April 29th: The site is still under hostile attack. Since Easter Saturday waves of traffic from China, the US, Brazil and Europe have surged to overwhelm the servers. Daily, the load increases. At last count, traffic is running at six times normal. The attacker has control of around hundred thousand bots spread around the world. But they are attacking two randomly selected old pages. They are not even trying to hide that this is hostile.

DDoS stands for Distributed Denial of Service. In effect, massive artificial traffic is trying to overwhelm the servers. Is it China?

If you can help, I'm asking for donations to upgrade the armor here

The site is under hostile attack

On Easter Saturday, inexplicably, traffic suddenly tripled, and kept growing day after day. Each time we did updates and tweaks to the settings the site was overwhelmed by even more traffic. So all kinds of error messages appeared as the server responses were exhausted. There were cascading failures for days as different parts of the system tried to recover. Despite the calm period now, the ferocious activity still hasn't slowed down. Yesterday traffic was running at five times normal. UPDATE: On Monday it is six times normal!

Given that the attack started just two weeks before the Australian election, and during the long Easter holiday weekend, it appeared timed to strike when tech help would be away, and thus cause the longest outages and largest disruption.

Strangely (despite our election), most of the new traffic was coming from overseas, especially from the USA and Singapore. Many requests were for the same two old posts from 2020 and 2010, seemingly randomly picked, showing this was not an organic thing at all.

In the end, this attack was both clumsy and sophisticated at the same time. Whoever was doing this must have had control of something like 50,000  100,000 bots in China, the USA, Brazil and Europe and the ability to access hundreds of thousands of IPs each week. Yet they didn't even bother to request different random pages or recent pages, which might have made this look like an AI training program or new traffic. It's like they wanted us to know they were targeting the site. It was hostile. I will be notifying the Australian Cyber Security Centre (ACSC).

One particular Chinese server stood out for being a source of trouble, and after those requests were blocked, traffic from Singapore declined sharply. (Sincere apologies to any freedom loving Chinese readers affected by this.). Obviously we don't know the true original source, it may be the CCP, but there are other candidates who might want us to think it was China while they cover their own tracks.