My forum is under attack

[amfor]

I have a follow problem. Some user attack my forum by creating of multiple sessions. He created 2500 sessions per minute and vbullsession table is become full within a few minutes. In results the forum crashes.

MySQL Error : The table 'vbullsession' is full
Error Number : 1114
Request Date : Saturday, December 24th 2016 @ 07:03:25 AM
Error Date : Saturday, December 24th 2016 @ 07:03:25 AM

I block his IP's but he change it constantly (seems he uses different proxies). He attack forum in the night time when admins are out of forum and block access of members to forum on a whole night.

He do it a few last days.

Please help me to solve this problem. Maybe it's possible to limit quantity of sessions per one IP or something like this. It's very important.

Many thanks.

[Dave]

There are different ways to prevent this from happening, but the easiest option without having to mess with vBulletin is by using Cloudflare and then enable the "I'm under attack mode".

[amfor]

Thank you for answer. Unfortunately we can't use Cloudflare because it is pay service and third party service.

The better solution is fix the vbulletin software to avoid multiple session creation by one user (IP address).

I trying to find something like this here and on official Vbulletin site, but can't find nothing that strange.
Do somebody has this problem and know reliable solution? It's still actual for me because attack is not finished.

[Dave]

Cloudflare provides free services as well though, what you need is included in their free package. There is no "fix" out there because it's not a bug, it's normal for one IP address to have multiple users or sessions.

A solution is to optimize your MySQL settings to allow more entries in the table, truncate your session table, get ddos protection, find someone to make a plugin that only allows one session per IP address (which I don't recommend).

[Mattwhf]

Quote:

Originally Posted by Dave

There are different ways to prevent this from happening, but the easiest option without having to mess with vBulletin is by using Cloudflare and then enable the "I'm under attack mode".

I agree with Dave, in the case you don't want to use Cloudflare, you can find a web hosting that providing DDoS protection service. They can help you anti DDOS from your hosting server.

[DCD.RB]

Do you have ConfigServer Firewall?

There's a built-in block list there, from there you can find lists of proxies, dedicated & VPS hosting out there to add to that list. It's fairly easy, and it's how I stopped an attack to one of my boards. It was much more effective than using Cloudflare.

Cloudflare also proxies all users under their IPs, making it more difficult to catch previously banned users. So I didn't find Cloudflare to be an ideal solution for forum Administrators.

[Dave]

Quote:

Originally Posted by DCD.RB

Do you have ConfigServer Firewall?

There's a built-in block list there, from there you can find lists of proxies, dedicated & VPS hosting out there to add to that list. It's fairly easy, and it's how I stopped an attack to one of my boards. It was much more effective than using Cloudflare.

Cloudflare also proxies all users under their IPs, making it more difficult to catch previously banned users. So I didn't find Cloudflare to be an ideal solution for forum Administrators.

You can restore the original IP address in vBulletin and the access logs though, there's guides available online that explain you how to do that.

[DCD.RB]

Oh, I may try Cloudflare again if my current tactics aren't working with the attacks. But the board went under about 2 weeks of attacks, the last 2 days or so under Cloudflare, and it was still rather brutal. I didn't pay, I only used its free services so the protection may not have been the best.

But as soon as I flipped on the blocklist on CSF, all the attacks stopped. I proactivity seek out new lists of malicious IPs, dedicated servers & VPS hostings to add in so I can stay on top of it.