[00:56:43] Are things better now? Anyone still seeing things? [01:06:38] All clear [01:41:52] Looks to have been a ddos [01:48:02] oh god [01:49:58] We need to figure out how we can stop that from happening again [02:34:14] I've banned a number of IPs in the firewall, won't prevent this from happening if they have other sources, but should immediately prevent the previous offenders from running it again. [03:52:28] who would want to ddos a wiki farm ... [04:21:38] Why would they want to DDOS Miraheze? Why don't they go and DDOS Fandom or something? [04:31:20] although I remembered now that Wikidot blocks Russian and Belarusian IPs because of hack incidents [04:32:21] in other news, it seems like wiki.gg has random logouts problem too [05:19:01] idk if this is part of the ddos attack that just happened but as i was editing my wiki my wifi died [05:19:55] @k6ka previously it was apparently Minecraft users believed to be behind one of the DDoS attacks we've had. [05:20:25] I've no idea on this one, void will have to ask police. [05:37:47] Was it even intentional? [05:46:56] No idea in this instance [06:21:49] Hi. I am an italian teacher. I create a wiki for my students. I 'd like only my students can register to my wiki. Is it possible to restrict registration to user with a specified domain email (@itsos-mariecurie.it)? Thanks [06:34:32] We can't restrict registration as accounts are global across Miraheze [06:37:40] couldn't they make the wiki private? or only have a specific user group being able to edit? [06:43:40] That would be the best approach ye [06:56:40] I guess confirmation emails are needed for checking who's the user requesting access to private wiki [07:19:25] Thanks for asnwering me. Ok i set my wiki as private wiki. And then? How confirmation works? thanks for helping me [07:23:52] [1/3] student must register an account on Miraheze (main Meta wiki will work for that). [07:23:52] [2/3] then he should visit your private wiki - he will see only main page at first. [07:23:53] [3/3] after that you will we see that user in your wiki's user list and you should give him member role. [07:25:26] ahhhh. great. now i ask a student to register my wiki. i make you know if it works. thanks a lot [07:27:16] list of users who visited the wiki is on `.../wiki/Special:ListUsers` page, and the page to give role is `.../wiki/Special:UserRights` [07:48:54] ok. [08:35:45] Question how much that take to have our wiki made ) [08:37:19] depends on who is available to create wikis, could be a couple of hours [08:37:57] Okay thanks [08:38:08] You for the info [09:35:07] getting 502/503 again [09:35:58] same.. [09:36:32] i'm getting this error? [09:37:29] other websites are loading fine, so it seems to be a Miraheze issue [09:37:44] @paladox [09:37:50] Well, crap. [09:37:54] I have that too. [09:38:00] Not again! ๐Ÿ˜ฆ [09:38:01] yes, time out on my main wiki [09:38:13] is that new ddos attack lol [09:38:40] https://tenor.com/view/short-circuit-johnny-number5-input-more-input-johnny-number-five-gif-23984399 [09:43:29] <:LettuceHandsSad:999262496928038963> [09:43:40] dude this sucks, what's even the point of ddos-ing Miraheze [09:43:54] it's literally just a niche wiki farm [09:44:03] there's nothing to really gain from it [09:44:33] fandom saw increased amount of wikis forking lol [09:44:39] SDFGDSFGFD [09:45:09] TBH the only reason I still use fandom is because certain wikis aren't jumping to Miraheze any time soon [09:45:16] and the achievement badges [09:45:28] achievement badges can be implemented [09:45:33] i like seeing the points go up <:wheeze:1013866498600738906> [09:45:41] <:eyes_zoom:606564192035667983> [09:46:46] they are tied w/ a rather outdated social extension tho, but I believe Original Authority works on a new thing [09:47:30] NICE NICE [09:50:03] that's one less reason to use fandom then lmao [09:50:12] fellas, still experiencing errors? [09:50:18] yes [09:50:23] I joined because of it right now [09:50:31] <:babyyay:834175087913205760> THE PAGE LOADED [09:50:49] it did for me too [09:51:13] please tell me the archive I made from 2010 last night isn't lost [09:51:14] I advise to not constantly check/refresh, cus it might add on actual issue [09:51:43] there's no precedents for that [09:51:53] just slow downs [09:52:04] ok it's loading [09:52:22] ^^ yeah Miraheze isn't gonna disappear that easily [09:52:35] it's just some randos being nuisances [09:52:38] I wasn't aware servers were down but I just randomly got a bot editing a page during them [09:53:00] oh ew [09:53:09] cringe-ass spambot [09:53:19] bot decided to ignore the servers being down [09:53:24] was not aware spambots existed outside griefing [09:53:29] makes sense [09:53:37] I guess bots are the reason [09:53:37] yeah nah they're semi common on wikis [09:54:31] back in the day, the wiki I admin on fandom got quite a few randomly creating blog posts that were just excerpts of Harry Potter with random ads copy-pasted in between [09:55:40] macfan, are you here? [09:56:54] my wiki isn't reported properly on Google yet so that's why I don't have bots is there anything I can do against it like a master block list ? [09:58:31] that's all on system administrators [09:59:55] yay it's finally loaded [10:01:05] constantly refreshing pages might add on actual issue, give it a cooldown for some minutes [10:02:10] ^^ yeah if it doesn't reload the first time, just come back later [10:20:39] ope got a 503 [10:20:46] Itโ€™s down [10:21:42] yes, many Miraheze wikis are now, suspected DDOS'ing [10:21:57] we are waiting for sys admins to resolve [10:22:52] i hope this gets resolved soon... [10:23:19] same.. [10:27:30] ๐Ÿ˜ญ [10:37:39] Things seem fine now. [10:54:59] Same here. ๐Ÿค” [11:06:50] Same here. ๐Ÿค” [11:09:17] alright ๐Ÿ˜ฎโ€๐Ÿ’จ [11:10:42] is it over? [11:11:14] i hope this mess doesnt happen again later on today oh no [11:44:05] is it over? [11:44:09] i hope this mess doesnt happen again later on today oh no [11:49:39] Yes [12:00:24] dude, are you replying to a message from 2020? [12:14:00] Better late than never [12:17:45] I See the issue has resolved [12:18:07] yeah, but it's second time within a day [12:18:36] https://discord.com/channels/407504499280707585/407537962553966603/1151320524606144522 [12:45:55] what [12:59:05] ip blocked, seems they came back for round 2 but stopped sometime after 10am utc time [13:21:20] which IP these are tho, normal from a single country or VPN/proxy? [14:12:46] More DDoSing? Or is it just my internet? [14:19:15] Might just be my network sorry [14:33:43] I guess SoundCloud embeds aren't allowed per CSP as well and I'll have to make phab task? [14:33:56] or they are? [14:38:49] The 503s are returning [14:50:24] 502 Bad Gateway [14:50:58] website issues? [14:51:37] Looks like we're being DDoSed [14:53:22] ๐ŸŽ‰ [14:54:19] Why is being DDoSed something to celebrate about? [14:54:58] that is the joke [14:55:26] Ah, I see what you mean [14:56:38] <:LettuceHandsSad:999262496928038963> hopefully the DDOS-ers get bored soon [14:56:44] <.tounae_official> So all site met the same 503 problem? [14:56:47] <.tounae_official> damn [14:57:35] We're being DDoSed [14:58:08] <.tounae_official> that's terrible... [14:59:22] i got a 503 too [14:59:42] @paladox: ^ [15:00:17] oh not again [15:00:36] See the above messages [15:00:53] ok [15:01:00] it's hetzner [15:01:01] oh my [15:01:14] and thanks [15:01:14] Who's hetzner? [15:01:20] hetzner who [15:01:57] it's a server provider in germany [15:02:10] it's not the company but someone who has a server with them (or vps) [15:02:20] <.tounae_official> Oh I see [15:03:17] <.tounae_official> So we just wait until he stop...? [15:04:41] well there's not a whole lot we can do apart from block the ips [15:04:44] since it's a ddos [15:06:10] oh it seems to be coming from hostinger as well??? [15:07:24] I posted a notice to all MH social media [15:07:49] blocked two more ips. [15:09:35] starting to write a new page while knowing of the errors was a clown move on my part ๐Ÿคก [15:10:57] <.tounae_official> editors in my wiki started writing in txt lol [15:10:59] ok they are using two many ips to block them all lol [15:12:07] @orduin around [15:12:07] Just block every IP used by a hosting provider; that'll stop 'em [15:12:10] ack [15:12:31] _is waiting at #announcements_ [15:12:40] (At least ACK would be sufficient) [15:13:41] their using Ooredoo as well [15:13:45] Thx xD [15:13:55] Was gonna write an announcement but paladox beat me to it [15:14:16] <.tounae_official> try to enter wiki and meet ERR_TIMED_OUT instead of 503 [15:25:40] darn i may have celebrated too early- i was gonna say something about my wiki being up again so that means the attacks have been dealt with but nope! got another bad gateway error. i guess i'll have to wait this one out [15:26:23] @alstene18_3868 things might be an issue for a bit [15:26:30] yeah true [15:26:36] I'm trying to get a bit of a sit rep from @paladox [15:27:01] Updated the status page as well (status.miraheze.wiki) [15:27:15] MacFan4000: can you see tech-community [15:27:26] If you know the answer to my 2 most recent Qs [15:28:08] Finally, it didn't return a 503 [15:32:22] victory solved [15:34:36] i've deployed a temporary hack that basically returns 429 for the wiki the attacker is attacking [15:34:42] it's not ideal [15:34:51] but it'll bring service back up for everyone else [15:35:27] (only affects it over static) [15:35:36] @paladox do you mind sharing the wiki in DM [15:35:48] the reason why everyone is affected is because of tcp conns running out. [15:36:12] sure [15:36:29] _spends too much time reading cyber security stuff at work. My advice is good._ [15:43:42] 503s are back again [15:45:05] @tali64 assume we're aware [15:45:37] I'm about to submit a help request to authorities [15:46:29] Why would someone DDOS Miraheze? I was reading AllTheTropes when I suddenly began getting 503 errors. [15:47:03] @mrbradlerz giving information too widely on an active incident allows attackers to know what we know [15:47:58] and relay is down [15:50:05] and.... we're back [15:52:15] hi [15:56:53] Idea: If there are more than 50 page requests from an IP in 5 minutes, block that IP for 24 hours [15:57:25] @tali64 not that easy [15:57:34] We already have rate limits [16:01:45] i'm going to leave my hack for a bit [16:01:51] fyi @orduin ^ [16:02:37] @paladox if there's any sign of them getting past it, can you text/ring me? [16:06:01] for the record, i'm impressed with the volunteers running the platform behind the scenes and how y'all responded to this [16:06:06] thanks for your efforts! [16:07:44] @jph2 were doing everything we can and working with UK authorities to control it [16:08:06] I've submitted a live incident report to NCSC and categorised it as high risk [16:08:16] So a DWO should be in touch soon [16:21:23] [1/3] Hi. Saw the discussion about the shut down and: [16:21:24] [2/3] 1) What is the reason to move the HQ from the UK to Illinois? [16:21:24] [3/3] 2) Will donations given at the moment reach the new organisation? [16:21:59] not the time [16:24:14] in short - no shutdown [16:24:36] Sorry, I don't quite follow... [16:25:00] we're focused on the major security incident [16:25:01] atm a bit busy w/ Miraheze getting DDOS'ed [16:25:28] Okay. Will ask on the board. [16:27:37] Because it would benefit us, and yes donations would transfer when everything else is [16:27:53] How? [16:28:37] As it stands Miraheze doesnt qualify for charity status in the UK, in the US, we would have a chance to qualify as a 501c3 which could lead to grants [16:29:05] Okay, that makes sense. [16:32:07] Good luck [16:44:34] [1/2] in the meantime, I'm looking for a CSS advice ๐Ÿ‘€ [16:44:34] [2/2] https://discord.com/channels/407504499280707585/1151251016310865950 [16:50:52] Can users be reminded that a DDoS is a criminal matter? Miraheze will engage with police and should you have any information about today's events, you should make yourself known in DM. [17:21:15] Damn, is everything okay now? [17:28:23] mitigations are holding [17:28:59] I'm hoping we can do more soon [17:48:00] do iframe script work in personal js? [17:48:56] because I didn't expect them to [17:56:00] nvm [18:05:17] How long do custom domain requests normally take? [18:13:05] Likely gonna take longer than normal right now, anyway, I would guess, as there are investigations ongoing of a few DDoS attacks that happened earlier in the day [18:16:11] How long is normal? [18:25:41] Ah alright [18:35:22] @starblazer to be clear all requests right now will take awhile as we are understaffed, and the few staff we do have have limited availability [19:02:05] [1/2] bringing you the news that FANDOM's SoundcloudPlayer script works on Miraheze fine [19:02:05] [2/2] [19:02:46] can replace Bandcamp (currently not allowed on MH, there's a ticket) or Spotify [20:40:22] Hey, I just created some new OAuth grants. Would somebody mind approving them? [20:54:36] are we getting attacked again? [20:55:55] Oh, man! ๐Ÿ˜  [20:55:58] getting time outs [20:56:21] And I hoped I will do some edits. [20:57:53] I managed to make complex of templates in the last couple of hours lol [20:57:58] that's unfortunate [20:58:34] hopefully it'll get resolved soon, that's some serious stuff [20:59:19] I think we are under another ddos attack because I cannot load my wiki ? [21:00:02] yea [21:00:51] again [21:01:44] Somebody must really not like a particular wiki [21:02:11] @orduin just letting you know it's hapenning again [21:02:43] I'm gotta sleep now [21:02:52] Yep, same here for Gregtech: New Horizons. We're currently timing out. [21:03:32] ๐Ÿ˜ฆ Poor servers, they donโ€™t deserve this [21:05:17] Attacks on non-profits like Miraheze are particularly egregious, like why would you want to take down a service that is trying to bulwark against the free and open internet built by individuals instead of corporate interests. [21:06:34] ( I know, trolls are gonna troll, but still. Be a Good Human.) [21:06:39] Well first of all there are people who don't like a free and open internet. Also they may not necessarily be targeting MH as a whole, but maybe a specific wiki hosted by MH, which then ends up effecting the entire farm [21:10:22] @paladox can you look [21:11:00] I'm looking right now [21:12:13] I don't see the spike we saw with earlier incidents. [21:12:22] [1/2] We have reason to believe the attacks are targeted. As said earlier, if you have information, please come make yourself known. You may also submit an intelligence report to Action Fraud with reference to NFRC230906175533. I encourage users to read (and watch the videos on) https://nationalcrimeagency.gov.uk/cyber-choices. The videos won't win any BAFTAs but might encourage someone t [21:12:22] [2/2] o think twice. [21:12:29] There was one, but I think I got it fast enough [21:12:40] oh [21:12:42] it was cp23 [21:12:48] @orduin please save logs to paladox's homedir [21:12:52] With the rest from today [21:12:53] load at 150???? [21:13:24] I'm monitoring in graylog [21:13:55] @orduin make sure they are backed up so when I give you an email to send them too logrotate hasn't taken them [21:53:32] Skynet: approved [22:04:12] we're aware that we're down again [22:20:04] Wish I knew enough to help, good luck team <:DoneMH:775407710400675940> [22:34:23] Site seems to be up again my end. I had four pages open in the source editor, and I've managed to save all of them. Not gonna risk doing more editing until I know for sure, in case it goes down again whilst I'm working, but hopefully that's good news. [22:37:43] same [22:58:52] we rate limited a url.