ddos attacked on my forum any solution?

Kirby

Well-known member
Every forum software will leak IP addresses if you just use SMTP to send mail - this is not something unique to XenForo, it's a fundamental part of how SMTP works.
As well as every software will leak IP addresses if it does access external resources (like things like fetching images, fetching web page previews or meta data, etc.) without using a VPN or Proxy.
 

questlot

Active member
Every forum software will leak IP addresses if you just use SMTP to send mail - this is not something unique to XenForo, it's a fundamental part of how SMTP works.
Thanks for the opinion. Aside IP address getting leaked via email is there any means IP can get leaked? Because someone told me about IP getting leak on images.
 

questlot

Active member
As well as every software will leak IP addresses if it does access external resources (like things like fetching images, fetching web page previews or meta data, etc.) without using a VPN or Proxy.
Does that mean if I use myforum@gmail.com to send email IP of the forum won’t get leak again through other means?
 

questlot

Active member

eva2000

Well-known member
@eva2000 Please tell me the step to hide ip address on image and link proxy?
Best to read XF 1.5 - Untrusted Http Client | Page 3 | XenForo community. You’d need to get a separate second server i.e. VPS - I usually go with VPS provider with DDOS protection support and install on that second VPS a forward HTTP proxy like tinyproxy or 3proxy and configure them. Then update Xenforo config to point to that configured 2nd server’s IP in proxy setting as outlined in Xenforo thread link.
 

motowebmaster

Well-known member
Try setting your firewall to allow your IP, and remove (or block) all ports - which would block everyone else but you. If you installed CSF as previously suggested, it can support this.

Then look at your firewall logs, and your site performance. If your VPS resources aren't over-utilized and your site is still sluggish, then I'd check to see if your website files are correct. If your site performance returns to normal, then consider sharing what your're seeing in your firewall logs with your hosting provider or someone here you trust.

Most of the DDOS attacks I've experienced were done at assets in front of my site, meaning my CPU would be very low but the site was non-responsive. Usually an attack on a front-end proxy (as eva2000 suggested) or firewall. When I blocked everyone in that scenario, it didn't yield any difference, my site was still non-responsive and CPU was still low. One event happened when I was hosting with Softlayer (the original company) and in those days they had to move me to a temporary DDOS solution and left me there for 48 hours for the attack to subside. Today several hosting providers provide real-time DDOS protection, which others have suggested in this thread, and has helped me.

The one INTRUSION I experienced changed files on my site, before I was using XF, resulted in a nearly non-responsive site and high server utilization. In that scenario, it wasn't a DDOS, the attackers used a vulnerability to write files and database records. When I blocked everyone but myself, I could access my site but the server was still at high utilization, I knew to look interally. Eventually found the changed files, and the added database records, but chose to dump all files and database and restore them both from the previous day's backup - didn't trust the 12 Hour backup. The attackers used an automated script to give them an admin account, that I couldn't see in the admin interface, but could remediate after restoring the backup. The site ran clean for two years afterward, until I migrated to a new forum software platform.

I don't use Cloudflare on my XF site, but you should consider sticking with it:
  • Cloudflare - I'd setup with a free version at first so that you can get it working properly, then upgrade it to paid the options suggested in this thread.
  • Hosting Provider's Firewall - Open only the ports you need, allow only from your IP and Cloudflare, preferably a provider that offers DDOS Protection.
  • Firewall on your VPS - Run CSF to automatically track/block bad actors and invalid useragents, allow only from your IP and Cloudflare however your hosting provider's network is setup. If one looks at the robots listed on my XF Members/Visitors page, you would see moderately-reputable agents like Google Adsense, Bing, Google, Amazon, and etc. As of this posting there are 99 bad useragents being blocked for a week from particular countries, hacked servers, hacked PCs, and other servers within my own hosting company's data center.
Hope this helps,
 
Top