Topic: TalkImg.com - Image hosting for BitcoinTalk - page 2. (Read 18515 times)

Initially I thought about that too. But I noticed the following points:
- The sequence is always the same, 30~40 minutes, I experience spikes in requests for about 20 minutes. It would take many forum users to be using this pattern.
- In the last half hour, for several minutes it received +2M requests. Do you think there were 20k users viewing the pumpkins page at the same time?
- In that half hour, a single IP made more than 600k requests. Does this mean that there were 6k forum users, using the same service and doing exactly the same thing?
- Outside of these peaks, requests hover around 1k or less. Users should flee the forum.

Interestingly, it only affects access to the website, that is, if you go directly to the website you feel this instability, but even during these peaks you can continue to see the pumpkins normally.

I really find this behavior very strange. I've kind of lost trust in the host I'm using, unfortunately. In these types of things, we have to feel confident, to be comfortable. Therefore, I am already studying the change of host. It may not be better, but it certainly won't be worse.

Do you think accessing +100 images at once like in the pumpkin thread with multiple users can cause high load in traffic on your server or not at all? I feel like it's the same as bots accessing the site for +100 for 1-5 seconds gap.

Unfortunately, spikes in access still occur. Basically the attack continues in a well-coordinated way (I honestly don't know how normal this is). Every 30/40 minutes I experience spikes in requests, which last about 20 minutes. So, often, during these moments, it becomes difficult to access the website or upload.

I'm working on a solution to the problem, which will most likely involve changing hosts.

TalkImg.com image uploading is not working right now. I have been trying to upload an image for more than 2 hours now but it is not working. And it shows, no file has been uploaded, some errors have occurred and the system couldn't process your request.
Then I screenshot the error page again so I can use it to make comment here, the same thing. So I want you to visit the website.

As mentioned in the report presented, I continue to receive spikes in requests every 40 minutes.
I have been monitoring the situation and continuing to create roadblocks, but it ends up being a game of mouse and cat.

I'm thinking about making changes to the type of server, in order to improve the service in general. These changes were beginning to be planned, to come into force within a few months, but given this situation, I will have to anticipate them. I hope this week to have more details to share. Until then, I thank you for your understanding, due to this instability that is happening. I am doing everything possible to minimize this impact.

Despite everything, the main point is that the images have remained visible on the forum.

It's ok now, I tried a few hours ago to get an image link from the TalkImg.com site to add an image to one of my posts but it was not possible and kept showing errors. But after trying for a long time I was able to find the link of that image. Still with the same effort again I was able to extract the image link from the TalkImg.com site.

Maybe the TalkImg.com site is working fine but it's very very slow.  

I can access the website, but I am getting the different error (the same one I got few days ago when this problem started) from the one you are getting.

Ohh man, not again!!!
Is it just me, or is everyone else experiencing this?
Apparently, it doesn't take me to the home page. It just keeps loading and loading until the request times out!

EDIT: WTF just happened! Now I can access it again...(working)  

500 Internal Servel Error

Tens of millions of hits? Yikes, that's enough to drain the bandwidth resources of most sites for the entire month...

 
 Report  DDoS attack____________________
As everyone has certainly noticed, this past week, TalkImg was flooded with millions of hits per minute, suggesting that it was under a large-scale DDoS attack. From the beginning I made it clear that I do not collect any data, so there is no data to steal. Also, the only service provided is to host images to be viewed on the Bitcointalk forum. Therefore, until now, I have not been able to understand the reason for this attack. I'm most likely suffering some side effects from other attacks, I don't know.

I'm not an expert in these cases, and in almost 20 years of developing websites, I've never had this type of problem. Normally I fought to receive visitors, not to drive them away. So this was something completely new for me, which helped me learn more things in this crazy world of the internet. In this sense, this report is based on the experience of someone who has never experienced this situation, and who is not highly specialized in these cases.


THE BEGINNING
Around 17h00 (all times in GMT), 04/nov, the first signs began to appear that something was wrong.
About an hour later the site is shut down by the host, without any direct communication to me.
At 19h00 I contact the host to check the situation, and that's when I was informed of the thousands - not to say millions - of hits I was receiving on the server. So I recommend enabling Cloudflare to try to mitigate the attack. And that's how I started taking action against the DDoS attack.


THE COMBAT
Initially it seems that adding the recommended security layers via Cloudflare is starting to take effect. At around 7h00 am on 05/nov, the number of accesses had already decreased and apparently the conditions to reactivate the server were met.

But, it seems that soon after someone communicated this information here on the forum, the attack resumes. Coincidentally or not, it seems like everything is back to square one. So, throughout that day, I tried to create blocks via Cloudflare, to try to mitigate the attack, and around 18h00 the site was back online. Now it was time to start checking the settings so that everything returns to normal for everyone.

Until at the end of the morning of 06/nov everything returns to the same, a significant load of accesses and for security the server blocking returns. Back to my fight, to try to mitigate the attack, increasing the blocks even further via Cloudflare, ending up purchasing a Pro account, to have more tools at my disposal. He was trying everything to mitigate the attack.

In this sense, throughout the day of 7/nov I monitored the site's traffic almost hour by hour, creating a block on all types of IPs that were underloading the server. This way, I was able to mitigate the attack and stabilize the attack, I was able to put practically everything online. With some limitations, but the most important thing was restored, the images appeared on the forum.


IS IT ENDED?
I can say that at least it's under control. For the last 2 days I have been monitoring all requests handled by Cloudflare almost hourly. I've already managed to reset practically all of the site's functionality, and reduce the alert level on Cloudflare a little.

Yet almost every hour there is an overload of requests, with thousands of them mitigated by Cloudflare. Therefore, from time to time the service becomes a little slower, especially for those trying to upload images.

Here's a graph of what this crazy week was like, based on data from Cloudflare:


As we can see, at this point there are still a lot of requests occurring and being mitigated by Cloudflare. I wonder when this will end. But I won't give up.


JUST COINCIDENCE?
As I already mentioned, the TalkImg service does not have any type of sensitive information that would be of special interest to hackers. Even so, the attack is happening or has happened, without any type of benefit. Or did you have it? Well, I'm not one to feed conspiracy theories, but note some points that I found interesting throughout this week.

Days before this event began, I asked my host for some information about a possible improvement in server conditions. I was starting to plan in 3 or 4 months to do a service upgrade. They even made some preparatory adjustments, so I could move forward - immediately, with the upgrade. But, I didn't do it right away, and after about 4 days, the attack began.

On 07/nov (see the sequence of events mentioned above), after several conversations with the host team, I asked if upgrading the server could help resolve the situation. In which the answer is positive, saying that making this change could help control the situation. And everything starts to calm down.

In the meantime, a few more things came up, which I found strange, but I resolved promptly (later I can talk about it).

Well, despite finding all this coincidental, the host I'm using is well-referenced and one of the best in the world. So, I believe it was just that, coincidence.

One thing is for sure, I used Cloudflare for the first time and I wondered: how do they make money doing the same thing they do on paid plans? Well, I purchased a Pro plan for TalkImg.
Result: Cloudflare 1 vs 0 TalkImg.
I was planning to upgrade the server in 3 or 4 months, and now I'm thinking about doing it in the next few days. I haven't done it yet, but I will soon.
Result: Host 1 vs 0 TalkImg

But, I may have lost in these two rounds, but the next one I will be winning. Because I learned more about using Cloudflare, I improved my server-side data analysis skills and anomaly detection skills. Furthermore, I feel that the TalkImg community has become stronger.
Result: TalkImg 4 vs 2 Internet Barons


I would like to finish by thanking you for your support during all these events. Rest assured, I will continue to do everything I can to keep the service online.


PS: Let's see if the attack doesn't come back with full force after this post.

I'm getting a 403 forbidden error on my end.
At first a captcha popped up but an error page still loaded up after I solved it.
Nice of you to have added a captcha . It will help against DDos attacks.

Weird. I can view it fine directly so it's probably not an AWS issue.

Hmm. I see you appear to be using cloudfront? Could be something there?

I'm using AWS, but my images still don't make it through the forum's image proxy:

No, what i mean is the ToS of Imgur which i replied the comment above me using its image hosting. Probably because of the cookies used in imgur with their ad programs. I have no comment in talkimg ToS besides that most btt users like it.

same, if you have important files, you should at least have 2 local backups and another in the cloud just in case, but it can get expensive if you have terabytes of data.

i don't wanna be that guy, but try to avoid making consecutive posts in a row @Richy_T

UPDATE
I inform you that the DDoS attack has been mitigated and TalkImg is now fully functional.
You can now upload and use the service normally.

All users who have bots, plugins or add-ons connected to TalkImg should review the settings. I ask that you check if they are working, if not, please get in touch to review what we can do to restore service.

I will soon post a report of what happened. Thanks for understanding.





Do you think TalkImg ToS are not good enough? Where do you think I could improve?
https://www.talkimg.com/page/tos

Chartbuddy is currently switched over to AWS.

---

I always facepalm when people say their YouTube was hacked and all their videos are lost forever.

We are facing this problem since last few days. I can't get the image link from the Talkimg.com site to add the image to my post. Last November 6 I uploaded a image to a post using the TalkImg.com site. We can hope that @joker_josue will complete the solution to this problem very soon.

Moreover, if uploading the image is very important for you at this moment, then you can easily extract the image link from here as an alternative.

https://imgbb.com/

I can't upload the image from TALKING to this thread.   What should I do now?   Seeking cooperation from seniors.

While posting inline images is the best way to post images, this simply will work too but the issue here is uploading images is not possible on talkimg even others image hosting site as well, and forum image proxy have problems too so showing images is not possible lately.
So a better image hosting with good ToS for private person is one thing to choose from.