Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page MySQL flood attack?
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-10-2009, 02:36 PM
Addicted2HD Addicted2HD is offline
 
Join Date: May 2008
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default MySQL flood attack?
Hi,

I have a dedicated server that hosts 4 websites, one has a vBulletin installed. All websites were running very slow this morning, the host narrowed it down to the MySQL service consuming much of the CPU's resources. Once that service was stopped performance on all the other websites was back to normal.

I have denied access to everyone aside from me and another IP address to the site with vBulletin and turned the MySQL service back on and everything is working fine.

Before I open the site back up to everyone can someone point me in the direction of a way to see if there was some kind of flood attack against the site? I'm looking through the server's logs but don't know what I should be looking for that would jump out at me.

Any suggestions would be much appreciated.

Thanks,
Scott
Reply With Quote
  #2  
Old 01-11-2009, 12:38 AM
Vaupell's Avatar
Vaupell Vaupell is offline
 
Join Date: Apr 2008
Location: Esbjerg, Denmark
Posts: 1,036
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Well the old flood attack was a small program designed by some blackhats.

Then at a given time, they all entered the same url in the program and
just let it run on their computers.

what the program did, was just goto the website and refresh, stop
goto the website, refresh, stopgoto the website, refresh, stop

well until either the user aborted or the server crasshed due to overload.

later came more hardcore versions that changed proxy servers
pr refresh, meaning a new ip and a new session so websites
with long sessions was a target..

Thats a flood attack, dosent leave a "real log" only a visitor trace and a ip
so if you have had a exceptionel ammount of visitors "check ur stastistics"
then i could have been a possible flood attack..

But the last few days "After 3.8" release alot of vb sites have been attacked with
sql injections. but that shoulndt increase the workload, ewen if they found a loophole.
injections should run as a normal command. check wiki about those.

Questions

Do you host your self ?
Is it possible your host (if not self) is backing up.
i know when my host is backing up, things slow WAY DOWN!! haha
scared me a few times.

Anything unusual in logs ?
Unusual ammount of new users ?
People posting some images on your forum. ?
Reply With Quote
  #3  
Old 01-11-2009, 10:04 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Just re-open the sites. If the CPU overloads again in a very short time, then it is likely it is an attack.
Reply With Quote
  #4  
Old 01-12-2009, 04:05 PM
ZomgStuff ZomgStuff is offline
 
Join Date: Feb 2007
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Do you happen to use bluehost?
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:11 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03600 seconds
  • Memory Usage 2,181KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete