Rule #553 of the Internet

 

DDOS Attack on Red Button on Black Computer Keyboard.

Rule #553 of the Internet: You know your app’s doing well when idiots make the effort to attack it for no apparent reason. For a while now, Textise has been suffering chronic perfomance problems and regular outages. You might have noticed. I certainly did!

First of all, my hosting company started complaining that Textise was hogging all the CPU on the shared server it was on. So they throttled it. This was understandable but reduced performance even further. It seemed that hundreds of  thousands of requests were hitting the app every day, all sourced from the Opera browser. Obviously, this immediately looked suspicious, given that Opera isn’t the most popular browser on the planet, and none of these requests were showing up in Google Analytics (which was presumably assuming them to be bots).

So, I signed up for CloudFlare, a proxy service that can filter out malicious requests before they hit your app server. CloudFlare found threats, and stopped them, but it seemed to miss the Opera-sourced attacks, which didn’t reduce at all.

Plan B: I moved Textise from the shared server to a dedicated, physical box. This costs ten times more a year but at least allows me to see exactly what’s going on. The new server coped better with the traffic but still had to be throttled to stop it crashing out on a regular basis.

Plan C: I added code to the Textise app to reject calls from Opera. This did, finally, reduce CPU, but I was unhappy about such a blanket approach.

Plan D: I trawled through the server logs and, with the help of the R Project, I extracted page hit info from Google Analytics so I could compare the two. Eventually, I found another way to identify the malicious requests, meaning that genuine Opera users would still be able to use Textise, and coded it into the app. I talked to the folks at CloudFlare, in the hope that there was a way I could configure CloudFlare to do something smilar, but it turned out that would cost me mucho cash, so the code stays in the application. This is a shame, as I’d rather these stupid calls were blocked well before they get anywhere near my server.

I’ve now also added SSL to the site. This doesn’t stop attacks, of course, but it means that your use of Textise is protected. A downside is the bookmarklet and Firefox add-on were slightly broken. I’ve now fixed the bookmarklet (to update, just drag it into your bookmark bar again) but, because Mozilla are changing the way that add-ons work again, I need to re-write the FF add-on, which will take a little while longer.

 

Advertisements

2 responses to “Rule #553 of the Internet

  1. Any thoughts on perhaps providing a non-https version of textise?

    I ask because a recent use case was brought up here:
    https://groups.google.com/forum/#!topic/comp.sys.apple2/JiWYnLf22YA
    An, admittedly small, contingent of Apple II users with working Ethernet cards and an 8-bit IP communications package called Contiki are using a text-based web browser and finding little is really available to them. I found textise.com, and thought it might be a very useful proxy site for them, but https isn’t something that can be feasibly done within the 8-bit environment. I’m sure that this would also be useful for other 8-bit platforms with similar hardware and enthusiasts.
    Thanks!

    Like

    • Hi Rich,

      Thanks for getting in touch.

      I’ve given this some thought and concluded that making exceptions to allow HTTP would be difficult – and a lot of config work for a small number of users.

      Sorry for the disappointing response. I hope you find a solution.

      Ian

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s