Home Forums FineTunedMac Community FineTunedMac Feedback FTM problems: 500 & 503 errors, database errors

I'm away from home traveling in Florida, and naturally it's always when I'm away that things go haywire.

It looks like FTM has encountered a spate of errors and general slowness. The errors include "database error," "503 Bad Gateway," and "500 Internal Server Error."

I'm looking at the access logs and the database. The database is OK and there are no internal problems, but we're being hit by a sustained flood of requests for the login page that's been ongoing for a while and looks like a brute-force hack attack. The Web host also experienced an outage a couple of days ago that affected the database, that didn't help matters any.

There's not really much I can do to solve the problem. Short of moving to a server with more resources, we might have to just weather the storm. I'm looking into costs for moving us to a private server, which will help, but short of that it's not an easy problem to address. (Moving to a private server gives us two advantages: greater resources so that attacks affect us less, and the ability to set up a firewall and other defenses to mitigate an attack.)

I am aware of the problem and I'm talking to the hosting company to see what they can do. Sorry about that, guys!

You're doin' good (and well). Don't sweat it.

"Don't sweat the small stuff. It's all small stuff." (Richard Carlson)

Thanks for keeping on top of this.

Clarification, please... I seem to be experiencing two different types of occurrences.

1. Sometimes my "Generated" time is high, which in my case means 5-10 seconds, but the page I'm on loads in only a slightly longer period of time. (I never see the 15-20 second numbers that others have reported.)
2. And sometimes, pages that are generated in small fractions of seconds take absurdly long...at least 15-20 seconds to load.

Huh? I don't get it.

Have we got one problem or two?

Thanks.

We're actually talking four problems:

Database errors, 500 Internal Server errors, and page timed out: Those appear related to the attacks on the login page.

503 Bad Gateway: Those should no longer be a problem. They were caused by a problem with the hosting company.

Page generated in (long time): Those appear related to the attacks on the login page, but I'm not 100% sure. The hosting company says the database is operating normally, so there's something else at work with those very long page generation times. It's frustrating trying to troubleshoot.

Page generated in (short time) but page takes a long time to load: I think this one is outside our control. It's probably related to network congestion somewhere between FTM and you.

Thanks for the status report. (Is you hair still attached to the top of your head, or is it all on the floor? )

I've been experiencing DSL issues, and I haven't been certain how or even if they've affected FTM loading time, but the slowdowns I constantly deal with at FTM are out of character with the rest of my Internet experience.

I forgot to ask you what anybody would gain from hacking FTM's login page?

Could they gain access to the database?

No, I think they're trying to brute-force their way in to the login page in order to hijack legitimate accounts to post spam. They could also take other action if they were to gain access to a moderator's account, such as add or delete users, but my suspicion is it's just automated spam bots.

FWIW I'm not seeing any slowdowns right now, knock wood.

It just seems like this has been going on for long enough that they would have given up already.

Is this sort of persistence normal in "the trade", or have we been experiencing more than one attack?

This sort of persistence is, sadly, quite normal. It need not even be targeted; the bad guys use automated software that scans the Web looking for various platforms (WordPress blogs, forum software, Joomla systems, Drupal systems) and attempts to exploit them automatically. I run software on most of my sites that monitors for this sort of automated attack, and most sites get hit at least once a day, often more.

There is a ton of money to be made in compromising sites, and Eastern Europe has few or no laws forbidding this kind of activity.