Accessing the site doesn't work 503 Service Unavailable error

Question

Accessing the site doesn't work 503 Service Unavailable error

GoWithTheFlow12 opened this issue a month ago · comments

Problem

Evidence / Screenshot

Relevant URL(s)

When I access the website it loads very slow, and when it loads I have this error:
503 Service Unavailable
No server is available to handle this request.

Reproducing the bug

Go to ...https://openlibrary.org
Do ...just wait for the page to load, it does not load

Expected behavior:
Actual behavior:

Context

Browser (Chrome, Safari, Firefox, etc): tested on chrome and mozzila
OS (Windows, Mac, etc): Windows
Logged in (Y/N): I was logged in when the error occured, then I tested in other browser where I was not logged in and it didn't worked as well
Environment (prod, dev, local): prod

Notes from this Issue's Lead

Proposal & constraints

Related files

Stakeholders

Note: Before making a new branch or updating an existing one, please ensure your branch is up to date.

Drini Cami · Answer 1 · Tue May 28 2024 00:14:28 GMT+0800 (China Standard Time)

Unfortunately archive.org is experiencing a DDOS attack; you can monitor the state here: https://x.com/internetarchive/status/1795117949499445554?t=zqku2Aj-neWfjdCruTvCgw

Vladimir Cicovic · Answer 2 · Tue May 28 2024 04:59:41 GMT+0800 (China Standard Time)

Hi people,
This is CC attack. Could I help with this?
Please provide me contact person - so I can share ways to stop this kind of attack

I did have the same attack, then I investigated how to stop it - I also tested against the tools they are using.

Most of IP are proxy servers and you have full log of this:
"GET /?search=AiMEppijD"

So when you get this msg - contact me I am willing to help ASAP providing a script to "patch" against this attack.

Drini Cami · Answer 3 · Tue May 28 2024 17:36:32 GMT+0800 (China Standard Time)

The problem has been resolved! Thanks for the offer @vladimircicovic ! We have staff who help resolve issues like these, but I'll forward your message along 👍

Vladimir Cicovic · Answer 4 · Tue May 28 2024 22:00:01 GMT+0800 (China Standard Time)

Again you have DDOS but this time it looks like a UDP flood or ICMP flood (I am guessing this, based on the ping missing packet)
Also, I could help with this new attack. For the record your https://archive.org/, - if not anycast (same IP around the globe) and it is one IP so they could flood with easily. The strategy for this would be to use Point of Presence around the globe.

Limiting ICMP/UDP packets per second with your firewall could also help in this case.

EDIT: I checked it, and there is no anycast, it is only one IP at gw internet-archive.e0-29.core2.sfo1.he.net

So when they attack - failure will go on the part of the PoP IP and not all PoPs you have.
They change tactics as you make updates.

ping archive.org
PING archive.org (207.241.224.2) 56(84) bytes of data.
64 bytes from www.archive.org (207.241.224.2): icmp_seq=2 ttl=51 time=175 ms
^C
--- archive.org ping statistics ---
8 packets transmitted, 1 received, 87.5% packet loss, time 7101ms
rtt min/avg/max/mdev = 175.214/175.214/175.214/0.000 ms

ping -c 5 archive.org
PING archive.org (207.241.224.2) 56(84) bytes of data.

--- archive.org ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4045ms

Drini Cami · Answer 5 · Tue May 28 2024 22:44:31 GMT+0800 (China Standard Time)

Hi @vladimircicovic thanks for the help! Yeah there's another event occurring now: Updates here https://x.com/internetarchive/status/1795451463465845141?s=46&t=zqku2Aj-neWfjdCruTvCgw

Vladimir Cicovic · Answer 6 · Tue May 28 2024 23:34:50 GMT+0800 (China Standard Time)

Hi @vladimircicovic thanks for the help! Yeah there's another event occurring now: Updates here https://x.com/internetarchive/status/1795451463465845141?s=46&t=zqku2Aj-neWfjdCruTvCgw

My last comment was for that attack. Before was an HTTP layer 7 attack, now is (was) probably an ICMP or UDP flood attack.

Mek · Answer 7 · Wed May 29 2024 00:45:51 GMT+0800 (China Standard Time)

@vladimircicovic thank you very much for sharing your insights and helping us. It's greatly appreciated. Would you be open to an invite to our internetarchive / openlibrary slack in case we have followup questions? Thank you again

cc: @bfalling, closing this issue for now

Brenton Cheng · Answer 8 · Wed May 29 2024 01:45:47 GMT+0800 (China Standard Time)

@vladimircicovic: One option our security team is considering would be a synproxy recipe for linux ipvs in Direct Routing mode, if we can find one. Is this something you would know about?

Vladimir Cicovic · Answer 9 · Wed May 29 2024 03:25:36 GMT+0800 (China Standard Time)

@vladimircicovic: One option our security team is considering would be a synproxy recipe for linux ipvs in Direct Routing mode, if we can find one. Is this something you would know about?

Let us connect on Slack and I will share information with the team

Vladimir Cicovic · Answer 10 · Wed May 29 2024 03:41:40 GMT+0800 (China Standard Time)

@vladimircicovic thank you very much for sharing your insights and helping us. It's greatly appreciated. Would you be open to an invite to our internetarchive / openlibrary slack in case we have followup questions? Thank you again

cc: @bfalling, closing this issue for now

Yes, invite me