Admiral
Head of Technical Services
Chief Engineer
Very Rare (100 Points)
Be Joint Head of Technical Services
Unlocked Sat 30 Mar, 2024 11:00 PM
0.02% have received this achievement
Miracle Worker
Rare (50 Points)
Be the Deputy Head of Technical Services
Unlocked Mon 19 Aug, 2024 8:06 PM
0.01% have received this achievement
Admiral Council
Rare (50 Points)
Join the Federation Executive Office
Unlocked Sat 30 Mar, 2024 11:00 PM
0.07% have received this achievement
Correspondent
Rare (50 Points)
Submit a Federation News Service article
Unlocked Sun 07 Jan, 2024 12:05 PM
0.42% have received this achievement
The Fool
Rare (50 Points)
Got pranked on April 1st
Unlocked Mon 01 Apr, 2024 12:28 PM
0.45% have received this achievement
Admiral
Rare (50 Points)
Receive a promotion to the rank of Admiral
Unlocked 5 Days Ago
0.24% have received this achievement
15
- Users who liked
- Kerry Malone
- Novalance
- RavenSplat
- Sunfire
- Bridger
- Solace
- Morris
- Nesta
- Zach
- Bedders
- Sul-Matuul
- Miles
- Kiflin
- darthnovawave
- Alpenglow
Quote
Post ID: 495795
#1
Posted Wed 28 Aug, 2024 11:18 AM
At around 6:30am BST on 28 August 2024, the UFPlanets website started experiencing issues in the form of database errors and other HTTP errors such as 500 Internal Server Error and 504 Gateway Timeout. Upon investigation, our Technical Services team discovered the following:
The database errors were caused by the sessions table becoming full. The sessions database table holds all sessions from every website visitor, logged in or not. It handles sessions from web crawlers such as Google and Bing, guest sessions (those users not logged in), and logged in users. When it was investigated, it was discovered there were over 2,500 active sessions, which is far more than the normal session count of 200-400.
The sessions were being spawned from an Alibaba Cloud instance in China, and were spawning roughly one new session every second. Sessions on our website remain for 20 minutes before being removed from the database. The fact new sessions were being initiated so rapidly in a short span of time resulted in the sessions table becoming full of sessions.
The IP addresses used belonged to at least 7 to 10 different cloud servers hosted by Alibaba Cloud. As a result, this was classed as a Distributed Denial of Service attack. The IP addresses have been forwarded to Alibaba for review, as well as relevant server logs.
It must be stated, this was not a hack in which user information was obtained. A Denial of Service attack is when an attacker launches many connections against a specific service in an attempt to bring it down.
In our case, we added those specific IP address blocks to our firewall’s deny list, which will prevent anyone with an IP address in those ranges from being able to connect to anything hosted on our server. As a result, we do consider the incident to be resolved. The sessions are back down to about 300 as of the writing of this Post Incident Report.
If anyone has any questions, please feel free to reach out to our Technical Services team on Discord, our website, or by emailing support@ufplanets.com.