Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Getting DDOSSED via Server IP - How to hide IP in notification email headers etc?
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 07-03-2014, 08:05 PM
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Getting DDOSSED via Server IP - How to hide IP in notification email headers etc?
Hi,

I'm getting DDOSSED to the hilt. Now using cloudflare and have a new IP for the forums. It appears the IP can be revealed still as it's in the email headers.

How can I mask this or prevent this from happening?

As at the moment I have had to disable all email features including email to friend, contact us forms, notification emails and even human verification for new users.

Can't leave busy forums (x4) like that for long.

Can anybody help? Ever had this before?
Reply With Quote
  #2  
Old 07-03-2014, 08:09 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
<a href="https://vborg.vbsupport.ru/showthread.php?t=242034&highlight=Firewall" target="_blank">https://vborg.vbsupport.ru/showt...light=Firewall</a>
Or get in touch with your host they will be able to help better than this plugin
Reply With Quote
  #3  
Old 07-03-2014, 08:11 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You can't really prevent this from happening if you send the emails from your own server, it will always contain the originating IP in the email headers as far as I know. I make use of http://www.critsend.com/ to hide my server IP, a (paid) SMTP relay.

Note that you can also easily grab the server IP using the remote image uploading feature @avatar and signature upload.
Reply With Quote
  #4  
Old 07-03-2014, 08:53 PM
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Okay I'll disable those features now too.

And I'll take a look at critsend.

Will Google Apps / Gmail SMTP service (which you pay for) not do it?

Is there a way to get around the uploading feature showing the IP?
Reply With Quote
  #5  
Old 07-03-2014, 09:02 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by g00gl3r View Post
Okay I'll disable those features now too.

And I'll take a look at critsend.

Will Google Apps / Gmail SMTP service (which you pay for) not do it?

Is there a way to get around the uploading feature showing the IP?
The only option would be deleting that functionality, the remote upload basically makes your server contact the URL they enter. Whoever has their own server could easily check their logs for your server IP.

Any SMTP relay server should hide your server IP, I have no experience with Google Apps though. I tried Gmail SMTP service a long time ago and my account got blocked in no-time.
Reply With Quote
  #6  
Old 07-04-2014, 09:13 AM
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I've disabled any uploading for newer usergroups. Only established members have the option now.

I'll need to get my head around this SMTP and see what leaves the IP in the headers.

--------------- Added [DATE]1404470353[/DATE] at [TIME]1404470353[/TIME] ---------------

Quote:
Originally Posted by Dave View Post
The only option would be deleting that functionality, the remote upload basically makes your server contact the URL they enter. Whoever has their own server could easily check their logs for your server IP.

Any SMTP relay server should hide your server IP, I have no experience with Google Apps though. I tried Gmail SMTP service a long time ago and my account got blocked in no-time.
Do you mean when we link to an image and then allow remote hosting of it?
Does that need removing?
Reply With Quote
  #7  
Old 07-04-2014, 06:47 PM
vbresults vbresults is offline
 
Join Date: Apr 2009
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Get Google Apps for Business. It's $5/mo and solves your IP problem.
Reply With Quote
  #8  
Old 07-04-2014, 06:50 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by g00gl3r View Post
I've disabled any uploading for newer usergroups. Only established members have the option now.

I'll need to get my head around this SMTP and see what leaves the IP in the headers.

--------------- Added [DATE]1404470353[/DATE] at [TIME]1404470353[/TIME] ---------------



Do you mean when we link to an image and then allow remote hosting of it?
Does that need removing?
I'm talking about this feature: "Option 1 - Enter the URL to the Image on Another Website".
That function may leak your server IP.
Reply With Quote
  #9  
Old 07-04-2014, 10:46 PM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by g00gl3r View Post
Hi,

I'm getting DDOSSED to the hilt. Now using cloudflare and have a new IP for the forums. It appears the IP can be revealed still as it's in the email headers.

How can I mask this or prevent this from happening?

As at the moment I have had to disable all email features including email to friend, contact us forms, notification emails and even human verification for new users.

Can't leave busy forums (x4) like that for long.

Can anybody help? Ever had this before?
All someone has to do is get a dns check or a whois check to reveal the sites ip address. Doing a simple ping via the windows command console also reveals the site's ip. At this point you need to look into ddos protection services or get a stronger server and configure a firewall addon for it.
Reply With Quote
  #10  
Old 07-04-2014, 10:53 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
How exactly are you getting a ddos attack? How many ip's are showing up in your server security log? Which port are they attacking?
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 08:20 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.11684 seconds
  • Memory Usage 2,251KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete