is this site just down?

[Blas]

shits been down for almost days now, is there a way for us to fix it/get in touch w who can?

[Wordz AhGod.]

Not sure what was going on yesterday but I couldn't get on much for most of the day. Seems to be fine for me today though.

[Blas]

Not sure what was going on yesterday but I couldn't get on much for most of the day. Seems to be fine for me today though.

yeah it's on and off tbh was jw if theres a way that we can update it or do anything abt it, it goes down pretty often for me

[strobe]

Sorry about the downtime. I'm looking into it. Seems like the forum is getting flooded by bots or something with thousands of IPs accessing the forum simultaneously

[Wordz AhGod.]

Sorry about the downtime. I'm looking into it. Seems like the forum is getting flooded by bots or something with thousands of IPs accessing the forum simultaneously

Oh shit the man the myth himself.

[Blas]

Sorry about the downtime. I'm looking into it. Seems like the forum is getting flooded by bots or something with thousands of IPs accessing the forum simultaneously

what up goat! yeah it's been down for a few days now basically. whenever I click "whos online" it shows thousands of non registered accounts online. Is someone doing that maliciously or is there a benefit to bot the site I'm unaware of. Also is that the only problem, the site has been kept up to date otherwise and should be working?

[B0Z0]

Oh shit, we are back. I was away the weekend and thought that was just down on mobile.

Sounds like a bot attack; that would be my guess.
This is just going off of running forums in the early 2000's - every now and then we would find a flood of bots making fake accounts and essentially using them to scrape data or run scams. Has there been an influx of new user sign-ups and spam posts?

I'm clutching at straws and assumptions. But there are a-lot of dead forums online that are just spam boards now, as they are so inactive, maybe they were just trying their luck with RB. Or maybe we were just on a list of alot of other forums.

[Blas]

Oh shit, we are back. I was away the weekend and thought that was just down on mobile.

Sounds like a bot attack; that would be my guess.
This is just going off of running forums in the early 2000's - every now and then we would find a flood of bots making fake accounts and essentially using them to scrape data or run scams. Has there been an influx of new user sign-ups and spam posts?

I'm clutching at straws and assumptions. But there are a-lot of dead forums online that are just spam boards now, as they are so inactive, maybe they were just trying their luck with RB. Or maybe we were just on a list of alot of other forums.

there's for sure been a few spam posts, but how could scraping data from this site even help any1? also if you look at the "whos online" quick link, it shows 6500 accounts browsing right now which is obviously not the case.. i wish it was LOL

[B0Z0]

there's for sure been a few spam posts, but how could scraping data from this site even help any1? also if you look at the "whos online" quick link, it shows 6500 accounts browsing right now which is obviously not the case.. i wish it was LOL

Maybe I’m wrong, but I figured it was the same kind of thing that used to happen back in the day. Something like this:

If you flood a site with bots and traffic, it can slow the server down or even crash it. That’s basically a DDoS. It doesn’t directly expose security holes, but it can go hand-in-hand with other attacks. The real danger is if someone takes advantage of an outdated version of vBulletin (we’re on 4.2.3, and the latest release is vBulletin 6). Old versions are known to have vulnerabilities that can let someone break in.

Once they get through, the main prize is usually the database. That’s where you’ll find things like usernames, email addresses, and password hashes. They’re not stored in plain text, but older hashing methods can sometimes be cracked. From there, attackers often try the same email and password combinations on other sites. If someone reused their forum login for email, PayPal, or anything important, it could lead to bigger problems.

Back in the early 2000s, forums were prime targets because security updates didn’t always get applied quickly. vBulletin itself is decent when it’s patched, but leaving it outdated makes it an easier target. Even if a lot of members here are inactive, the sheer number of accounts could make the site attractive to someone testing their luck.

TLDR: don’t reuse the same email and password for forums as you do for anything sensitive, especially banking or payments. That’s the safest takeaway.

[Blas]

Maybe I’m wrong, but I figured it was the same kind of thing that used to happen back in the day. Something like this:

If you flood a site with bots and traffic, it can slow the server down or even crash it. That’s basically a DDoS. It doesn’t directly expose security holes, but it can go hand-in-hand with other attacks. The real danger is if someone takes advantage of an outdated version of vBulletin (we’re on 4.2.3, and the latest release is vBulletin 6). Old versions are known to have vulnerabilities that can let someone break in.

Once they get through, the main prize is usually the database. That’s where you’ll find things like usernames, email addresses, and password hashes. They’re not stored in plain text, but older hashing methods can sometimes be cracked. From there, attackers often try the same email and password combinations on other sites. If someone reused their forum login for email, PayPal, or anything important, it could lead to bigger problems.

Back in the early 2000s, forums were prime targets because security updates didn’t always get applied quickly. vBulletin itself is decent when it’s patched, but leaving it outdated makes it an easier target. Even if a lot of members here are inactive, the sheer number of accounts could make the site attractive to someone testing their luck.

TLDR: don’t reuse the same email and password for forums as you do for anything sensitive, especially banking or payments. That’s the safest takeaway.

ok that all makes a lot of sense ty for explo, very interesting. the part im still confused about is why it says there's 6500 ppl online almost 24/7 on here, but the site is working fine now. so a big take away is that they should update to vBulletin 6 as well.

[B0Z0]

ok that all makes a lot of sense ty for explo, very interesting. the part im still confused about is why it says there's 6500 ppl online almost 24/7 on here, but the site is working fine now. so a big take away is that they should update to vBulletin 6 as well.

Sorry for the long replies and for going a bit technical here, but I guess that what we’re seeing is mostly crawlers, basically bots that scrape content or poke around for SEO reasons. That doesn’t always mean it’s malicious; sometimes, site owners use these tactics to boost visibility in Google. But it still could be malicious.

The reason it’s not really slowing the site down is probably because our servers are strong enough to handle it, and a lot of this traffic is what you’d call “lightweight.” Bots usually just grab the page itself without loading all the extras like images or JavaScript, so they don’t use up much bandwidth. On top of that, they’re likely being served cached pages instead of hitting the database every time, which keeps things running smoothly in the background.

As for updating, we don’t necessarily need to move all the way up to vB6 just for this. As long as vB4 is patched and we’re on the latest security updates, we’re fine. The bigger concern, in my opinion, is that we’re still running on HTTP instead of HTTPS. Without HTTPS, the connection isn’t encrypted, which means anything sent or received on the site (logins, messages, posts) can technically be intercepted or snooped on by someone in the middle.

So the short version: Those huge guest counts are almost definitely bots. They’re not really hurting performance since most of them are just hitting cached pages and making lightweight requests. The bigger thing we should worry about is switching to HTTPS so the site and everyone’s data are actually secure.