As many of the site's users have undoubtedly noticed (pretty difficult not to, frankly) ... the X-Plane Gateway Map has been under constant DDoS-attack for about three months at the time of writing. Because of this, the site has been - at most - performing miserably and - at worst - been offline altogether.
We've had our fair share of DDoS attacks before and - believed we had (at least for the most part) gotten rid of them. This latest attack against the site was interestingly (from a purely technical point of view) different. The attack was very "distributed" (making it impossible to just block source IP-ranges) and - the attack literally looked like normal traffic ... making it extremely difficult to distinguish the attack from any of the "normal" traffic we get.
To be honest ... I personally have absolutely no idea. As I've mentioned regarding the earlier DDoS attacks - there should be no plausible reason to attack the X-Plane Gateway Map; the site is ...
Frankly - I am afraid not. As far as I'm able to fathom, the X-Plane Gateway Map is currently either blocking or expediently handling most of the attack queries targeted against our servers.
Unfortunately - I am afraid that the ongoing DDoS will continue as long as the entity behind the attack deems it worth their effort. At the moment - the site appears to be functioning ... relatively at least ... the way it was planned to.
The DDoS-attacks seems to be continuing - as before. But we are getting better at detecting the attack vectors used by the DDoSsers.
For a short while, the attacks appeared to have diminished - only to raise their ugly head again and making things more inconvenient for everyone. We have recognized a few new ways the attackers are using to make things slow to a crawl and have implemented countermeasures for these.
Hopefully this is the last time we need to address this issue.
The DDoS-attacks against our site have been continuing rather constantly during the last year. We've blocked many types of attacks, but still the aggressive actors keep finding new ways to make the site's performance drop like there's no end.
Most recent issues we've encountered caused our rendering engine (the system that draws the found markers for airports on the map) to get overwhelmed and subsequently drop our backend database to unreachable state. This has been the reason that users have been able to see the map, but unable to find any airports on the map because nothing gets rendered.
Well... the thing is... I personally have in the past been very strongly opinionated against blocking larger IP-ranges, because not all users should be punished for actions of a few bad apples in the bunch. But now, I have frankly had enough.
I've configured our automated blocking system to use a way more aggressive hair trigger when unwanted traffic gets recognized. This will inevitably lead to some false positive timeouts being awarded to troublesome IP-ranges ... but if that is the price to pay to keep the site running comparatively smoothly for the majority of our users ... I'm willing to pay it.
| Older stories... 20230318 XP12 Sceneries ALIVE 20220918 Missing Airports? 20220915 About XP12… 20210531 GDPR vs. Statistics? 20200503 COVID-19 20191209 Restoring Normality 20191130 Service Outages 20190827 August Issues 20190822 Missing Airport Markers? 20171020 HTTPS ‽ 20170816 Outage @ AUG 12th-15th |