Slow response / timeouts + occasional 500
= DDOS ?
The BBC News website evidently decided earlier today that it'd had enough of 2015, and took a New Year's Eve break which extended to several hours. Error 500 on BBC News website In solidarity with the hard-working site, we at El Reg knocked off for a few lunchtime liveners ahead of welcoming in 2016 tonight. We'll be back …
Auntie is claiming it was DDOS - "Web attack knocks BBC websites offline"
Maybe he forgot the "joke" icon, but serious point... if all else fails, tune to LW. Solid as a rock across large chunks of Europe. Unless it falls down, or the valves burn out or something.
Just don't try it in our Kangoo. Something wrong with the suppression in that car and every time the car goes over a bump there's a "squirt" of something on LW.
M.
Fun fact - Radio 4 being knocked off the airwaves for more than a set period (I believe 72hrs) without explanation is one of the triggers to unleash Trident.
No, seriously.
http://www.electricpig.co.uk/2012/01/02/radio-4s-nuclear-safety-secrets-you-wont-believe-whats-in-the-airwaves/
A very British way to conduct war,
Steven R
I particularly like the sense of humor that someone has with the error graphic... the clown from Test Card F, the blackboard with 500 written on it, something in the background going up in flames and the whole image set on light grey grid with colour bars at the top and bottom...
... BOFM moment?
Mike
> Why would a DDoS result in a 500 server error?
Loads of traffic passed through the apache sever in the DMZ to the Web Server(s) in the background. Causes the webserver(s) to grind to a hault and lose connection the the apache server in the DMZ. Apache server will see this as a 500 error.
It's very erratic, working, gone, working again, gone again.
I think DDOS is the most likely cause, and if I was looking to bring the "Mighty" BBC down, I'd try it in the Christmas holidays. Some sysadmins on duty, but the majority I imagine will be off preparing for the change of the year.
Don't envy those working or those on call, I would imagine they are up to their necks in the mire.
Main bbc.co.uk not responding "This page can’t be displayed" as a certain well-known browser has it.
bbc iplayer radio app on my phone "if you're connected to the internet, it's probably an issue at our end..."
BBC press office (@BBCPress) have tweeted "we're aware of a technical issue..." some 30 mins ago
Weather regional queries not working (brief flash of 'we are experiencing technical problems' text when using search box, then shows list of locations, then just stops when you try to select a location) but National summary page up.
Databases getting hit?
Coat: nice day so off out.
BING BONG! This is a public service announcement.
We regret to inform you that due to exacerbated overuse of the word 'austerity', an unacceptably high number of stories about water being wet and what you really shouldn't put in a dead pigs mouth if you want to be Prime Minister one day, plus the current juju-flop of an economic situation, today's weather has been cancelled and will not be reinstated until further notice.
Please contact whoever you like (as long as it's not us) if you require more information.
Thankyou for your attention.
Oh, and erm, happy new year.
BING BONG!
Either a DDOS or their web servers are in the basement of one of their nice new buildings in the north west of England and its a PDOS (where the P indicates an unusually excessive amount of rain).
Note for those outside the UK: modern office/school/municipal buildings in the UK are often built with flat roofs and located in areas known to flood; some of them win architectural awards, and then the windows fall out.
What, no mention of TITSUP?
It's at times like these I spare a thought for the poor operations folks who are no doubt getting glared at by various species of middle-manglement.
As an infra/ops myself, only one phrase adequately sums up these moments... brown out.
My advice, get it fixed then have alot of --------------------->
This post has been deleted by its author
This post has been deleted by its author
www.bbc.co.uk
Address lookup
canonical name a1733.g.akamai.net.
aliases www.bbc.co.uk
www.bbc.net.uk
www.bbc.co.uk.edgesuite.net
So either it was a massive DDoS that could overcome Akamai's Edgeserevrs (assuming BBC do not just use European ones) or there was a bit of a cockup in some configuration activity within BBC or Akamai.
Yuk!
Double CNAME lookup.... horrid... didn't look like that last time I checked!
... and no IPV6 either !
root@ns0:/var/cache/bind/mike# dig www.bbc.co.uk
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.bbc.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31455
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.bbc.co.uk. IN A
;; ANSWER SECTION:
www.bbc.co.uk. 300 IN CNAME www.bbc.net.uk.
www.bbc.net.uk. 300 IN CNAME www.bbc.co.uk.edgesuite.net.
www.bbc.co.uk.edgesuite.net. 7200 IN CNAME a1733.g.akamai.net.
a1733.g.akamai.net. 20 IN A 92.123.140.41
a1733.g.akamai.net. 20 IN A 92.123.143.249
Then again are the Beeb just using Akamai for CDN rather than CDN and DDoS protection? They do have some IP addresses out in plain sight so a DDoS could have gone through the back door
Try looking up without the www and you get
canonical name bbc.co.uk.
aliases
addresses
212.58.244.22
212.58.244.23
212.58.246.79
212.58.246.78
It does seem that way, doesn't it? There's been several heavy, multi-day attacks lately and it's very troubling. Such as "who's launching them?" "Why?" "What else are the originators of the attack doing in the background? IOW, DDoS is a cover for something else?". And lastly "who's next?".
Who ever is controlling these attacks has some access to some serious assets. I'm not buying the argument it's "bored script kiddies on school holiday". There were several prior to the holidays starting.
Well done 'hackers', you managed to disrupt BBC. You've gained nothing politically or financially but at least it will make you feel big and clever so it wasn't completely a waste of effort. Also, any action that deprives viewers of the brain rot that is "Eastenders" can't be all that bad.
Firefox still complaining about https://www.bbc.co.uk/news
www.bbc.co.uk uses an invalid security certificate.
The certificate is only valid for the following names:
a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net
(Error code: ssl_error_bad_cert_domain)
bbc.com/news fails instantly.
bbc.co.uk/news redirects to bbc.com and dies
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Some of us really old school people, we access the news from the subdomain news.bbc.co.uk and this has not been restored.
I would update my 20+ year old book marks but modern web browsers have made this impossible with their completely mindless/pointless fiddling with the browser UI, I can't find my bookmarks even when I try.
It's been said many a time and is now happening for real - TV is moving off expensive free to air bandwidth and going online.
E.g. BBC 3 going online-only this year.
So will this be seen as a stress test?
Be interesting if a DDOS hits your news service just as a terrorist attack starts...
Latest story is that some anti IS group "New World Hacking" was just testing their DDOS capabilities?
http://news.netcraft.com/archives/2016/01/04/bbc-websites-still-suffering-after-ddos-attack.html
I wonder why they chose the BBC? It seems "mostly harmless" to me.
There must be a few other sites that are just as "big" & more deserving of a timeout.
"I wonder why they chose the BBC? It seems "mostly harmless" to me."
To quote a quote from a BBC article on the matter "Because we can", apparently they were just testing their 1337 scripts and had a bit of trouble stopping the spam torrent (presumably because the attack took out their own control channels).
I am guessing that they think that because just a "test" and the duration was an "accident" it is OK because they are "Anti ISIS"... I wonder if the plods will be kicking their doors down at 3AM.