Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 03-10-2008, 03:31 PM
Nick1337 Nick1337 is offline
 
Join Date: Mar 2007
Location: Projects
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Not many right now, i bought a new domain and only a few members at a time.. it has to be a ddos attack seeing as it is all coming from the same topic each time.. not that many people is going to go to that topic at a time, and where is the my.cnf file at?

EDIT: I found a temporary cure.. lol i redirected the url /showthread.php?t=28528 to google.com

site is loading fine now

EDIT2: down again

EDIT3: working smooth now just slow at a few times, i been blocking loads of ips in cpanel, everyone who has been viewing the above link

EDIT4: ehhh that makes it so you cant view any topics...

STILL LOOKING FOR SOME HELP,THANKS
Reply With Quote
  #12  
Old 03-10-2008, 04:14 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What makes it so you cant view any topics?

Is cpanel adding these ip's to iptables?

my.cnf should be here /etc/my.cnf

if not, type this from a ssh prompt: find / -name my.cnf -print or locate my.cnf
Reply With Quote
  #13  
Old 03-10-2008, 04:21 PM
Nick1337 Nick1337 is offline
 
Join Date: Mar 2007
Location: Projects
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I can't view any topics because i redirected /showthread.php?t=28528 to google.com but it only accepted showthread.php so all topics wont show it goes to google.com

THe only thing in /etc is passwd, quota, and shadow

And no i been banning the ips manually in cpanel
Reply With Quote
  #14  
Old 03-10-2008, 07:47 PM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

DDOs Protection needs to be handled at the server level, and not at vBulletin level, Over in the Security section at WHT (http://www.webhostingtalk.com/forumdisplay.php?f=73) they have tons of articles that could help you.

Have you tried installing a firewall such as APF
some things such as mod_evasive may help as well: http://www.hostgeekz.com/guides/Secu...od_evasive.htm
and secure your sysctl.conf file: http://www.hostgeekz.com/guides/cPan...0hardening.htm
Reply With Quote
  #15  
Old 03-10-2008, 10:58 PM
Nick1337 Nick1337 is offline
 
Join Date: Mar 2007
Location: Projects
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just purchased a VPS so if theres any scripts you know i can install please let me know
Reply With Quote
  #16  
Old 03-10-2008, 11:37 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can use iptables as i stated earlier to ban IP's at the network level, there is no need to install any scripts.

Did you do a find or locate like i said for my.cnf, that way you can increase the max_connections setting for mysql?
Reply With Quote
  #17  
Old 03-10-2008, 11:49 PM
Nick1337 Nick1337 is offline
 
Join Date: Mar 2007
Location: Projects
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No, i couldnt find the file anywhere..
Reply With Quote
  #18  
Old 03-11-2008, 10:25 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is 1 little trick that will stop botnets etc., i use it often on one of my sites when someone goes crazy again and tries the same as described above. Just setup a .htaccess password protection for your forum directory. You can use simple username/password and even mention the user/pass in the login prompt. This will stop botnets for sure in a very cost effective (in terms of resources) way.

Once the attack is over, remove the login again.
Reply With Quote
  #19  
Old 03-11-2008, 06:56 PM
Nick1337 Nick1337 is offline
 
Join Date: Mar 2007
Location: Projects
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
There is 1 little trick that will stop botnets etc., i use it often on one of my sites when someone goes crazy again and tries the same as described above. Just setup a .htaccess password protection for your forum directory. You can use simple username/password and even mention the user/pass in the login prompt. This will stop botnets for sure in a very cost effective (in terms of resources) way.

Once the attack is over, remove the login again.
Ok I will try that, Thanks Marco van Herwaarden!
Reply With Quote
  #20  
Old 03-22-2008, 06:24 PM
badboyz badboyz is offline
 
Join Date: May 2006
Posts: 286
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thats what my .hatccess file looks like when some one try to ddos my site

this
Quote:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^danger-z0ne.net$ [NC]
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://%1 [R=301,L]
this in this site will stop any dosing program b/c all dosing program don't have reffer on ips
so it will get block auto lol but the bad part of this script is that it also block dial up users lol

other then that rest of the scripts in the quote blow is v gud u can bann the ips blow if u want or change them

just make a .htaccess file in ur root directory and copy n paste and edit the your-site.com to your site


hope this helps enjoy also there is a mod in here that stop the single use form loading ur site too many times in 60 seconds or so i will look up the mod name n post it here




Quote:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^YOUR-SITE.COM$ [NC]
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://%1 [R=301,L]

#get rid of bad bots
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^BadBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [OR]
RewriteCond %{HTTP_USER_AGENT} ^FakeUser
RewriteRule ^(.*)$ http://google.com/

order allow,deny
deny from 68.124.166.191
deny from 68.124.166
deny from 68.125.86.230
deny from 68.125.86
deny from 68.121.22.219
deny from 68.121.22.
deny from 68.121
deny from 24.171.42.17
deny from 24.171
deny from 207.215
deny from 68.124.60
deny from 68.124
deny from 68.246.38.38
deny from 118.136.39.239
deny from 118.136
deny from 68.246
deny from 91.96.66.199
deny from 125.60.235.194
deny from 190.136.126.86
deny from 69.152.235.51
deny from 124.104.180.82
deny from 77.192.77.37
deny from 58.165.6.73
deny from 82.116.149.210
deny from 82.116
deny from 124.106.58.33
deny from 124.106.58
deny from 89.165.61.171
deny from 89.165.61
deny from 81.22.83.245
deny from 195.229.236.215
deny from 118.137.42.251
deny from 83.70.228.90
deny from 86.142.134.73
deny from 65.95.13.105
deny from 74.97.197.180
deny from 91.96.66.199
deny from 125.60.235.194
deny from 64.253.12.205
deny from 190.136.126.86
deny from 213.42.21.153
deny from 124.104.180.82
deny from 77.192.77.37
deny from 58.165.6.73
deny from 82.163.190.172
deny from 207.134.102.142
deny from 74.113.37.178
deny from 99.227.251.79
deny from 82.2.166.185
deny from 69.121.40.142
deny from 71.106.219.75
deny from 83.160.180.211
deny from 71.106.78.77
deny from 71.118.253.15
deny from 202.83.212.243
deny from 82.163.139.144
deny from 194.66.249.18
deny from 78.143.196.114
deny from 68.114.4.0
deny from 216.162.6.228
deny from 172.188.149.212
deny from 41.221.17.223
deny from 71.182.15.239
deny from 216.162.6.228
deny from 84.103.1.208
deny from 86.153.34.228
deny from 124.171.92.14
deny from 69.214.1.18
deny from 72.91.75.158
deny from 209.162.51.19
deny from 66.249.72.52
deny from 211.208.193.102
deny from 24.26.44.148
deny from 66.249.72.52
deny from 202.177.227.98
deny from 86.51.3.211
deny from 86.51.3.195
deny from 86.51.3.210
deny from 86.133.151.43
deny from 86.133.151.43
deny from 124.255.156.140
deny from 121.246.221.22
deny from 87.120.150.240
deny from 66.249.72.226
deny from 83.54.62.218
deny from 41.221.134.204
deny from 124.171.92.14
deny from 78.0.121.39
deny from 99.229
deny from 99.229.134.45
deny from 202.133.73.171
deny from 202.133.73
deny from 90.195.157.165
deny from 90.195
deny from 90.193.236.240
deny from 90.193
allow from all

order allow,deny
deny from 5ac1ecf0.bb.sky.com
deny from 5ac39da5.bb.sky.com
deny from bb.sky.com
deny from 239.39.136.118.fast.net.id
allow from all
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:17 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06736 seconds
  • Memory Usage 2,260KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete