ddos attacked on my forum any solution?

questlot

Member
I got ddos attacked on my shared hosting and my website was taking down by Namecheap and they recommended i move to another hosting service or upgrade to a VPS plan which i did and after few hours the ddos attack begin again and namecheap support have not been able to provide any tangible solution to get the problem resolve. I have been on this issue for more than 48 hours. I have also subscribed to Cloudflare pro to see how cloudefare can block the attack. I suspect most of the attack is coming from Get, Connect, Post. Though i have little knowledge about such,

Please can anyone suggest or recommend the best solution to stop the ddos attack?

34444.PNG
34444.PNG
 

questlot

Member
Thanks for your response. My host wasn't really that helpful I had to move to another hosting company.
 

Starbucks

Active member
Thanks for your response. My host wasn't really that helpful I had to move to another hosting company.
I am not sure about your budget but I have a managed VPS at LiquidWeb. Their support is incredible, just in case if you're looking for something to switch to! :)
 

questlot

Member
thanks a lot, I have switched to knownhost. I used them 8 years ago and their support was incredible i decided to give them a try again and they were helpful.
 

questlot

Member
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
 

Starbucks

Active member
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
Have you tried to contact CloudFlare Support?
Their support is pretty good, especially if you tell them you have used the under attack mode and that their feature doesn't work at all.
 

eva2000

Well-known member
I migrated to Knowmhost and used cloudflare namesaver after a week my forum is still DDoS attack. I have gotten over 60 million requests hitting my VPS server. Cloudflare under attack mode couldn't help. I was gotting hit from China and vblock china country after few minute starting getting Ddos from US. After changing hosting company i wonder how my ip must have been gotten to be DDOS. Emails sent or received in via domain doesn't display my server IP.

Please whats the best way to permanlty stop this DDOS attack? the attack is being going for over 7 hours.
Might want to ask on Cloudflare community forums too https://community.cloudflare.com/ :)
 

Mr. Jinx

Well-known member
Block all firewall ports and only allow your own IP + cloudflare IP's.
 

questlot

Member
I guess the website will just be accessible to me only if I block all up and certainly the DDOS attack may return. I suspect a competitor hitting on the forum.
 

Mr. Jinx

Well-known member
No, ofcourse your should also allow the clouflare IP's which I mentioned. This will prevent the DDOS directly to your server's IP.
The website will then still be accessable for everyone through Cloudflare's proxy, with under attck mode, which should handle the DDOS.
 
Last edited:

Kirby

Well-known member
This will prevent the DDOS directly to your server's IP.
Erm ... not necessarily. As long as the target IP address is known an attacker could still mount a DDoS against it for example via UDP flood. Firewall rules on the target would not prevent connection bandwidth from being exhausted if the attacker can mount up enough traffic.
 

eva2000

Well-known member
Xenforo’s image and link proxy Options - XenForo 2 Manual can reveal your server real IP by default unless you configure a separate server forward HTTP proxy and set it in Xenforo config file $config['http']['proxy'] Config.php options - XenForo 2 Manual

HTTP client settings​

These settings control the behavior of the internal XenForo HTTP client, which is used to fetch resources from across the internet, such as images and web pages when using the Image and link proxy.
  • $config['http']['sslVerify'] = null ;
  • $config['http']['proxy'] = null ;
The sslVerify setting will force the system the verify the SSL certificate of any sites it visits using the SSL/HTTPS when requesting resources. Setting this value to true can be of benefit in some circumstances, but there are a number of ways that SSL certificate verification can fail, resulting in an inability to fetch the resource requested. If in doubt, leave this setting alone.
If you want the internal XenForo HTTP client to perform its requests through a proxy, enter the proxy server’s address in the proxy setting.
That’s what I do for my Xenforo forums. You can see discussion at XF 1.5 - Untrusted Http Client | Page 3 | XenForo community
 

questlot

Member
Xenforo’s image and link proxy Options - XenForo 2 Manual can reveal your server real IP by default unless you configure a separate server forward HTTP proxy and set it in Xenforo config file $config['http']['proxy'] Config.php options - XenForo 2 Manual


That’s what I do for my Xenforo forums. You can see discussion at XF 1.5 - Untrusted Http Client | Page 3 | XenForo community
I was using the default Xenforo email transport setup in admin panel, I had to change it to SMTP. Will it also prevent the IP being leaked?
 

eva2000

Well-known member
I was using the default Xenforo email transport setup in admin panel, I had to change it to SMTP. Will it also prevent the IP being leaked?
nope unless SMTP server is configured to remove IPs which most do not - only Amazon SES 3rd party SMTP is configured to do that by default and that's why I use Amazon SES SMTP for all outbound emails from server/forums.
 

questlot

Member
nope unless SMTP server is configured to remove IPs which most do not - only Amazon SES 3rd party SMTP is configured to do that by default and that's why I use Amazon SES SMTP for all outbound emails from server/forums.
Please help me with the step by step process to get it setup, am lost here.
 
Top