im getting attacked by mutli refresh's of a user that always changes his IP address.

this thing gets my website stuck and all of the hosting server stuck... every few mins forcing it to restart the hosting server

my web hoster told me i got one last chance to make it right before i need to find another hosting service,

my question to you, is there something like anti refresher per second i can install\configure to make the attacks stop?

me too,i get attack in my site.
so my site down for 3days.and i lost my members.
im using vps before this.
and now im using dedicated server.the problem is solved.

it may not be your site that is getting attacked do you have a log file?. it could be that you are on a shared server and there's someone else is to blame

i got the log files, reported IPs to ISP
its my domain and i can show you the logs but i dont think it would help solve this

how to check log file in vbulletin?

i checked my apache logfile in the DirectAdmin hosting server

Does your server have connlimit enabled in the kernel, if it does, you can try this, just paste that in at a ssh prompt, iptables will error if its not compiled in.

iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3 -j REJECT --reject-with tcp-reset

That is global, wont matter what ip he is using.

i need something like a mod what auto ban's users who refresh the forums more than X times in a minute

If the user is simply clicking refresh in a browser, he isnt going to be able to crash your site unless he is connected with 100's of browsers or a script.

The connlimit will stop anyone that is connected to port 80 more than 3 times and block the rest of the connections, i simply dont see it possible for him to crash your server the way you are saying he is doing it.

well, thanks.
ill try doing this next time my hosting admin will be online

Do you know how to ssh into a server?

If you do, simply copy and paste that command and hit enter, if it spits back a error connlimit isn't compiled in to the kernel, if it accepts it, then your good to go.

That will stop any ip that is connecting more than 3 times to the server on port 80, that means refreshing as well.

i got an error while doing your command
iptables: No chain/target/match by that name
how do i fix this?