1

So I had my students go to NodeJS.org to download Node.js, and they did it with no problems. Two days later, I had them go to NodeJS.org again, but none of us could access the site, not even from the designated "teacher's computer" of the classroom I was using.

However my laptop, which was connected to the school's wireless service for teachers, could still access the site. I'm assuming classroom computers and the school wireless are on separate networks. Could this mean that the anti-DDos system at NodeJS.org basically mistook us for a potential DDoS and blocked us? There were about 20 students. A week later we could access the site again.

So I'm just wondering if anyone else experienced anything like this?

Brōtsyorfuzthrāx
  • 103
  • 2
Daniel with a Spaniel
  • 13
  • 3
  • If you can reach them from any machine, the front page has links to the pages on which you can raise issues. Ask them there. Every such site will have its own policies, of course. – Buffy Feb 19 '19 at 13:16
  • 1
    Note: I see many teachers and students using the word DDOS (Distributed Denial Of Service) attack, I never hear them saying DOS (Denial Of Service) attack. There is nothing distributed about what you are describing. – ctrl-alt-delor Feb 20 '19 at 09:36
  • Have you considered torrent? – ctrl-alt-delor Feb 20 '19 at 09:38
  • Can you put a copy on a local shared drive? Another clever way too get by could be to create a torrent as suggested ( https://torrentfreak.com/how-to-create-a-torrent/ ) but the optimal solution is likely to be the one suggested first, and ask the site to give you a "clean access pass". In any case, it is a learning experience and now you'll recognise it when it happens again. Welcome to CSE :) – srattigan Feb 20 '19 at 19:23
  • @ctrl-alt-delor Thank you, I guess I focused too much on trying to convey my problem that I brain farted on the nomenclature. – Daniel with a Spaniel Feb 21 '19 at 16:43
  • @srattigan yes, I subsequently shared the nodejs exe to solve this problem. I was just posting this here to see out of curiosity if anyone else has experienced a problem similar to this. – Daniel with a Spaniel Feb 21 '19 at 16:46
  • The problem isn’t that it looks like a DDoS attack, it clearly doesn’t - all the traffic is from the same IP. It’s that it looks like a brute force attempt to break in. The rate and duration are probably also too low for it to look like a DoS attack. – dlu Mar 18 '19 at 13:59

3 Answers3

3

Yes. I have a web development class. If more than 5 people connect to the free hosting site, it stops anyone else from connecting via FTP, since we appear to all have the same IP address. Multiple connections from the same site can be a script running, and most users will not appear to have multiple connections. I do: Demo using the FTP client, go through some of the issues with connecting (error messages etc.) and then, because of this restriction, I will either:

1) Manage the class in groups (if a small class) or

2) Give them a task (ftp their site) to perform at home for review at the next class

It is annoying, but as indicated above, it is likely to detect DOS or other malevolent connections.

Gypsy Spellweaver
  • 5,425
  • 2
  • 17
  • 34
srattigan
  • 744
  • 3
  • 11
  • 1
    I didn't want to make my post too long so I didn't mention that I also experienced your problem when I tried to get my students to sign up and upload their files on a hosting site (xfinityfree to be precise). Although the conditions here are different from my Nodejs.org problem, your answer most certainly explains one half of the problem that caused me to post here in the first place. Thank you for replying. – Daniel with a Spaniel Feb 21 '19 at 17:10
  • In one class (different training center) none of the class can connect via ftp at all. This is a different problem as well (school network blocking rather than site) but I did verify that it was both the location and specific to learner accounts. – srattigan Feb 22 '19 at 18:57
2

I've had it go the other way...

Website (self hosted Moodle) worked while we set it up. Worked fine first period. Something got triggered on the school network and decided that too many students were going to the site so it got blocked.

Same as you I could still get to it from my computer, but students couldn't.

Ryan Nutt
  • 3,029
  • 8
  • 23
  • Wow is this actually a thing? Never considered it could be on the school's end. That seems so counterintuitive though, if it's a classroom for teaching programming, shouldn't they expect teachers to guide many students at a time to use the same online tools or services, hence the same websites? But then, I'm just an "outsider" educator teaching a government course hosted by a university, so I'm unfamiliar with how university IT people govern their network. But this could explain that problem I experienced. – Daniel with a Spaniel Feb 19 '19 at 17:18
  • I don't think it was our school network directly. Pretty sure it was the filtering service that we subscribed to so the students "could be safe." – Ryan Nutt Feb 19 '19 at 18:02
  • Seems possible to me that teachers and students are routed different and come from different IP addresses. So when the students mistype their passwords (and are all coming from the same IP address) the site get suspicious, but teachers are not effected. – dlu Mar 18 '19 at 03:13
  • I'd be surprised if it is your school network or the filtering service. I think it is much more likely that the Moodle was seeing lots of failed login attempts which it interpreted as either login probing or a DOS attack and so it blocked the school's IP address. The block may timeout, or it may need to be cleared manually. – dlu Mar 18 '19 at 03:24
2

It is very common for institutions to use a single IP address and Network Address Translation (NAT) to avoid the problems of getting and maintaining a larger IP address space. As a result a website experiences all of the traffic from the institution as a single user. Depending on the threshold for password failures or rate limiting the traffic may see the school's traffic as a DOS attack.

You may be able to contact the provider and see if they can adjust the threshold for your site's IP address - I know this is possible on Drupal based sites. If they are unwilling it might be worth asking if they would prefer that you use, and could recommend, an alternative site that is able to handle schools (and kids who don't type well and who forget passwords).

dlu
  • 499
  • 2
  • 14