Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-12-2009, 05:42 PM
iHatton iHatton is offline
 
Join Date: Oct 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default DDos attack on my forum?

I believe a ddos attack is occurring on my forum.

At the moment, I am getting multiple connections (about 50 - 100) from around 50 different IP addresses. Both numbers grow every minute.

All the IP addresses I traced back seem to come from ;

IP country code: US
IP address country: United States
IP address state: Florida
IP address city: Lake Worth

That is most of the locations, however some are from different areas of the US, and some are from the UK.

Is there anyway to stop this attack?
How long do you think it will last?
Reply With Quote
  #2  
Old 08-12-2009, 06:25 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Your host may be able to help with this, so you may want to talk to your host about it.

There is no way to tell how long it can last.
Reply With Quote
  #3  
Old 08-12-2009, 06:35 PM
iHatton iHatton is offline
 
Join Date: Oct 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My host cannot help I don't know why. I am with One.com
Reply With Quote
  #4  
Old 08-12-2009, 08:05 PM
Shamil. Shamil. is offline
 
Join Date: Sep 2008
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What do they say?
Reply With Quote
  #5  
Old 08-13-2009, 06:58 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can you post a few of these IP's?
Reply With Quote
  #6  
Old 08-13-2009, 10:54 AM
iHatton iHatton is offline
 
Join Date: Oct 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Most of them began with 98.77.xx.xx
So for the mean time, I blocked out all 98.77. connections and the other ones.

IPs involved;

08-12-2009, 10:23 PM Visitor Yes (50) index 98.77.98.105 Viewing Home Page
08-12-2009, 10:20 PM Visitor Yes (32) index 74.233.132.6 Viewing Home Page
08-12-2009, 10:12 PM Visitor Yes (59) index 98.77.129.251 Viewing Home Page
08-12-2009, 10:08 PM Visitor Yes (32) index 74.233.132.165 Viewing Home Page
08-12-2009, 10:06 PM Visitor Yes (32) index 98.77.124.29 Viewing Home Page
08-12-2009, 10:04 PM Visitor Yes (32) index 98.64.192.221 Viewing Home Page
08-12-2009, 10:00 PM Visitor Yes (35) index 74.233.233.77 Viewing Home Page
08-12-2009, 09:55 PM Visitor Yes (32) index 98.64.247.242 Viewing Home Page
08-12-2009, 09:53 PM Visitor Yes (72) index 98.77.136.202 Viewing Home Page
08-12-2009, 09:47 PM Visitor Yes (35) index 74.233.105.101 Viewing Home Page
08-12-2009, 09:43 PM Visitor Yes (32) index 98.77.128.148 Viewing Home Page
08-12-2009, 09:37 PM Visitor Yes (32) index 98.77.96.59 Viewing Home Page
08-12-2009, 09:34 PM Visitor Yes (32) index 98.77.255.166 Viewing Home Page
08-12-2009, 09:31 PM Visitor Yes (73) index 98.77.100.120 Viewing Home Page
08-12-2009, 09:27 PM Visitor Yes (32) index 98.77.25.208 Viewing Home Page
08-12-2009, 09:24 PM Visitor Yes (32) index 98.77.133.95 Viewing Home Page
08-12-2009, 09:21 PM Visitor Yes (32) index 98.77.126.73 Viewing Home Page
08-12-2009, 09:19 PM Visitor Yes (32) index 98.77.128.143 Viewing Home Page
08-12-2009, 09:16 PM Visitor Yes (32) index 74.233.232.10 Viewing Home Page
08-12-2009, 09:08 PM Visitor Yes (32) index 98.77.136.34 Viewing Home Page
08-12-2009, 09:06 PM Visitor Yes (16) index 98.77.130.149 Viewing Home Page
08-12-2009, 08:55 PM Visitor Yes (32) index 98.77.255.76 Viewing Home Page
08-12-2009, 08:43 PM Visitor Yes (32) index 65.8.0.68 Viewing Home Page
08-12-2009, 08:41 PM Visitor Yes (57) index 98.77.134.194 Viewing Home Page
08-12-2009, 08:38 PM Visitor Yes (63) index 98.77.135.52 Viewing Home Page
08-12-2009, 08:31 PM Visitor Yes (32) index 74.233.105.116 Viewing Home Page
08-12-2009, 08:27 PM Visitor Yes (32) index 98.64.90.74 Viewing Home Page
08-12-2009, 08:21 PM Visitor Yes (35) index 74.233.214.92 Viewing Home Page
08-12-2009, 08:17 PM Visitor Yes (60) index 98.77.122.134 Viewing Home Page
08-12-2009, 08:15 PM Visitor Yes (63) index 98.77.130.84 Viewing Home Page
08-12-2009, 08:12 PM Visitor Yes (32) index 74.233.150.76 Viewing Home Page
08-12-2009, 08:10 PM Visitor Yes (32) index 98.64.0.153 Viewing Home Page
08-12-2009, 08:08 PM Visitor Yes (32) index 98.77.135.145 Viewing Home Page
08-12-2009, 08:03 PM Visitor Yes (32) index 98.77.134.153 Viewing Home Page
08-12-2009, 07:56 PM Visitor Yes (32) index 98.77.99.10 Viewing Home Page
08-12-2009, 07:52 PM Visitor Yes (3) index 98.77.127.159 Viewing Home Page
08-12-2009, 07:49 PM Visitor Yes (54) index 98.77.98.191 Viewing Home Page
08-12-2009, 07:46 PM Visitor Yes (32) index 98.77.25.3 Viewing Home Page
08-12-2009, 07:44 PM Visitor Yes (32) index 98.77.96.184 Viewing Home Page
08-12-2009, 07:37 PM Visitor Yes (59) index 98.77.136.234 Viewing Home Page
08-12-2009, 07:34 PM Visitor Yes (41) index 98.77.135.206 Viewing Home Page
08-12-2009, 07:32 PM Visitor Yes (32) index 98.77.124.10 Viewing Home Page
08-12-2009, 07:30 PM Visitor Yes (47) index 98.77.124.59 Viewing Home Page
08-12-2009, 07:28 PM Visitor Yes (41) index 98.77.102.126 Viewing Home Page
08-12-2009, 07:24 PM Visitor Yes (31) index 98.77.135.200 Viewing Home Page
08-12-2009, 07:22 PM Visitor Yes (32) index 74.233.232.98 Viewing Home Page
08-12-2009, 07:18 PM Visitor Yes (32) index 98.77.99.7 Viewing Home Page
08-12-2009, 07:16 PM Visitor Yes (64) index 98.77.119.7 Viewing Home Page
08-12-2009, 07:14 PM Visitor Yes (32) index 98.77.119.35 Viewing Home Page
08-12-2009, 07:11 PM Visitor Yes (32) index 74.233.214.148 Viewing Home Page
08-12-2009, 07:08 PM Visitor Yes (64) index 98.77.101.239 Viewing Home Page
08-12-2009, 07:03 PM Visitor Yes (32) index 98.77.255.67 Viewing Home Page
08-12-2009, 06:59 PM Visitor Yes (66) index 98.77.134.216 Viewing Home Page
08-12-2009, 06:52 PM Visitor Yes (32) index 98.77.131.158 Viewing Home Page
08-12-2009, 06:45 PM Visitor Yes (32) index 74.233.177.220 Viewing Home Page
08-12-2009, 06:43 PM Visitor Yes (32) index 74.233.232.63 Viewing Home Page
08-12-2009, 06:36 PM Visitor Yes (32) index 98.77.133.64 Viewing Home Page
08-12-2009, 06:30 PM Visitor Yes (32) index 98.77.136.86 Viewing Home Page
08-12-2009, 06:24 PM Visitor Yes (32) index 98.77.133.209 Viewing Home Page
08-12-2009, 06:19 PM Visitor Yes (32) index 74.233.105.138 Viewing Home Page
08-12-2009, 06:13 PM Visitor Yes (32) index 98.77.132.203 Viewing Home Page
08-12-2009, 06:08 PM Visitor Yes (32) index 98.77.98.69 Viewing Home Page
08-12-2009, 06:03 PM Visitor Yes (33) index 98.64.90.104 Viewing Home Page
08-12-2009, 06:01 PM Visitor Yes (54) index 98.77.123.56 Viewing Home Page
08-12-2009, 05:58 PM Visitor Yes (350) index 194.204.22.25 Viewing Home Page
08-12-2009, 05:55 PM Visitor Yes (32) index 98.77.134.117 Viewing Home Page
08-12-2009, 05:52 PM Visitor Yes (56) index 98.77.134.126 Viewing Home Page
08-12-2009, 05:48 PM Visitor Yes (32) index 98.77.128.238 Viewing Home Page
08-12-2009, 05:45 PM Visitor Yes (34) index 74.233.232.154 Viewing Home Page
08-12-2009, 05:40 PM Visitor Yes (106) index 98.77.126.156 Viewing Home Page
08-12-2009, 05:26 PM Visitor Yes (64) index 98.64.247.238 Viewing Home Page
08-12-2009, 05:23 PM Visitor Yes (37) index 98.77.100.161 Viewing Home Page
08-12-2009, 05:19 PM Visitor Yes (32) index 98.77.102.161 Viewing Home Page
08-12-2009, 05:15 PM Visitor Yes (35) index 98.77.128.61 Viewing Home Page
08-12-2009, 05:13 PM Visitor Yes (32) index 98.77.119.168 Viewing Home Page
08-12-2009, 05:08 PM Visitor Yes (32) index 98.77.99.236 Viewing Home Page
08-12-2009, 05:05 PM Visitor Yes (50) index 98.77.135.215 Viewing Home Page
08-12-2009, 05:02 PM Visitor Yes (32) index 98.77.135.139 Viewing Home Page
08-12-2009, 04:59 PM Visitor Yes (50) index 74.233.132.212 Viewing Home Page
08-12-2009, 04:57 PM Visitor Yes (32) index 74.233.132.187 Viewing Home Page
08-12-2009, 04:56 PM Visitor Yes (32) index 98.77.135.49 Viewing Home Page
08-12-2009, 04:46 PM Visitor Yes (40) index 98.77.123.166 Viewing Home Page
08-12-2009, 04:42 PM Visitor Yes (39) index 98.77.96.178 Viewing Home Page
08-12-2009, 04:36 PM Visitor Yes (32) index 98.77.25.214 Viewing Home Page
08-12-2009, 04:33 PM Visitor Yes (32) index 98.77.123.97 Viewing Home Page
08-12-2009, 04:26 PM Visitor Yes (32) index 98.77.128.217 Viewing Home Page
08-12-2009, 04:25 PM Visitor Yes (49) index 82.47.49.58 Viewing Home Page
08-12-2009, 04:21 PM Visitor Yes (32) index 98.77.95.254 Viewing Home Page
08-12-2009, 04:18 PM Visitor Yes (65) index 98.77.132.236 Viewing Home Page
08-12-2009, 04:12 PM Visitor Yes (41) index 98.77.133.98 Viewing Home Page
08-12-2009, 04:10 PM Visitor Yes (32) index 98.77.119.143 Viewing Home Page
08-12-2009, 04:08 PM Visitor Yes (49) index 98.77.95.221 Viewing Home Page
08-12-2009, 04:01 PM Visitor Yes (39) index 98.77.130.8 Viewing Home Page
08-12-2009, 03:55 PM Visitor Yes (92) index 98.77.124.112 Viewing Home Page
08-12-2009, 03:47 PM Visitor Yes (61) index 98.77.95.250 Viewing Home Page'
08-12-2009, 03:39 PM Visitor Yes (32) index 98.77.120.17 Viewing Home Page
08-12-2009, 03:37 PM Visitor Yes (30) index 98.64.90.18 Viewing Home Page
08-12-2009, 03:35 PM Visitor Yes (32) index 74.233.233.167 Viewing Home Page
08-12-2009, 03:32 PM Visitor Yes (64) index 98.77.120.28 Viewing Home Page
08-12-2009, 03:30 PM Visitor Yes (54) index 98.77.129.156 Viewing Home Page
08-12-2009, 03:27 PM Visitor Yes (36) index 98.77.95.135 Viewing Home Page
08-12-2009, 03:25 PM Visitor Yes (37) index 98.77.100.242 Viewing Home Page
08-12-2009, 03:23 PM Visitor Yes (32) index 98.77.127.26 Viewing Home Page
08-12-2009, 03:22 PM Visitor Yes (32) index 98.77.122.195 Viewing Home Page
08-12-2009, 03:19 PM Visitor Yes (52) index 74.233.214.164 Viewing Home Page
08-12-2009, 03:16 PM Visitor Yes (32) index 98.77.102.50 Viewing Home Page
08-12-2009, 03:14 PM Visitor Yes (32) index 98.77.126.195 Viewing Home Page
08-12-2009, 03:11 PM Visitor Yes (81) index 74.233.214.204 Viewing Home Page
08-12-2009, 03:07 PM Visitor Yes (49) index 98.77.125.237 Viewing Home Page
08-12-2009, 03:02 PM Visitor Yes (32) index 98.77.97.6 Viewing Home Page
08-12-2009, 02:55 PM Visitor Yes (39) index 98.77.99.197 Viewing Home Page
08-12-2009, 02:51 PM Visitor Yes (10) index 98.77.119.155 Viewing Home Page

As you can see, they are either from; If you are willing to block the IPs, use the below layout as it will stop all the IPs ddossing;
98.77.
74.233.
98.64.
65.8
194.204

Doing it this way will range them.

When experiencing a ddos attack, I suggest you check IPs, if they are similar to this, then block them using .htcaccess for a few days.

I have managed to stop it for the mean time, and will unblock them in a few days.
Reply With Quote
  #7  
Old 08-13-2009, 07:31 PM
Alex LD Alex LD is offline
 
Join Date: Aug 2008
Location: Iowa
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What type of server do you have? Dedicated VPS, or are you a Shared Web Hosting? Assuming you've gotten all the IP's you must be on Dedicated or VPS. I suggest installing CSF or APF firewall. They are Iptable scripts that can stop/block IP addresses. If you have the the money (and your data-center offers it) you can always setup a hardware firewall such as a Cisco Guard to help filter legitimate traffic.

Good Luck man!
Reply With Quote
  #8  
Old 08-14-2009, 01:17 AM
motowebmaster motowebmaster is offline
 
Join Date: Feb 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It isn't unusual for a busy site to be accessed by a group of machines looking for links, or email addresses to scrape. If it bothers you, there are some firewall options that will dynamically block IPs that reach a particular number of connections and then release them when activity subsides - but you may be blocking legitimate users or search engine spiders by doing so. It's a feature best used for real-time databases of hacked networks or blacklisted IP addresses.

An actual DDOS would flood server's network interface. If the target was actually your site you would see hundreds of connections (if any). The last time I was attacked vbulletin was showing only a few users, but my webserver had queued hundreds of instances.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:48 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04611 seconds
  • Memory Usage 2,235KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete