1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Forums Going Offline Due to Spammers

Discussion in 'Troubleshooting and Problems' started by System0, Jun 25, 2013.

  1. System0

    System0 Active Member

    Over the last few days my forums have went offline on two occasions. The incidents happened shortly after I moved to a new host, so my initial assumption was that it was the host's fault for them being offline.

    What is strange is that after my three forums come back online, one of them displays a server error message, which makes the forum unusable. Repairing the database seemed to fix this.

    The same thing happened on the second occasion. My forums went offline and when they came back online, one particular forum (the same one) had the server error message.

    They have advised that my forums have been attacked by the IP I checked an IP lookup service and it states that it is a known spam source.

    As I upgraded my forums on the same day, I am not sure if this is a security vulnerability of my new host, of XenForo 1.1.5 (I was previously on 1.1.2), or if it is just a combination of coincidence and bad luck that this happened on the same day I moved host and upgraded.

    Does anyone know what is causing this?

  2. Brogan

    Brogan XenForo Moderator Staff Member

    Has your host explained what it was that caused the forums to go offline?
    Was it a DDoS attack?

    The server error logs may help with that, as will checking the stat's with regards to traffic, etc.

    What is the server error message displayed?
    LPH likes this.
  3. System0

    System0 Active Member

    Thanks for getting back to me on this Brogan.

    I just emailed them that question and he replied:

    That sounds more like a DDOS attack.
  4. Brogan

    Brogan XenForo Moderator Staff Member

    Sounds like it to me.
    Your host should implement some sort of protection or mitigation for that.
  5. Lone Wolf

    Lone Wolf Well-Known Member

    Are you sure it's XenForo? We were DDOS'd a couple of weeks back but it turned out to be due to a WordPress vulnerability.
  6. tenants

    tenants Well-Known Member

    Where exactly were they connecting to?

    Can you look at your server access logs, was it just the index page (or the registration page)
  7. System0

    System0 Active Member

    We've agreed to leave it until tomorrow to see if anything changes. Reading between the lines, he has made some changes.

    100% it is not a WordPress issue as that hosting account only has 3 websites on it: all of them XenForo forums :)

    He noted there was nothing in the error logs, it was just lots of connections from the one IP.
  8. tenants

    tenants Well-Known Member

    Not the error logs, the server access logs. They have to be connected to somewhere
  9. System0

    System0 Active Member

    There are lots of errors there at the time such as:

    Mysqli statement execute error : Incorrect key file for table './....../xf_session.MYI'; try to repair it

    Too many connections

Share This Page