Events Calendar

[Jonathan Stuart]

We have ongoing problems with two types of attacks on this site. First, spammers trying to access this forum but I think, with a lot of help from Graham W (thank you), we're getting on top of this. The second problem is we regularly have hundreds of thousands of hits on the website itself. We've had almost 500,000 hits today and this month we've had hits from almost 1,500,000 different computers / IP addresses. They're all targeting the events calendar, I suspect because an earlier version of this software had a security bug that could allow hackers to compromise a website. Regardless that we're not affected by that bug, the hack attempts continue.

I have now turned off the events calendar, in the hope the hackers' bots will eventually give up after days of failures. However, no new events had been added to the calendar for a while so I wonder if we still need it? I suggest while we don't have an events calendar, any new events are publicised in the Events section of the forum. To ensure future events remain visible, I also suggest they're made "sticky" until the event has happened. I've made sticky the two future events currently in the forum. The Events link on the website menu now opens the events area on the forum. Let's see how this works, but it may be we don't need to restore the original Events calendar.

Please let me have any feedback or thoughts on this.

[Sea Simon]

Sorry I can add nothing  positive in terms of solutions.

However, it's  an opportunity  to thank you, and GW etc for the work that you do to keep this forum such a very useful resource.

[Graham W]

It is difficult to believe how much automated attention is being paid to our site.  I read somewhere that one way of infiltrating big and important internet sites is to infect a small and obscure site like ours and then use it as some sort of back door.  That might possibly explain the disproportionate attention from IP addresses in Russia and China, and when these have been blocked off, from some of their disreputable proxies.  An alternative explanation is that dumb machines with even dumber operators don't know when to stop.

Given Jonathan's comment about a defunct bug in the calendar that the low-lifes have been trying in vain to exploit, the second explanation may be more likely.  If turning off the calendar stops them from wasting our time and resources, then it's an excellent move and will be barely missed.

As a separate issue and in the past few days, there has been a 90% fall in the maximum simultaneous visitors to the site.  This is because Jonathan has blocked servers belonging to some of the worst perpetrators of attempted brute force attacks. 

A special mention should be made of Alibaba, whose IP addresses had been blocked but whose servers in Singapore were still making up to 20 attempted accesses a minute.  I emailed their alleged anti-abuse address several times, in increasingly impolite terms, asking them to desist.  If sent to more reputable operators, such emails would normally elicit a quick and apologetic response.  It's a measure of what sort of organisation Alibaba is that they ignored me.  They have now been comprehensively repulsed and the number of reported visitors has fallen to more reasonable levels.  May their server motherboards suffer fatal damage from overwhelming power surges.  And while we're at it, I hope that their e-commerce shop selling dodgy knockoffs suffers from the brute force attacks that they aggressively inflict on others.