vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Options to stop a DDOS attack (https://vborg.vbsupport.ru/showthread.php?t=209219)

kevcj 03-23-2009 05:43 PM
Options to stop a DDOS attack
 
My host has told me that my forum is coming under a DDOS attack. Once was on Friday March 20th and again today (monday march 23). Before those two, there are attacks almost every week, sometimes twice a week.

The host installed DoS-Deflate. It started blocking legitimate traffic and had to be removed.

The operating system is Linux CentOS, the forum software is VBulletin. The server is a VPS with 1 gig of memory.

Besides DoS-Deflate, what other options are out there?

TNCclubman 03-23-2009 05:46 PM
Your host should install hardware filters, they shouldnt be asking you to do anything, thats their job, the whole point of not hosting it yourself, tell them they need to take care of it or you're going elsewhere...

Brandon Sheley 03-23-2009 05:49 PM
What I use to do, was pass protect the URL
It's not great for search engines, but it helped keep the forum up

kevcj 03-23-2009 05:52 PM
Quote:
Originally Posted by TNCclubman (Post 1775198)
Your host should install hardware filters, they shouldnt be asking you to do anything,
Thank you for the reply.

They are not asking me to install dos-deflate, they are asking if its ok for them to install dos-deflate.

After exchanging emails, I told the support people to go ahead and reinstall dos-deflate. I think someone put the limit too low, and that is why people started getting blocked.

The other option that was suggested was to recompile apache for multithreaded architecture (MPM support), or upgrade to an entry level dedicated server.



Quote:
Originally Posted by Loco.M (Post 1775201)
What I use to do, was pass protect the URL
It's not great for search engines, but it helped keep the forum up

uhhhhh, search engines are our friends.

Dismounted 03-24-2009 05:05 AM
Do you know how they are DoSing? (i.e. are they going to a webpage/SSH/ICMP request/etc.?)

motowebmaster 03-29-2009 02:35 PM
The original version of the deflate script had a coding error in it, which does cause it to stop legitimate traffic. After the correction is made, it should work normally, but an all-out attack on a server is only diminished by the deflate script - it won't stop it without advanced tools.

As previously pointed out, some hosting providers have the means to move a particular server's traffic through a hardware filter (at least temporarily) until the attack subsides and the cause is determined.

Shazz 03-29-2009 02:53 PM
Who is your host? The popular hosts are not built for protection, I can recommend some good DDos hosts but they do get pricey.

insainz 03-31-2009 08:27 AM
Best thing you can do on a linux webserver to stop DDOs is 1stly install Litespeed Webserver ( instead of apache ) it is much faster and way more secure. Secondly install csf security and firewall.

I had over 10,000 attack every few seconds, so many attacks it stop the server responding. After taking the above steps I was able to filter out the ddos from the real trafic.

Marco van Herwaarden 03-31-2009 08:47 AM
We have one going on since yesterday at a site i help admin. Server overloaded even difficult to open a shell. Added an extra .htaccess login box (with username & password listed on the login prompt) and server load is back to normal. Only takes 10 seconds to (de)active and the result is immediate.

Alfa1 03-31-2009 09:27 AM
Quote:
Originally Posted by Marco van Herwaarden (Post 1780895)
We have one going on since yesterday at a site i help admin. Server overloaded even difficult to open a shell. Added an extra .htaccess login box (with username & password listed on the login prompt) and server load is back to normal. Only takes 10 seconds to (de)active and the result is immediate.
Could you please elaborate about this? How do you add a .htaccess login box?


All times are GMT. The time now is 05:19 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00996 seconds
  • Memory Usage 1,743KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete