communications relay login

[Notice] - Post Incident Report - 28 Aug 2024 Website Outage

Started By:
Jess, Wed 28 Aug, 2024 11:18 AM
Views:
1093
Replies:
0
  1. Head of Technical Services

    • Chief Engineer
      Very Rare (100 Points)

      Be Joint Head of Technical Services

      Unlocked Sat 30 Mar, 2024 11:00 PM

      0.02% have received this achievement

    • Miracle Worker
      Rare (50 Points)

      Be the Deputy Head of Technical Services

      Unlocked Mon 19 Aug, 2024 8:06 PM

      0.01% have received this achievement

    • Admiral Council
      Rare (50 Points)

      Join the Federation Executive Office

      Unlocked Sat 30 Mar, 2024 11:00 PM

      0.07% have received this achievement

    • Correspondent
      Rare (50 Points)

      Submit a Federation News Service article

      Unlocked Sun 07 Jan, 2024 12:05 PM

      0.42% have received this achievement

    • The Fool
      Rare (50 Points)

      Got pranked on April 1st

      Unlocked Mon 01 Apr, 2024 12:28 PM

      0.45% have received this achievement

    • Admiral
      Rare (50 Points)

      Receive a promotion to the rank of Admiral

      Unlocked 5 Days Ago

      0.24% have received this achievement

    ACHV. Points
    855
    Reputation
    6
    Join Date
    Oct 19 2022
    Posts
    348
    Location
    United Kingdom
    Pronouns
    She/Her
    0
    • Users who disliked
    • None
    15
    • Users who liked
    • Kerry Malone
    • Novalance
    • RavenSplat
    • Sunfire
    • Bridger
    • Solace
    • Morris
    • Nesta
    • Zach
    • Bedders
    • Sul-Matuul
    • Miles
    • Kiflin
    • darthnovawave
    • Alpenglow
    Reply With QuoteQuote
    #1
    TS 240

    At around 6:30am BST on 28 August 2024, the UFPlanets website started experiencing issues in the form of database errors and other HTTP errors such as 500 Internal Server Error and 504 Gateway Timeout. Upon investigation, our Technical Services team discovered the following:

    The database errors were caused by the sessions table becoming full. The sessions database table holds all sessions from every website visitor, logged in or not. It handles sessions from web crawlers such as Google and Bing, guest sessions (those users not logged in), and logged in users. When it was investigated, it was discovered there were over 2,500 active sessions, which is far more than the normal session count of 200-400.

    The sessions were being spawned from an Alibaba Cloud instance in China, and were spawning roughly one new session every second. Sessions on our website remain for 20 minutes before being removed from the database. The fact new sessions were being initiated so rapidly in a short span of time resulted in the sessions table becoming full of sessions.

    The IP addresses used belonged to at least 7 to 10 different cloud servers hosted by Alibaba Cloud. As a result, this was classed as a Distributed Denial of Service attack. The IP addresses have been forwarded to Alibaba for review, as well as relevant server logs.

    It must be stated, this was not a hack in which user information was obtained. A Denial of Service attack is when an attacker launches many connections against a specific service in an attempt to bring it down.

    In our case, we added those specific IP address blocks to our firewall’s deny list, which will prevent anyone with an IP address in those ranges from being able to connect to anything hosted on our server. As a result, we do consider the incident to be resolved. The sessions are back down to about 300 as of the writing of this Post Incident Report.

    If anyone has any questions, please feel free to reach out to our Technical Services team on Discord, our website, or by emailing support@ufplanets.com.
    Jess
    Jess Medals