Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page DDoS Protection
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 06-27-2009, 11:09 AM
James Birkett James Birkett is offline
 
Join Date: Jun 2009
Posts: 633
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default DDoS Protection
Alright, so DDoS works by attacking the server with requests which then overloads and fails (to put it basically). Now, this could be stopped (especially the idiots who use 300+ botnets) by creating a simple IP restriction.
How it would work:
A simple script that bans any IP that requests too much in X seconds.
IP1 is the botnet, and it's sending 300-400 requests per second for example. Now a script could be created that basically works by only allowing X requests per X time limit. If any IP address overloads that limit, the IP is banned (and maybe an e-mail notification or something?).
I was wondering if someone could create this, it sure as hell would help a lot of members secure their vBulletin servers.
Reply With Quote
  #2  
Old 06-27-2009, 11:30 AM
Nassou Nassou is offline
 
Join Date: Mar 2007
Location: PHP
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Look this bash script maybe it help you :

log to your server and do this
Quote:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0755 install.sh
./install.sh
It'll create a cron to run it every 5 minutes, but you can run it manually with "cd /usr/local/ddos/;./ddos.sh". or
Code:
cd /usr/local/ddos/
sh ddos.sh
You can configure it here :

nano /usr/local/ddos/ddos.conf

Set NO_OF_CONNECTIONS=60 and BAN_PERIOD=10000

but you can , run it manually to block IPs rapidly.


More informations > http://deflate.medialayer.com/
Reply With Quote
  #3  
Old 06-27-2009, 11:52 AM
James Birkett James Birkett is offline
 
Join Date: Jun 2009
Posts: 633
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
So basically this downloads install.sh into the webroot, CHMOD's it to 755?
Also, this isn't very effective to me as the webserver isn't mine. I just host my domain on it
That's why I was looking for a script of some kind, so that I could implement it into the actual site as I am getting DDoS at my site and not the actual webserver.
Reply With Quote
  #4  
Old 06-27-2009, 12:04 PM
Nassou Nassou is offline
 
Join Date: Mar 2007
Location: PHP
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by James Birkett View Post
So basically this downloads install.sh into the webroot, CHMOD's it to 755?
Also, this isn't very effective to me as the webserver isn't mine. I just host my domain on it
That's why I was looking for a script of some kind, so that I could implement it into the actual site as I am getting DDoS at my site and not the actual webserver.
Your webserver should have a ddos protection , you can do this in php but i don't think it will be efficace...

you know the protection should be in the server...
Reply With Quote
  #5  
Old 06-27-2009, 12:56 PM
James Birkett James Birkett is offline
 
Join Date: Jun 2009
Posts: 633
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm, a user was able to DDoS with 300+ botnets and take down my forum. Surely it wouldn't need to be effective, as long as it can identify the requests and auto-ban the IP address that is causing the requests?
Reply With Quote
  #6  
Old 06-27-2009, 01:05 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There is not anything you can do at the vBulletin application level, this needs to be stoped much sooner in the OS. A software or firewall hardware to shut down the requests before they get anywhere in the server is really required.
Reply With Quote
  #7  
Old 06-28-2009, 08:03 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There is not much you could do against DDoS even at server level - if the attacker has enough bandwidth he could flood you with so many packets that your full bandwidth (100MBit most likely) is used.

Such scenarios can probably only be handeled by your co-location partner.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:40 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06272 seconds
  • Memory Usage 2,208KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete