Bluelight

Thread: Brief redirect using BL site....

Page 2 of 2 FirstFirst 12
Results 26 to 49 of 49
  1. Collapse Details
     
    #26
    Moderator
    Basic Drug Discussion
    Other Drugs
    bptubbs's Avatar
    Join Date
    Sep 2017
    Location
    Down the rabbit hole
    Posts
    6,448
    I'm on my phone, it works fine on my mobile internet, but I have the issues you guys describe when using my Wi-Fi.
    Reply With Quote
     

  2. Collapse Details
     
    #27
    Moderator
    Sports & Gaming
    mal3volent's Avatar
    Join Date
    Jun 2011
    Posts
    2,696
    Quote Originally Posted by Limpet_Chicken View Post
    This is happening WAY too often? how can it be bypassed by regular BL'ers? its happening too frequently by far and its really starting to piss me off.
    It's frustrating for everyone, just try to remember Bluelight is free and there are people working on the problem.
    Reply With Quote
     

  3. Collapse Details
     
    #28
    Moderator
    Words
    BehindtheShadow's Avatar
    Join Date
    Jul 2017
    Location
    Home is where the heart is
    Posts
    4,902
    Quote Originally Posted by bptubbs View Post
    I'm on my phone, it works fine on my mobile internet, but I have the issues you guys describe when using my Wi-Fi.
    Im the opposite - very strange indeed
    Reply With Quote
     

  4. Collapse Details
     
    #29
    Moderator
    Basic Drug Discussion
    Other Drugs
    bptubbs's Avatar
    Join Date
    Sep 2017
    Location
    Down the rabbit hole
    Posts
    6,448
    My Wi-Fi sucks donkey dick though, it's always giving me trouble.
    Reply With Quote
     

  5. Collapse Details
     
    #30
    This wifi vs mobile thing is a pretty big maybe. My thinking behind it is that, I've determined that if the server detects anything it thinks is unusual or loses track of you in any way it rechallanges you. For example, when I tested it I found that it rechallanged me if the web browser appears to change in any way. Even a single 1 or 0 different and it considers it a different browser and rechecks. I haven't tested it but if it's checking that, it's likely doing the same with your IP address. Mobile internet usually involves sharing a pool of IPs and might have forward proxies making it more likely something could go wrong. Using https will prevent the possible forward proxy issue which is why I suggested that.

    But plenty of wifi networks will have problems too depending on the internet provider. It's just something that might be helpful to some people and is probably worth trying.

    It's well worth remembering that bluelight is a free service, because being a free service is likely part of the reason for this situation. Less money means less resources which means fewer resources to be depleted in an attack until the service stops working.

    This function of the site is literally called "I'm under attack mode". So it was likely turned on because of an ongoing attack. So when that stops it'll likely be turned off again. Which is why I think this is probably just a temporary inconvenience.
    Reply With Quote
     

  6. Collapse Details
     
    #31
    Moderator
    Words
    BehindtheShadow's Avatar
    Join Date
    Jul 2017
    Location
    Home is where the heart is
    Posts
    4,902
    Testing from my phone on Jess's suggestion
    Last edited by BehindtheShadow; 02-05-2018 at 13:25. Reason: And it worked yay Jess you biscuit
    Reply With Quote
     

  7. Collapse Details
     
    #32
    Moderator
    Drugs in the Media
    S.J.P.'s Avatar
    Join Date
    Jan 2011
    Location
    Montreal, Canada
    Posts
    1,845
    I haven't been able to post from my phone at all (Wi-Fi connection), either in mobile or desktop mode. My desktop browser works fine.
    Reply With Quote
     

  8. Collapse Details
     
    #33
    Bluelight Crew Scrofula's Avatar
    Join Date
    Apr 2017
    Location
    California
    Posts
    5,549
    So, I'm (obviously) lobotomized of all my computer/network knowledge, but I have some questions:<br><br>Isn't "checking your browser" for five seconds like the last thing you'd want to do in a DDoS attack?&nbsp; Like, people can't sign on, cause the server's overloaded, so let's add a step to slow everything down even more?<br><br>What exactly are they checking for when examining your browser?&nbsp; Why does it take so long to do that?&nbsp; Why would a VPN or cookies make a difference, the attackers don't have a cookie if they never connected, can erase them anyway, and cycle their IP address?&nbsp; Who are the likely culprits?&nbsp; Why would they target Bluelight?&nbsp; Why would they do that for <em>days</em>?&nbsp; Why is Bluelight not in my spellcheck?&nbsp; Why is "spellcheck" not in my spellcheck?<br><br>If Jess is a biscuit--i've always suspected--is that good or bad in SA?&nbsp; Does that mean she's a cookie?&nbsp; Why would cookies or VPN's make a damn difference on a site with no illegal activity?&nbsp; Does my ISP have this site on some blacklist, and if so, why?&nbsp; It seems more like my ISP has Scrofula logged-in on some blacklist, and if that's the case, FFS why?<br><br>Thanks anyone who answers any of these.<br><br>
    Reply With Quote
     

  9. Collapse Details
     
    #34
    Administrator
    Director of Communications
    alasdairm's Avatar
    Join Date
    Jul 2002
    Location
    south lake tahoe, ca
    Posts
    59,583
    ^ the interstitial page implements a check to ensure you're, as far as we can be aware, a legitimate human visitor and not part of some botnet.

    speculating on likely culprits is pointless.

    alasdair
    Reply With Quote
     

  10. Collapse Details
     
    #35
    Bluelight Crew Scrofula's Avatar
    Join Date
    Apr 2017
    Location
    California
    Posts
    5,549
    OK, and if I come from a site with an identifying cookie, I not only skip that page, I get logged in automatically. I guess that fits with everything.

    I feel like there's two competing pressures at this site (and a couple others): either total anonymity, or as much as possible; vs. walking around the internet totally naked, as I used to do, figuratively and literally.

    Of course, it was the latter what borked my box.
    Reply With Quote
     

  11. Collapse Details
     
    #36
    Bluelight Crew Scrofula's Avatar
    Join Date
    Apr 2017
    Location
    California
    Posts
    5,549
    Never mind, that's not how it works after all. There is no pattern at all.
    Reply With Quote
     

  12. Collapse Details
     
    #37
    OK so, first thing to realize is that we aren't talking about old school style DDoS attacks. Or I sure hope we're not because that's not the intended use of this feature.

    This feature that's causing the browser check is designed to prevent layer 7 DDoS attacks. Now I'll confess that this is an area where I can't claim to be an expert, it's newer and my knowledge in this subject is a bit out of date. But the primary difference is that these attacks work by taking advantage of how the web and some http servers work. With http and Javascript and all that. As opposed to older DDoS attacks like simple layer 4 syn floods or smurf attacks (if you don't know what that is.. It's where you're attacked by smurfs being bribed with black market smurfberrys. ) These newer layer 7 attacks involve things like getting your bots by malicious web pages using Javascript and such, stuff that works at a higher level than older DoS attacks) and using that to amplify the damage compared with the attackers network resources. Or using bots to make lots of seemingly valid http connections using up resources beyond just network resources (like the servers thread pool).

    The idea behind this front page currently active on bluelight, is before you get to the forum and everything related to it, you're taken to a page which gives your browser a Javascript math challenge to accomplish, ideally ensuring its a legit connection with a browser with a Javascript engine rather than a simpler bot. Your browser has to solve the challenge and send it back to the server, which then issues you a clearance cookie which is supposed to allow you access to the real site for a certain amount of time. I'm not sure what that intended length of time is, but I'm pretty sure it's at least half an hour. So the fact that people are getting this challenge so much more frequently is unintended behavior.

    One of the reasons the server might rechallange you is if it thinks something about the session like the user agent (what the browser claims to be to the server) or IP changes. So changing browsers, trying to avoid forward proxies with https or VPN, and avoiding internet connections where your iP might frequently change (like cellular internet) are all things that "may" help in some cases.

    Further details can be found here: https://blog.cloudflare.com/introduc...tack-mode/amp/

    And by googling cloud flare ddos protection and "I'm under attack mode" which is the specific technology we're discussing.

    As for who's behind it, who knows? Why do people commit random property damage in real life? To feel powerful? Extortion? Some strange political viewpoint. Maybe even some asshole who got banned. Though that last one I'd consider unlikely. Not impossible, but in this kind of situation the perpetrators often aren't current or former members of the community at all. Just destructive assholes doing what they were born to do.
    Last edited by JessFR; 03-05-2018 at 20:15.
    Reply With Quote
     

  13. Collapse Details
     
    #38
    Moderator
    Psychedelic Drugs
    Pillreports.com
    Transform's Avatar
    Join Date
    Sep 2010
    Posts
    4,706
    I'm also having problems with this, any time I try to post it redirects me to a blank page and the post doesn't go through. I had to switch browser to post this.

    Surely if cloudfare is working then DOS'ers can be prevented from creating accounts and therefore bluelighters with over 50 posts could be exempted?
    Please use the Search & Index
    Please make sure you always reagent test your drugs. $10 is a small price to pay for peace of mind!
    Reply With Quote
     

  14. Collapse Details
     
    #39
    Quote Originally Posted by Transform View Post
    I'm also having problems with this, any time I try to post it redirects me to a blank page and the post doesn't go through. I had to switch browser to post this.

    Surely if cloudfare is working then DOS'ers can be prevented from creating accounts and therefore bluelighters with over 50 posts could be exempted?
    I'm gonna just quickly preface this by saying that I'm not anyone in authority at bluelight. And if anyone doesn't wanna believe or has a hard time believing anything I've said for whatever reason you're of course welcome to ask someone in authority.

    Now with that said, I'm all but positive you can't be excepted for technical reasons. The DDoSers aren't creating accounts at all most likely. And this feature functions at the hosting level.

    Basically it works like this, websites like bluelight, they're a combination of a hosting provider, in our case cloud flare, and an off the shelf forum software package, in our case vbulletin.

    The problem here is the antiddos feature causing the problem, is on the hosting side. It's customizable to some extent, but it's very unlikely that it can be linked in to the forum softwares database to decide how to exempt people.

    Basically you would have to program a feature that's entirely external to the forum and that probably can't be programmed by the client at all, to access the forum database, check if your session cookie matches an authenticated user, and exempt entirely.

    So first, it's unlikely to be possible, and second, on the very VERY unlikely chance that it actually is possible, it would definitely require someone with web programming experience, and there might not actually be anyone like that in authority to do it.

    Sorry, like I said I'm not anyone in authority, but it still kinda is what it is. It probably will be turned off in time. But exempting anyone through their account isn't gonna happen.

    Most likely all this is, from the perspective of the person who turned it on, is a button somewhere in the admin section of the hosting account for this site that says "I'm under attack mode", and a few other things that let you customize the banding and perhaps wording of the page. But that's it. I can't imagine they give you any access to control the code that makes it work.

    It's a shame really, cause if you put aside all the logistical problems, if you really were both a competent programmer, had access to everything, everywhere. And an overwhelming drive to give people the best user possible experience. Exempting you with your forum session cookie really is probably the ideal solution here.
    Last edited by JessFR; 04-05-2018 at 07:45.
    Reply With Quote
     

  15. Collapse Details
     
    #40
    Senior Moderator
    Sober Living
    Life Advice & Visual Arts
    Other Drugs
    Drugs in the Media
    toothpastedog's Avatar
    Join Date
    Dec 2010
    Location
    at home in your arms
    Posts
    14,926
    Without pretending like I really understand this whole business, your posts about it sound spot on Jess. Thanks for writing this all out here for people to read so they have a better sense of what’s happening with this annoying business.
    Reply With Quote
     

  16. Collapse Details
     
    #41
    Bluelighter Lobsterbutch's Avatar
    Join Date
    Aug 2014
    Location
    Cringing until my next dose
    Posts
    124
    good to know, thanks for merging my thread, I mainly hang out in other drugs/BDD/Darkside so it was all brand new to me. It's really not a big deal, it doesn't take that long and if it keeps Bluelight up I'm alright with it. Ddosers are basically anyone, and I can imagine some hyper-anti-drug people or just someone rubbed the wrong way for misinterpreting a response to their post as an attack to be rash enough to do sit like that. I mean, almost every sight has to worry about it, and with the nature of bluelight I imagine it'd be a pretty big target for this kind of stuff.

    and I like to believe people are mostly good, but I could see some future moderator getting snubbed for something and then trying to blast bluelight off the internet for some petty stuff.
    Reply With Quote
     

  17. Collapse Details
     
    #42
    While I don't know, I tend to doubt these attacks are much to do with anyone who actually uses bluelight or drug politics.

    All websites that are above a certain level of public visibility experience such attacks. Why do people do that? Sometimes it may be that the affected site isn't even the intended target. Just running from the same server as somewhere that is. Sometimes it's just that people enjoy the feeling of power it gives them. And yes, sometimes it really is personal where the wrong person wound up with a grudge. But it's the least likely possibility.

    It's not impossible, but I doubt it has anything to do with drug politics. It's not impossible, given that some attacks are undertaken by the ticking time bombs of intelligence and immaturity that are gifted 12 year olds appointing themselves internet vigilantes (script kiddies). But the most likely explanation is that this isn't a personal grudge or politically motivated relating to drugs.

    I mean, the type to conduct illegal denial of service attacks doesn't have a lot of overlap with the moralistic 40 year old mothers against everything type.
    Reply With Quote
     

  18. Collapse Details
     
    #43
    Bluelighter Larimar's Avatar
    Join Date
    Jan 2018
    Location
    East Coast USA
    Posts
    273
    Didn't happen today maybe it's done
    Reply With Quote
     

  19. Collapse Details
     
    #44
    Quote Originally Posted by Larimar View Post
    Didn't happen today maybe it's done
    Interesting. OK so yes, you're right. I just tested it, and the server is now sending back the page without the clearance cookie. So you're right it's fixed.

    I say interesting because, it's still not entirely back to normal. For anyone who knows what the following means and is interested. A week ago I ran some tests related to the unicode rendering problem. When I did that, I got the pages back without sending a user agent. Now, I can't. If I don't send a user agent it sends me some cloud flare page saying "unknown connection issue". Doesn't seem to care whatsoever what the user agent says, so long as it says something.

    Probably something related to a change in security settings since then. Doesn't matter though, it still means everything should be back to normal, I just found it curious and thought I should mention it in case it's of note to anyone.

    The important part is its switched off now. So the problems fixed. No more challenge page.
    Last edited by JessFR; 04-05-2018 at 19:08.
    Reply With Quote
     

  20. Collapse Details
     
    #45
    Administrator
    Director of Communications
    alasdairm's Avatar
    Join Date
    Jul 2002
    Location
    south lake tahoe, ca
    Posts
    59,583
    we've removed the interstitial cloudflare page as things seem to have dropped off a bit.

    the fact is we get attacked like this from time to time, and it's almost impossible to determine the source. the nature of ddos attacks is that they come from multiple sources.

    alasdair
    Reply With Quote
     

  21. Collapse Details
     
    #46
    Bluelighter Lobsterbutch's Avatar
    Join Date
    Aug 2014
    Location
    Cringing until my next dose
    Posts
    124
    yeah good point, some people could do stuff like this just for fun, or people trying to squeeze
    some $$$$ out of web hosts
    Reply With Quote
     

  22. Collapse Details
     
    #47
    Only an idiot would pay to stop a denial of service attack.
    Reply With Quote
     

  23. Collapse Details
     
    #48
    Mr. Alisdair, sir, on the other hand you have angry people saying rude things on a regular basis on at least two sites. In my intermittent time lurking I admit to having seen only a fraction of the likely discontent; but however I still fail to see the origin of such consistent opprobrium. Would they not be the likely candidates for such behavior, and as such, worthy, as it were, of outreach?
    Reply With Quote
     

  24. Collapse Details
     
    #49
    Administrator
    Director of Communications
    alasdairm's Avatar
    Join Date
    Jul 2002
    Location
    south lake tahoe, ca
    Posts
    59,583
    i don't think so.

    alasdair
    Reply With Quote
     

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may edit your posts
  •