Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #21  
Old 05-16-2009, 02:42 AM
3xigames 3xigames is offline
 
Join Date: Apr 2009
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Get a firewall script.
They can be expensive.. but they work.

Be happy they didn't simply deface your site.

There's a script rolling around that empties your database without authentication.
I've had it happen twice.

My forum is just about the same theme.. Gaming.
"Game Hacking".
But its been defaced twice.
500 server error if you do anything with any database through the same server.
Its pretty nasty.

I think a firewall script will help you the most.. look into it <3.
I hope they stop DoSing you.. I know how it feels /wrists for you man.
Reply With Quote
  #22  
Old 05-16-2009, 02:59 AM
motowebmaster motowebmaster is offline
 
Join Date: Feb 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Some network service providers do offer DDOS Mitigation Services, for an additional fee that can exceed the monthly cost of the respective backbone connection. Customers of most Tier 1 CoLo or Managed Hosting Facilities also have this option available to them. It's a premium-priced service.

One can Google "DDOS Mitigation Service" and find solutions that can help at the URL Level, but to be honest I've always been attacked at the Network Interface Level.

My service provider has the means to mitigate DDOS day-to-day, but they also maintain infrastructure used in temporary situations when a customer's server is getting hit with something serious.

You're in a tough situation.
Reply With Quote
  #23  
Old 05-16-2009, 05:13 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If they are only attacking from servers in a specific region (as you mentioned), your host may be able to block this set of IPs at the router.
Reply With Quote
  #24  
Old 05-16-2009, 02:41 PM
silvermerc silvermerc is offline
 
Join Date: Apr 2006
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What you can do is ether put up a .htaccess and in the .htaccess say the user and password (works) or you can do what lynne suggested and get a custom mod.
Reply With Quote
  #25  
Old 05-16-2009, 08:13 PM
bigcurt's Avatar
bigcurt bigcurt is offline
 
Join Date: Nov 2004
Location: KierDarby.php
Posts: 1,009
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by silvermerc View Post
What you can do is ether put up a .htaccess and in the .htaccess say the user and password (works) or you can do what lynne suggested and get a custom mod.

Host has already tried that. The IP's are in a very big range as well. They are all EU but they are very weird ranges. Host has tried DoS-Deflate, all that . Site still down.
Reply With Quote
  #26  
Old 05-16-2009, 10:42 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

1. Your host should be blocking this ddos attack at the router, NOT at your server.

2. If your host cant block a ddos attack, i'd suggest a new host.

3. Did you even check the logs to see what type of attack it actually is or netstat the current connections on the server?
Reply With Quote
  #27  
Old 05-17-2009, 12:38 AM
motowebmaster motowebmaster is offline
 
Join Date: Feb 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's time to take drastic measures. Have you considered putting up a temporary site elsewhere?
Reply With Quote
  #28  
Old 05-17-2009, 06:21 AM
Riceman's Avatar
Riceman Riceman is offline
 
Join Date: Dec 2007
Location: Queensland, Australia
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Unfortunately with the nature of Keyhunt being a buy/sell/trade forum, a lot of banned members and scammers feel the need to attack the site in some way because they have been caught out. Unfortunately I have not had much experience with DDoS attacks within the last few years (in which time I have actually come to understand a lot) so I cannot give you current and relevant advice. The only thing I can mention is that I have had good experiences with blocking entire continents, using professional firewalls and implementing a simple username/password scheme. Of course, each is useful at different stages and the time when I used the username and password trick I was only being attacked by a few little script kiddies using a little program.

I'd have to agree with Snakes1100 though, if your host cannot mitigate the attack at all or at least offer some sort of protection, a new host may be in order. I know that with some of my previous hosts, they were experienced and smart enough to block the attack at the hardware level preventing almost all of the negative affects altogether. You'd be best off going with a provider that has been through the ordeal many times, because it seems like these URL Jet guys don't really have that experience.
Reply With Quote
  #29  
Old 05-17-2009, 01:02 PM
maidos maidos is offline
 
Join Date: Jul 2006
Posts: 925
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well having server from softlayer.com a friend of mine purchased a firewall that cost 100 usd per month and sucessfully blocked all kind of ddos attacks. Can try with softlayer
Reply With Quote
  #30  
Old 05-17-2009, 01:10 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by maidos View Post
well having server from softlayer.com a friend of mine purchased a firewall that cost 100 usd per month and sucessfully blocked all kind of ddos attacks. Can try with softlayer
There are plenty of nice & free firewalls that would suffice in stopping the attack, no need to buy anything.

His main issue is a host that can't stop a ddos attack at the router lvl, by no means should a true ddos be attempted to be stopped at the server lvl.

Most likely it is a simple flooding of ports anyways by a bunch of kiddie hackers with to much free time & port flooding programs they dl'd from the net.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:46 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04268 seconds
  • Memory Usage 2,251KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete