Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 12-24-2016, 05:46 AM
amfor amfor is offline
 
Join Date: Sep 2012
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default My forum is under attack

I have a follow problem. Some user attack my forum by creating of multiple sessions. He created 2500 sessions per minute and vbullsession table is become full within a few minutes. In results the forum crashes.

MySQL Error : The table 'vbullsession' is full
Error Number : 1114
Request Date : Saturday, December 24th 2016 @ 07:03:25 AM
Error Date : Saturday, December 24th 2016 @ 07:03:25 AM

I block his IP's but he change it constantly (seems he uses different proxies). He attack forum in the night time when admins are out of forum and block access of members to forum on a whole night.

He do it a few last days.

Please help me to solve this problem. Maybe it's possible to limit quantity of sessions per one IP or something like this. It's very important.

Many thanks.
Reply With Quote
  #2  
Old 12-24-2016, 02:39 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There are different ways to prevent this from happening, but the easiest option without having to mess with vBulletin is by using Cloudflare and then enable the "I'm under attack mode".
Reply With Quote
Благодарность от:
Ashlar217
  #3  
Old 12-25-2016, 08:43 AM
amfor amfor is offline
 
Join Date: Sep 2012
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you for answer. Unfortunately we can't use Cloudflare because it is pay service and third party service.

The better solution is fix the vbulletin software to avoid multiple session creation by one user (IP address).

I trying to find something like this here and on official Vbulletin site, but can't find nothing that strange.
Do somebody has this problem and know reliable solution? It's still actual for me because attack is not finished.
Reply With Quote
  #4  
Old 12-25-2016, 12:53 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Cloudflare provides free services as well though, what you need is included in their free package. There is no "fix" out there because it's not a bug, it's normal for one IP address to have multiple users or sessions.

A solution is to optimize your MySQL settings to allow more entries in the table, truncate your session table, get ddos protection, find someone to make a plugin that only allows one session per IP address (which I don't recommend).
Reply With Quote
  #5  
Old 01-03-2017, 12:49 AM
Mattwhf Mattwhf is offline
 
Join Date: May 2016
Posts: 190
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
There are different ways to prevent this from happening, but the easiest option without having to mess with vBulletin is by using Cloudflare and then enable the "I'm under attack mode".
I agree with Dave, in the case you don't want to use Cloudflare, you can find a web hosting that providing DDoS protection service. They can help you anti DDOS from your hosting server.
Reply With Quote
  #6  
Old 01-14-2017, 08:05 PM
DCD.RB DCD.RB is offline
 
Join Date: Jan 2011
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have ConfigServer Firewall?

There's a built-in block list there, from there you can find lists of proxies, dedicated & VPS hosting out there to add to that list. It's fairly easy, and it's how I stopped an attack to one of my boards. It was much more effective than using Cloudflare.

Cloudflare also proxies all users under their IPs, making it more difficult to catch previously banned users. So I didn't find Cloudflare to be an ideal solution for forum Administrators.
Reply With Quote
  #7  
Old 01-14-2017, 08:47 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DCD.RB View Post
Do you have ConfigServer Firewall?

There's a built-in block list there, from there you can find lists of proxies, dedicated & VPS hosting out there to add to that list. It's fairly easy, and it's how I stopped an attack to one of my boards. It was much more effective than using Cloudflare.

Cloudflare also proxies all users under their IPs, making it more difficult to catch previously banned users. So I didn't find Cloudflare to be an ideal solution for forum Administrators.
You can restore the original IP address in vBulletin and the access logs though, there's guides available online that explain you how to do that.
Reply With Quote
  #8  
Old 01-14-2017, 09:02 PM
DCD.RB DCD.RB is offline
 
Join Date: Jan 2011
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh, I may try Cloudflare again if my current tactics aren't working with the attacks. But the board went under about 2 weeks of attacks, the last 2 days or so under Cloudflare, and it was still rather brutal. I didn't pay, I only used its free services so the protection may not have been the best.

But as soon as I flipped on the blocklist on CSF, all the attacks stopped. I proactivity seek out new lists of malicious IPs, dedicated servers & VPS hostings to add in so I can stay on top of it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:55 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05097 seconds
  • Memory Usage 2,229KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (1)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete