ddos attacked on my forum any solution?

questlot

questlot

Active member
I got ddos attacked on my shared hosting and my website was taking down by Namecheap and they recommended i move to another hosting service or upgrade to a VPS plan which i did and after few hours the ddos attack begin again and namecheap support have not been able to provide any tangible solution to get the problem resolve. I have been on this issue for more than 48 hours. I have also subscribed to Cloudflare pro to see how cloudefare can block the attack. I suspect most of the attack is coming from Get, Connect, Post. Though i have little knowledge about such,

Please can anyone suggest or recommend the best solution to stop the ddos attack?

34444.webp
34444.webp
 
Thanks for your response. My host wasn't really that helpful I had to move to another hosting company.
 
questlot said:
Thanks for your response. My host wasn't really that helpful I had to move to another hosting company.
Click to expand...
I am not sure about your budget but I have a managed VPS at LiquidWeb. Their support is incredible, just in case if you're looking for something to switch to! :)
 
thanks a lot, I have switched to knownhost. I used them 8 years ago and their support was incredible i decided to give them a try again and they were helpful.
 
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
 
questlot said:
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
Click to expand...
Have you tried to contact CloudFlare Support?
Their support is pretty good, especially if you tell them you have used the under attack mode and that their feature doesn't work at all.
 
questlot said:
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
Click to expand...
Might want to ask on Cloudflare community forums too https://community.cloudflare.com/ :)
 
Block all firewall ports and only allow your own IP + cloudflare IP's.
www.cloudflare.com

IP Ranges

This page is intended to be the definitive source of Cloudflare’s current IP ranges.
www.cloudflare.com www.cloudflare.com
 
I guess the website will just be accessible to me only if I block all up and certainly the DDOS attack may return. I suspect a competitor hitting on the forum.
 
No, ofcourse your should also allow the clouflare IP's which I mentioned. This will prevent the DDOS directly to your server's IP.
The website will then still be accessable for everyone through Cloudflare's proxy, with under attck mode, which should handle the DDOS.
 
Last edited:
Mr. Jinx said:
This will prevent the DDOS directly to your server's IP.
Click to expand...
Erm ... not necessarily. As long as the target IP address is known an attacker could still mount a DDoS against it for example via UDP flood. Firewall rules on the target would not prevent connection bandwidth from being exhausted if the attacker can mount up enough traffic.
 
Xenforo’s image and link proxy Options - XenForo 2 Manual can reveal your server real IP by default unless you configure a separate server forward HTTP proxy and set it in Xenforo config file $config['http']['proxy'] Config.php options - XenForo 2 Manual

HTTP client settings​

These settings control the behavior of the internal XenForo HTTP client, which is used to fetch resources from across the internet, such as images and web pages when using the Image and link proxy.
  • $config['http']['sslVerify'] = null ;
  • $config['http']['proxy'] = null ;
The sslVerify setting will force the system the verify the SSL certificate of any sites it visits using the SSL/HTTPS when requesting resources. Setting this value to true can be of benefit in some circumstances, but there are a number of ways that SSL certificate verification can fail, resulting in an inability to fetch the resource requested. If in doubt, leave this setting alone.
If you want the internal XenForo HTTP client to perform its requests through a proxy, enter the proxy server’s address in the proxy setting.
Click to expand...
That’s what I do for my Xenforo forums. You can see discussion at XF 1.5 - Untrusted Http Client | Page 3 | XenForo community
 
eva2000 said:
Xenforo’s image and link proxy Options - XenForo 2 Manual can reveal your server real IP by default unless you configure a separate server forward HTTP proxy and set it in Xenforo config file $config['http']['proxy'] Config.php options - XenForo 2 Manual


That’s what I do for my Xenforo forums. You can see discussion at XF 1.5 - Untrusted Http Client | Page 3 | XenForo community
Click to expand...
I was using the default Xenforo email transport setup in admin panel, I had to change it to SMTP. Will it also prevent the IP being leaked?
 
questlot said:
I was using the default Xenforo email transport setup in admin panel, I had to change it to SMTP. Will it also prevent the IP being leaked?
Click to expand...
nope unless SMTP server is configured to remove IPs which most do not - only Amazon SES 3rd party SMTP is configured to do that by default and that's why I use Amazon SES SMTP for all outbound emails from server/forums.
 
eva2000 said:
nope unless SMTP server is configured to remove IPs which most do not - only Amazon SES 3rd party SMTP is configured to do that by default and that's why I use Amazon SES SMTP for all outbound emails from server/forums.
Click to expand...
Please help me with the step by step process to get it setup, am lost here.
 
You must log in or register to reply here.

Similar threads

Mark87
  • Question Question
After a DDos attack
Replies
8
Views
858
Jake B.
Jake B.
MySiteGuy
Xenforo Proxy Service
Replies
15
Views
3K
MySiteGuy
MySiteGuy
questlot
  • Question Question
XF 2.2 Does Convert URLs to page titles expose IP?
Replies
17
Views
1K
JoyFreak
JoyFreak
Dixie McCall
First signs of a DDOS attack.
Replies
11
Views
1K
RichDevman
RichDevman
USY
How to prevent XenForo against DDoS attacks
Replies
4
Views
2K
Ntown
N
Back
Top Bottom