|
Is there a mod to help with ddos attacks?
Hello, is there a mod to help with DDoS attacks?
My host has firewalls installed but yet I am still getting hit with a DDoS attack and he is doing something with a whole bunch of ip's just from his computer.. They are using sitename.com/forum.php?t=15168 or sitename/showthread.php?t=15168 I forget which but it was one of the two.. So what are some possible things i can do? THANKS Nick |
I don't think you can do anything except wait it out. We got hit last September - it started abruptly Thursday afternoon and ended just as abruptly Tuesday morning. I was frazzled the whole time, but they finally just left.
The only thing we did is my server guy installed a script that banned IPs if they were hitting the server too much in a short period of time. All this really did is make it so my users could finally get onto the site, but the site was working very, very slowly. |
Well its been happening a long time... i know who it is but he is a server administrator and has like 2 offshore proxys filtering all his activity so i can't report him to his ISP..
I have had like 20 differants hosts in the past week and the one i have now is the best one.. but do you know which script he installed? |
If you have ssh access to the server as a su user, you should drop the ips that he is using iptables
If your host has ddos protection in place, then they arent doing a very good job of it, they should be ip banning at the router. |
He has some type of botnet, and we have banned a lot of ips already
|
Quote:
|
Ok, if anyone knows of anything please post :D
--------------- Added [DATE]1205164688[/DATE] at [TIME]1205164688[/TIME] --------------- This is what im getting in emails: Quote:
Quote:
Quote:
Quote:
|
I would suggest turning off sending the error emails because they are just going to be causing more problems for your poor server. (I'm just suggesting turning it off for now. You *know* there are site problems and don't need all the emails telling you so right now.)
|
Eh, i can't login to do so
a way to do it from config.php? |
Remove the tech email address from the config.php file.
To many connections to the db dont mean there is a ddos attack happening, what is the max_connection set at in the my.cnf file and how many users are onlin in the forum on avg? |
Not many right now, i bought a new domain and only a few members at a time.. it has to be a ddos attack seeing as it is all coming from the same topic each time.. not that many people is going to go to that topic at a time, and where is the my.cnf file at?
EDIT: I found a temporary cure.. lol i redirected the url /showthread.php?t=28528 to google.com site is loading fine now :D EDIT2: down again EDIT3: working smooth now just slow at a few times, i been blocking loads of ips in cpanel, everyone who has been viewing the above link EDIT4: ehhh that makes it so you cant view any topics... STILL LOOKING FOR SOME HELP,THANKS |
What makes it so you cant view any topics?
Is cpanel adding these ip's to iptables? my.cnf should be here /etc/my.cnf if not, type this from a ssh prompt: find / -name my.cnf -print or locate my.cnf |
I can't view any topics because i redirected /showthread.php?t=28528 to google.com but it only accepted showthread.php so all topics wont show it goes to google.com
THe only thing in /etc is passwd, quota, and shadow And no i been banning the ips manually in cpanel |
DDOs Protection needs to be handled at the server level, and not at vBulletin level, Over in the Security section at WHT (http://www.webhostingtalk.com/forumdisplay.php?f=73) they have tons of articles that could help you.
Have you tried installing a firewall such as APF some things such as mod_evasive may help as well: http://www.hostgeekz.com/guides/Secu...od_evasive.htm and secure your sysctl.conf file: http://www.hostgeekz.com/guides/cPan...0hardening.htm |
I just purchased a VPS so if theres any scripts you know i can install please let me know
|
You can use iptables as i stated earlier to ban IP's at the network level, there is no need to install any scripts.
Did you do a find or locate like i said for my.cnf, that way you can increase the max_connections setting for mysql? |
No, i couldnt find the file anywhere..
|
There is 1 little trick that will stop botnets etc., i use it often on one of my sites when someone goes crazy again and tries the same as described above. Just setup a .htaccess password protection for your forum directory. You can use simple username/password and even mention the user/pass in the login prompt. This will stop botnets for sure in a very cost effective (in terms of resources) way.
Once the attack is over, remove the login again. |
Quote:
|
thats what my .hatccess file looks like when some one try to ddos my site
this Quote:
so it will get block auto lol but the bad part of this script is that it also block dial up users lol other then that rest of the scripts in the quote blow is v gud u can bann the ips blow if u want or change them just make a .htaccess file in ur root directory and copy n paste and edit the your-site.com to your site hope this helps enjoy also there is a mod in here that stop the single use form loading ur site too many times in 60 seconds or so i will look up the mod name n post it here Quote:
|
i tried to do this for my site
but i got a new homage of some security showing my ip and asking for login and pw...is this what its suppose to do RewriteEngine On RewriteCond %{HTTP_HOST} !^placed my domain here$ [NC] RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC] RewriteRule ^(.*)$ http://%1 [R=301,L] |
Erm Purchase The One On My Site Also On GZN
It Work Well Now |
| All times are GMT. The time now is 03:53 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|