Preventing Hacking/DDoS Attempts
This guide is copyrighted to Jordan from GFXield.com
This is my first guide, so if you think I am missing anything please don't hesitate to contact me, either by Private Message or replying to this thread. Introduction For many years, vBulletin owners have worried about hacking/ddos attempts to their forum. Many have not known what to do, while advanced vBulletin owners have taken a swift action to remove them. This guide is for those who do not know what to do, as I have seen many threads recently about this. I have recently overcame a ddos attempt, and for me this was not an experience I would like to remember, especially after having my forum open only 2 days. Below, I will explain what hacking/ddosing is, and then explain how to prevent them or stop them if they occur. Hacking This is what owners are particularly worried about. Whether it be SQL Injection, brute forcing attempts, port scanning & spoofing, phishing or ransomware, all vBulletin owners will experience this at an early point. You may not even know what some of them are, but even if you dont, it is still something to overcome before actually experiencing it. Quick note, some people thought that brute forcing a vBulletin account is impossible, we actually, it isn't. They can easily acquire some of the data by just signing up, as navigation around the forum (without vBSEO) will show them links they need etc. Denial of Service attacks (ddos) Quote:
Now, I'm not saying it is this, but this is my theory. When you post your website in the vBulletin.org section where people review your website, these sites posted here are the priority targets for some. This is because they would be easier to take down, as because your new to the vBulletin world, they may think you have a crappy hosting site. Mine personally is One.com, and with unlimited bandwidth and the help of their support, I overcame this ddos attack on my forum within 10 hours. For most, it would last a few days at least. So, how do I protect my forum? Before we start anything, I would like to make sure you change your passwords at least once every two weeks. Jot them down somewhere on a piece of paper. Firstly, I will tell you a few plugins to install onto your forum. These plugins have been personally tested by me, and I even tried to hack my own forum with some of them installed, and I couldn't do it! (The list will grow eventually, as new mods are released). vBFirewall; https://vborg.vbsupport.ru/showthrea...ght=vBFirewall This will protect you from the most common attacks, but not all of them. It will protect you from URL poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks. Track Guests Visiting; https://vborg.vbsupport.ru/showthread.php?t=201214 This will show you which guests are visiting your forum, their IP address and how many pages they have opened and to which pages were opened. Defending from attacks, from in the inside. By this, I mean your most important vBulletin file, .htaccess. This file can just about do anything for your forum, and it will help, especially when being ddossed. The code below will protect you from the programs people use to hack your forum, whether it be SQL Injection, XSS or something you have never heard of. Using your FTP client, download your .htaccess file onto your computer. Then Right Click > Open with... > Notepad/Wordpad or whatever you use. IMPORTANT: Make sure you backup your .htaccess before editing, just in case something goes wrong and your forum goes down. Scroll to the bottom of your .htaccess and add the below code in; Code:
# Ultimate htaccess Blacklist from Perishable Press Before trying this, make sure you close your forum as user traffic can make it a bit harder, just in case something does go wrong. And what if I am being ddossed? If someone is really determined, no amount of IP blocking on the server-side will stop the DDoS. If the "pipe" to the server can be filled, IP blocking will not do much. Your best bet would be to contact your host in many circumstances. If your being ddossed, you can use your newly acquired .htaccess knowledge in conjunction with your Track Guest Visitors mod. After installing the mod, scroll to the bottom of your forum to see; Quote:
If you are being ddossed, it may look a little something like this; Quote:
Now, to use this in conjunction with .htaccess? Well, it's simple, you ban the IP addresses with .htaccess, not with your forum banning options. But what if you have around 70 IP addresses, all ddossing you? Then in that case, the first two sections will be the same, the rest will be different. For example, it would be like this; (the below IPs are made up) 97.68.233.244 97.68.123.213 97.68.211.176 So instead of banning each and every IP address, you would ban a range. But banning every IP address one by one will still not stop them, banning a range would. You would do this the following way. Go back into your .htaccess (where you would edit it), and add the following lines at the bottom; PHP Code:
PHP Code:
NOTE: You do this through .htaccess and NOT the vBulletin banning, as if you do this through .htaccess it will stop them from entering your website completely. Doing it through vBulletin will still allow them to access your site, just not register. And for a ddoss attack to take place, they don't need to register anyway. You can add as many IP addresses as you want, just by adding "deny from" on a new line, followed by the IP address. Now you may be thinking, "This will stop a lot of users coming on to my website". This just might do that, but allowing them to continue the ddoss attack will stop all users from coming onto your website. You simply unban the IP addresses after a few days, once you think the ddoss attack has worn off. I hope you understand the above, and if you would like further assistance, simply contact me via PM. Most ddoss attackers come from a huge server, where they have around 1000 computers. So banning the IP address range will stop them all from accessing. For heads up, my ddoss attack came from the US, Florida from two separate locations, location right next door to each other so they would have different IP addresses. You can follow my guide above and rid of the ddossers immediately, or you can wait it out, which I suggest you DON'T do. Conclusion I hope you have learnt a thing or two from my guide above, and if I have missed anything out, please contact me via this thread or Private Message. Both will be read as quick as each other. By reading the above, you learnt how to protect your forum from the most common and rare cases of hacking, and protected it against ddoss attacks. |
Good article
Thanks iHatton |
Great article, 5 stars. Defiantly a help to anyone in this situation. I've been lucky enough not be hit... yet.
Unfortunately I can't tag this thread so I've bookmarked it just in case. |
I got This Error after uploading hattches file
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@*****.com and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. |
Excellent article.
Thank you very much. |
Quote:
Thanks for everyone's comments, if you have any suggestions as to add anything or change anything, please say. |
Thx man very very nice 5 Stars. I have not yet had anyone ddos me and hopefully i never will.
|
I too have a 500 Internal Server Error when I put in the blacklist in .htaccess
I also have this in my .htaccess PHP Code:
How would I use that blacklist with that in my .htaccess? TIA |
i really appricated d:
|
I too have a 500 Internal Server Error when I put in the blacklist in .htaccess
and only this in my .htaccess htaccess within forums: PHP Code:
htacess above forums within vba: PHP Code:
Note that I have added full blacklist txt you mentioned above under mine Also I have htaccess file on two instances cause I use VBA, error occured when I changed one within my forums while other one was intact |
it show me 500 error when i put the long code in .ht...
|
The above code should no longer give a 500 error, as all the \ were for some reason removed.
To fix your 500 error, please recopy the new blacklist listed. |
I could be mistaken but you're putting the order "allow,deny" meaning allow should come first, then the deny's underneath.
It is an excellent tutorial though - definitely worth following. On another note, vBFirewall still has issues I believe.. such as any word with 'script' in it gets blocked etc. |
how do you block a browser that has an empty user agent string?
thx google ;) Code:
RewriteEngine on |
Quote:
Thanks to everyones comments. |
Tried the htaccess file edit but it made images not viewable on the CND Garage system I have installed. I did not leave it on long enough to see if there was any other issues. 3.6.XX
|
this article worth $$$$ dollars
But there was some attacks by alexa booster , I think it have no solution till now Thanks Man |
Apachetop is a useful tool if you have the access to use it. It processes and reads an apache log file in real time and gives you stats on pages being accessed.
Also, again if you have access, you can block the ips with the servers firewall which will save even more resourses as apache dosn't even see the requests. |
Quote:
Try this: Quote:
|
Should it add this:
Code:
# Ultimate htaccess Blacklist from Perishable Press |
Quote:
Code:
RewriteEngine On |
Put my IP in your .htaccess and with minutes, I'll be using a new proxy. You are trying to put up a picket fence to keep out army tanks. With each one that gets through, you put up another fence.... only to barely slow them down.
|
Should it add this list (page 1) to .htaccess although I got not DDosed already?
Shouldn?t all blocked user agent have a ^ ? For example: Quote:
Quote:
|
Omg My Tits Thank U
|
Hi there,
I read this post after being hacked and installed the htaccess file on my server and since then, I have not had any problems. One thing though, does this htaccess file go in the index root or in your forums root? I put it in the main index of the server, is this correct? |
Quote:
|
Thanks for the reply, will this still work for the forum folder if I put it in the main index of the my host? Will I have to join the no-ip.org in order for it to work?
|
Quote:
|
As a side note, unless you sit and monitor your forum 24/7/365 and you don't have thousands of visitors, this won't really help you much.
Rather get a proper firewall setup from your host, which can handle DDOS attacks. If you're on an Linux VPS or dedicated server, with root access, then you can install ConfigServerFirewall, Shorewall, Wireshark or any other firewall to handle this for you automatically :) |
Still good for vB4?
|
All times are GMT. The time now is 02:00 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|