? (And any plugins other than the default?)


[Image: caffsighl7.jpg]Â[Image: 1184299259221.gif]
Sig by Joel
Reply
Something Swain
Lurker


Posts: 136
Joined: Oct 2011
#4
03-27-2012, 06:19 PM

(03-27-2012, 05:18 PM)Caffeine link Wrote: [quote author=Something Swain link=topic=6298.msg241931#msg241931 date=1332885693]
I use Roadrunner and live in Ohio, but I have no idea what a "download accelerator" is or how to turn it off.

Did you download from the direct links under the TFT thread?

What browser do you use? (And any plugins other than the default?)
[/quote]

I try and download the links in the threads, but sometimes it downloads them in-game anyway.

As far as my browser goes I use Google Chrome. I don't think I'm running any plugins though.
Reply
Kirby
Uninstalling
***

Posts: 3,853
Joined: Jun 2009
#5
03-28-2012, 05:24 AM

(03-27-2012, 06:19 PM)Something Swain link Wrote: [quote author=Caffeine link=topic=6298.msg241932#msg241932 date=1332886681]
[quote author=Something Swain link=topic=6298.msg241931#msg241931 date=1332885693]
I use Roadrunner and live in Ohio, but I have no idea what a "download accelerator" is or how to turn it off.

Did you download from the direct links under the TFT thread?

What browser do you use? (And any plugins other than the default?)
[/quote]

I try and download the links in the threads, but sometimes it downloads them in-game anyway.

As far as my browser goes I use Google Chrome. I don't think I'm running any plugins though.
[/quote]



Then you're probably not putting them in the right place.

The person in Ohio in question is using Firefox and also uses a referrer spoofing plugin as well, so it's not you.


[Image: fastdlusage.png]


[Image: b_350_20_5A6C3E_383F2D_D2E1B5_2E3226.png]
[Image: b_350_20_FFAD41_E98100_000000_591F11.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]

[Image: b_350_20_323957_202743_F19A15_111111.png]

[Image: amd.jpg]
[Image: radeon.jpg]
[Image: win7.jpg]
[Image: ubuntu.jpg]
[Image: xp.jpg]
[Image: chrome.jpg]
[Image: pyro.jpg]
Reply
at0m
Official Con Soccer Mom


Posts: 7,800
Joined: Jun 2008
#6
03-28-2012, 07:37 AM

Crossreference IP with forum access logs, email the guy?

Sent from my Desire HD



"If you want to be a Double E, bend over and grab your knees...."
"Atom is Sexy!" <-- Donate your own pic to the cause!
Victory needs no explanation. Defeat allows none. -Sun Tzu
Reply
Luca Shoal
Some king of fox thing


Posts: 2,118
Joined: Mar 2008
#7
03-28-2012, 11:03 AM

(03-28-2012, 05:24 AM)«('«) link Wrote: [quote author=Something Swain link=topic=6298.msg241935#msg241935 date=1332890383]
[quote author=Caffeine link=topic=6298.msg241932#msg241932 date=1332886681]
[quote author=Something Swain link=topic=6298.msg241931#msg241931 date=1332885693]
I use Roadrunner and live in Ohio, but I have no idea what a "download accelerator" is or how to turn it off.

Did you download from the direct links under the TFT thread?

What browser do you use? (And any plugins other than the default?)
[/quote]

I try and download the links in the threads, but sometimes it downloads them in-game anyway.

As far as my browser goes I use Google Chrome. I don't think I'm running any plugins though.
[/quote]



Then you're probably not putting them in the right place.

The person in Ohio in question is using Firefox and also uses a referrer spoofing plugin as well, so it's not you.
[/quote]I use Firefox, and download directly like Swain does. But I have no idea what a referrer whatsit plugin is, nor what it would do. Unless this addon is the problem. That's my only guess.


And with strange aeons, even Death may lay down in the street and die.

Reply
StolenToast
BRB, Posting


Posts: 1,136
Joined: Jan 2012
#8
03-28-2012, 12:45 PM

(03-27-2012, 04:22 PM)«('«) link Wrote: someone attending Christopher Newport University.

:-X My bad.  I use Downthemall in firefox just to generically handle downloads because it lets me easily select where to download each file to (like /tf2/maps).  I set it to limit the connections to "http://216.52.148.214/" to 1 connection, so it will no longer trip the ban.


[Image: MNON0Oe.png][Image: tumblr_m360cgh8CN1rui512o1_400.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif]
Reply
Luca Shoal
Some king of fox thing


Posts: 2,118
Joined: Mar 2008
#9
03-28-2012, 01:33 PM

And I just did the same thing.


And with strange aeons, even Death may lay down in the street and die.

Reply
Kirby
Uninstalling
***

Posts: 3,853
Joined: Jun 2009
#10
03-28-2012, 03:16 PM

Yeah that would be the plugin.

And just to clarify, the multitude of connections isn't really the problem, it's the time window that the plugin opens them all in that's the issue.

It requests smaller chunks of the same file in the same manner that torrents split up files into little chunks, but does so all at once so it looks like a scan or DoS attack against the server from the Apache security module's standpoint.


[Image: fastdlusage.png]


[Image: b_350_20_5A6C3E_383F2D_D2E1B5_2E3226.png]
[Image: b_350_20_FFAD41_E98100_000000_591F11.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]

[Image: b_350_20_323957_202743_F19A15_111111.png]

[Image: amd.jpg]
[Image: radeon.jpg]
[Image: win7.jpg]
[Image: ubuntu.jpg]
[Image: xp.jpg]
[Image: chrome.jpg]
[Image: pyro.jpg]
Reply
StolenToast
BRB, Posting


Posts: 1,136
Joined: Jan 2012
#11
03-28-2012, 05:40 PM

But having only one connection means it can only download the file as one chunk right?  No splitting, which is the problem.


[Image: MNON0Oe.png][Image: tumblr_m360cgh8CN1rui512o1_400.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif][Image: 1251089773538.gif]
Reply
Kirby
Uninstalling
***

Posts: 3,853
Joined: Jun 2009
#12
03-28-2012, 11:01 PM

(03-28-2012, 05:40 PM)StolenToast link Wrote: But having only one connection means it can only download the file as one chunk right?  No splitting, which is the problem.


If you have problems downloading a file in the same way as the rest of the world, in the manner that the web was designed to transfer a file from it's very inception... then you need to fix your computer.


[Image: fastdlusage.png]


[Image: b_350_20_5A6C3E_383F2D_D2E1B5_2E3226.png]
[Image: b_350_20_FFAD41_E98100_000000_591F11.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]

[Image: b_350_20_323957_202743_F19A15_111111.png]

[Image: amd.jpg]
[Image: radeon.jpg]
[Image: win7.jpg]
[Image: ubuntu.jpg]
[Image: xp.jpg]
[Image: chrome.jpg]
[Image: pyro.jpg]
Reply
HeK
Rotartsinimda
*******

Posts: 4,183
Joined: Jun 2015
#13
03-28-2012, 11:04 PM

I'm going to see how many weird IP ranges that I can get banned from Kirby's server...
Reply
Duck, Duck, Goose
Guest

 
#14
03-28-2012, 11:05 PM

(03-27-2012, 04:22 PM)«('«) link Wrote: tl;dr

Nope, read it.
tl;dr
Reply
Luca Shoal
Some king of fox thing


Posts: 2,118
Joined: Mar 2008
#15
03-29-2012, 08:12 AM

(03-28-2012, 11:01 PM)«('«) link Wrote: [quote author=StolenToast link=topic=6298.msg241974#msg241974 date=1332974449]
But having only one connection means it can only download the file as one chunk right?  No splitting, which is the problem.


If you have problems downloading a file in the same way as the rest of the world, in the manner that the web was designed to transfer a file from it's very inception... then you need to fix your computer.
[/quote]I don't think that's what he meant. He was asking for clarification that "hey, if I set it to just one connection, it shouldn't trip the killswitch on me, right? Then I'm good for the future?"


And with strange aeons, even Death may lay down in the street and die.

Reply
Kirby
Uninstalling
***

Posts: 3,853
Joined: Jun 2009
#16
04-01-2012, 12:26 PM

(03-29-2012, 08:12 AM)TVs Luca link Wrote: [quote author=«(''«) link=topic=6298.msg241998#msg241998 date=1332993702]
[quote author=StolenToast link=topic=6298.msg241974#msg241974 date=1332974449]
But having only one connection means it can only download the file as one chunk right?  No splitting, which is the problem.


If you have problems downloading a file in the same way as the rest of the world, in the manner that the web was designed to transfer a file from it's very inception... then you need to fix your computer.
[/quote]I don't think that's what he meant. He was asking for clarification that "hey, if I set it to just one connection, it shouldn't trip the killswitch on me, right? Then I'm good for the future?"
[/quote]


Herp, you're probably right.


The splitting isn't the problem, it's the (small) time frame in which the splits are requested.

Download accelerators ask for the file's size and split it up into even chunks and ask for these smaller chunks all at once, which spawns 6 - 12 requests to Apache for the same file. Apache then goes and accesses the file 6 - 12 times in different locations because it got requests starting at a specific amount of bytes into the file, which causes 6 - 12 threads to be spawned by Apache to serve one single file.

I have Apache set to map a file into RAM so that if/when it receives any further requests for that file for a little while, it won't need to reload the file from the hard drive and the request can be served as fast as the internet allows, but the byte specific requests by download accelerators bypass the memory mapping and load the file from disk per request.

As I mentioned in the OP, the server is a virtual server, so I share the PC with at most 3 other people. Processing power isn't the issue, the RAM I've got available and the hard drive latency if someone else on the machine is accessing it as well are the issues. Memory mapping in Apache bypasses the hard drive latency, but each successive byte specific request made by download accelerators makes Apache spawn a new thread and use more RAM, 6 - 12x more than was needed in the first place, depending on the number of chunks that are requested.

Download accelerators still perform byte specific requests if you set the connection limit to 1, but they won't all be spawned at the same time, more like over 10-15 seconds which reduces the impact to little to none.



The rules I set in Apache's security to stave off scanners are rather strict because I want it to be very fast to react to scans and/or attacks to reduce the spike load on the server, so a download accelerator left alone can trigger it too, hence the post.


[Image: fastdlusage.png]


[Image: b_350_20_5A6C3E_383F2D_D2E1B5_2E3226.png]
[Image: b_350_20_FFAD41_E98100_000000_591F11.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]

[Image: b_350_20_323957_202743_F19A15_111111.png]

[Image: amd.jpg]
[Image: radeon.jpg]
[Image: win7.jpg]
[Image: ubuntu.jpg]
[Image: xp.jpg]
[Image: chrome.jpg]
[Image: pyro.jpg]
Reply
Luca Shoal
Some king of fox thing


Posts: 2,118
Joined: Mar 2008
#17
04-01-2012, 12:53 PM

It's cool broheim. Most of us aren't *that* technically savvy I figure, so it's good to give edumacation and all that.


And with strange aeons, even Death may lay down in the street and die.

Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)