Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Out for maintenance?
Author: S.Welter2   (4 Dec 07 3:59am)
What is it with projecthoneypot.org being down for maintenance so often, for a long time? Or is that just me seeing that message?
 
 Re: Out for maintenance?
Author: M.Prince   (4 Dec 07 9:12am)
It's not just you. We're experiencing significant growth in two areas:

1) Email Spam Traffic; and
2) Visits from Google and other search engine spiders.

Our database has, at times when imports are going on, ground to a halt. Our priority has always been to make sure the honey pots continue to work even if that means we have to take down the public website. We're making major infrastructure upgrades over the next few months. Until that happens, we will continue to have website outages.

Be assured that the honey pots will continue to work, we're still tracking the bad guys, and all the data is being recorded... in the short term, it's just not being displayed.

Matthew.
 
 Re: Out for maintenance?
Author: M.Fischer2   (6 Dec 07 8:34pm)
I thought the project had been canceled. I finally gave up and removed all my MX records that I had donated to you.
 
 Re: Out for maintenance?
Author: A.Grimm2   (7 Dec 07 5:00pm)
Thanks for your reply, M.Prince. I was also wondering what was going on.

It might help if the error message were rephrased to indicate that it's not just a routine shutdown. I was worried that I had been blacklisted from the site for some reason. (Wikipedia tends to be very frank when it was overloaded, and didn't suffer for being open.)

Also, the maintenance email address doesn't work, further adding to my paranoia that I'd been blacklisted.

But apart from that, thanks for all your good work!
 
 Re: Out for maintenance?
Author: M.Prince   (8 Dec 07 2:17pm)
We fixed the maintenance email. We'll rework the error message. We keep thinking that we've got things under control and then the IO wait on the DB gets out of control again. New hardware on order. In the meantime, we've rented some space on some servers to offload some of the load. The nice thing is that we designed the system to be fairly easily distributable across multiple machines. We just experienced such a massive increase in traffic over the last few months that we haven't been able to keep up. Again, should be fixed soon. Project is definitely not cancelled! And, even when the website is down, we're still handing out traps and receiving spam message.

Matthew.
 
 Re: Out for maintenance?
Author: P.Hauser   (8 Dec 07 3:18pm)
Thanks, Matthew, just keep tough like you did since 2004!

Our best wishes from Europe to the Project HoneyPot,
to your team and to the HoneyPot-members
for a better internet in 2008!
 
 Re: Out for maintenance?
Author: R.Bricco   (25 May 08 12:39am)
Are you guys hosted on a 486 in somebody's garage? I could probably donate some server or DB resources to the project if it would help in any way.
 
 Re: Out for maintenance?
Author: M.Prince   (25 May 08 9:42pm)
You'd think we were on a 486 wouldn't you....

We actually have pretty significant hardware spread across two world-class data centers. The problem is that our original schema hasn't been able to keep up with our increased load. Let me describe our current setup in order to explain the problem:

- We receive many million email messages each day (far more than we report on our statistics page).
- Those messages all arrive at autonomous mail servers that know nothing about the rest of the Project.
- At specified intervals, a central machine collects the messages that have been received on one of the mail servers to process them.
- Approximately 1 in 7 messages we receive is from an IP address we haven't seen before.
- Each new IP address results, effectively, in a new web page.
- At the same time, harvesters are banging away at honey pot pages around the web. Each time one of the honey pots is accessed, we need to respond with a new spam trap email address and record the IP that the spam trap was handed to.
- The value of the Project is, in part, the ability to relate together various events (harvesters with spam servers with other IPs that are in the same net block) so each time an event occurs we do a lot of relating to see how that event is connected with other events we've seen.
- The scoring system we built for http:BL takes into account a number of factors including when the last activity for an IP address occurred. That means we need to traverse millions of IP records every time we build the http:BL zone files.
- Meanwhile, we're like a Google suck -- since our website is so massively interconnected and since we create so many new pages all the time the Google spider hits us several million times per day. Literally. That's good because it gets data out and makes it more accessible. It's bad because... well, it can be overwhelming.
- The setup is fragile in so far as when we begin to fall behind the problem escalates out of control very quickly.

So we've chosen what to prioritize. We decided that we wanted to prioritize the functioning of the honey pot network, the reception of email, and the distribution of http:BL ahead of information displayed on the website. When the website goes into "Maintenance" it is because our engineers have determined that the load from the website has reached a point that it threatens one of our higher priorities. We shut down the site for a while and let the databases catch up.

What are we doing to solve the problem. First, we have ordered and installed more hardware. Instead of relying on a single back-end database we now have a master/multiple-slave setup. It helped a bit, but at the same time we installed more mail servers which has increased the volume of spam, so it hasn't helped enough.

We're also redesigning the database schema from the ground up. For example, we originally had different tables for different IP types (e.g., harvester, spam server, dictionary attacker, etc.). That made some sense because we thought of those as different things back in the day, but it meant that doing a query like "Show me the IPs near 157.252.10.251" had to hit multiple tables. Bad news. The new schema has a single table for IPs and then assigns characteristics to describe the IP in question. Lots of other similar changes that should make things like generating the http:BL zone files MUCH faster.

The good news is that during all these challenges the core functioning of the Project has remained basically online. The website goes down a lot. That frustrates me. We're working on creating a scheme that will keep is up and still allow us to provide as much useful information as possible.
 
 Re: Out for maintenance?
Author: M.Prince   (26 May 08 7:50pm)
After discussing it with our engineers we've made a small change that should make the maintenance mode less painful. Now, if you're logged in, in most cases you'll be able to get to the IP address data even when we're in maintenance. That limits the impact of Google's bot on our system while still allowing members to see the data. If things get really backed up, an ultra-maintenance mode will shut down your access even if you're logged in.
 
 Re: Out for maintenance?
Author: R.Bricco   (27 May 08 3:42am)
Wow. Thanks for taking the time to explain it. Now I have a better understanding (and respect) for what the admins are having to deal with. Keep up the great work....



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email